./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2986733416 <...> EXT4-fs (loop0): 1 truncate cleaned up [ 554.491517][ T9516] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9518] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9518] close(3) = 0 [pid 9518] close(4) = 0 [pid 9518] mkdir("./file0", 0777) = 0 [pid 9518] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9518] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9518] chdir("./file0") = 0 [pid 9518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9518] ioctl(4, LOOP_CLR_FD) = 0 [pid 9518] close(4) = 0 [pid 9518] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9518] truncate("./file2", 0) = 0 [pid 9518] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9518] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9518] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9518, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4314", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4314", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4314/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4314/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4314/binderfs") = 0 umount2("./4314/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4314/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4314/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4314/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4314/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4314/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4314") = 0 mkdir("./4315", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9520 ./strace-static-x86_64: Process 9520 attached [pid 9520] set_robust_list(0x55558abad660, 24) = 0 [pid 9520] chdir("./4315") = 0 [pid 9520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9520] setpgid(0, 0) = 0 [pid 9520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9520] write(3, "1000", 4) = 4 [pid 9520] close(3) = 0 [pid 9520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9520] write(1, "executing program\n", 18) = 18 [pid 9520] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9520] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9520] memfd_create("syzkaller", 0) = 3 [pid 9520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9520] munmap(0x7ff698483000, 138412032) = 0 [pid 9520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 554.521609][ T9518] loop0: detected capacity change from 0 to 512 [ 554.529337][ T9518] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 554.539819][ T9518] EXT4-fs (loop0): 1 truncate cleaned up [ 554.546740][ T9518] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9520] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9520] close(3) = 0 [pid 9520] close(4) = 0 [pid 9520] mkdir("./file0", 0777) = 0 [pid 9520] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9520] chdir("./file0") = 0 [pid 9520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9520] ioctl(4, LOOP_CLR_FD) = 0 [pid 9520] close(4) = 0 [pid 9520] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9520] truncate("./file2", 0) = 0 [pid 9520] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9520] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9520] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9520, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4315", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4315", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4315/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4315/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4315/binderfs") = 0 umount2("./4315/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4315/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4315/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4315/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4315/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4315/file0"executing program ) = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4315") = 0 mkdir("./4316", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9522 ./strace-static-x86_64: Process 9522 attached [pid 9522] set_robust_list(0x55558abad660, 24) = 0 [pid 9522] chdir("./4316") = 0 [pid 9522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9522] setpgid(0, 0) = 0 [pid 9522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9522] write(3, "1000", 4) = 4 [pid 9522] close(3) = 0 [pid 9522] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9522] write(1, "executing program\n", 18) = 18 [pid 9522] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9522] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9522] memfd_create("syzkaller", 0) = 3 [pid 9522] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9522] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9522] munmap(0x7ff698483000, 138412032) = 0 [pid 9522] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 554.586184][ T9520] loop0: detected capacity change from 0 to 512 [ 554.593479][ T9520] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 554.604126][ T9520] EXT4-fs (loop0): 1 truncate cleaned up [ 554.611679][ T9520] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9522] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9522] close(3) = 0 [pid 9522] close(4) = 0 [pid 9522] mkdir("./file0", 0777) = 0 [pid 9522] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9522] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9522] chdir("./file0") = 0 [pid 9522] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9522] ioctl(4, LOOP_CLR_FD) = 0 [pid 9522] close(4) = 0 [pid 9522] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9522] truncate("./file2", 0) = 0 [pid 9522] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9522] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9522] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9522, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4316", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4316", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4316/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4316/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4316/binderfs") = 0 umount2("./4316/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4316/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4316/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4316/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4316/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4316/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4316") = 0 mkdir("./4317", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9524 ./strace-static-x86_64: Process 9524 attached [pid 9524] set_robust_list(0x55558abad660, 24) = 0 [pid 9524] chdir("./4317") = 0 [pid 9524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9524] setpgid(0, 0) = 0 [pid 9524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9524] write(3, "1000", 4) = 4 [pid 9524] close(3) = 0 [pid 9524] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9524] write(1, "executing program\n", 18) = 18 [pid 9524] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9524] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9524] memfd_create("syzkaller", 0) = 3 [pid 9524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9524] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9524] munmap(0x7ff698483000, 138412032) = 0 [pid 9524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 554.647434][ T9522] loop0: detected capacity change from 0 to 512 [ 554.654538][ T9522] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 554.665144][ T9522] EXT4-fs (loop0): 1 truncate cleaned up [ 554.671809][ T9522] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9524] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9524] close(3) = 0 [pid 9524] close(4) = 0 [pid 9524] mkdir("./file0", 0777) = 0 [pid 9524] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9524] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9524] chdir("./file0") = 0 [pid 9524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9524] ioctl(4, LOOP_CLR_FD) = 0 [pid 9524] close(4) = 0 [pid 9524] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9524] truncate("./file2", 0) = 0 [pid 9524] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9524] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9524] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9524, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4317", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4317", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4317/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4317/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4317/binderfs") = 0 umount2("./4317/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4317/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4317/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4317/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4317/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4317/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4317") = 0 mkdir("./4318", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9526 ./strace-static-x86_64: Process 9526 attached [pid 9526] set_robust_list(0x55558abad660, 24) = 0 [pid 9526] chdir("./4318") = 0 [pid 9526] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9526] setpgid(0, 0) = 0 [pid 9526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9526] write(3, "1000", 4) = 4 [pid 9526] close(3) = 0 [pid 9526] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9526] write(1, "executing program\n", 18) = 18 [pid 9526] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9526] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9526] memfd_create("syzkaller", 0) = 3 [pid 9526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9526] munmap(0x7ff698483000, 138412032) = 0 [pid 9526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 554.702356][ T9524] loop0: detected capacity change from 0 to 512 [ 554.709755][ T9524] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 554.720492][ T9524] EXT4-fs (loop0): 1 truncate cleaned up [ 554.728170][ T9524] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9526] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9526] close(3) = 0 [pid 9526] close(4) = 0 [pid 9526] mkdir("./file0", 0777) = 0 [pid 9526] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9526] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9526] chdir("./file0") = 0 [pid 9526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9526] ioctl(4, LOOP_CLR_FD) = 0 [pid 9526] close(4) = 0 [pid 9526] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9526] truncate("./file2", 0) = 0 [pid 9526] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9526] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9526] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9526, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4318", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4318", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4318/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4318/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4318/binderfs") = 0 umount2("./4318/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4318/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4318/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4318/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4318/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4318/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4318") = 0 mkdir("./4319", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9528 ./strace-static-x86_64: Process 9528 attached [pid 9528] set_robust_list(0x55558abad660, 24) = 0 [pid 9528] chdir("./4319") = 0 [pid 9528] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9528] setpgid(0, 0) = 0 [pid 9528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9528] write(3, "1000", 4) = 4 [pid 9528] close(3) = 0 [pid 9528] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9528] write(1, "executing program\n", 18) = 18 [pid 9528] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9528] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9528] memfd_create("syzkaller", 0) = 3 [pid 9528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9528] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9528] munmap(0x7ff698483000, 138412032) = 0 [pid 9528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 554.764303][ T9526] loop0: detected capacity change from 0 to 512 [ 554.771705][ T9526] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 554.782317][ T9526] EXT4-fs (loop0): 1 truncate cleaned up [ 554.789286][ T9526] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9528] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9528] close(3) = 0 [pid 9528] close(4) = 0 [pid 9528] mkdir("./file0", 0777) = 0 [pid 9528] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9528] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9528] chdir("./file0") = 0 [pid 9528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9528] ioctl(4, LOOP_CLR_FD) = 0 [pid 9528] close(4) = 0 [pid 9528] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9528] truncate("./file2", 0) = 0 [pid 9528] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9528] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9528] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9528, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4319", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4319", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4319/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4319/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4319/binderfs") = 0 umount2("./4319/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4319/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4319/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4319/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4319/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4319/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4319") = 0 mkdir("./4320", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9530 ./strace-static-x86_64: Process 9530 attached [pid 9530] set_robust_list(0x55558abad660, 24) = 0 [pid 9530] chdir("./4320") = 0 [pid 9530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9530] setpgid(0, 0) = 0 [pid 9530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 9530] write(3, "1000", 4) = 4 [pid 9530] close(3) = 0 [pid 9530] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9530] write(1, "executing program\n", 18) = 18 [pid 9530] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9530] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9530] memfd_create("syzkaller", 0) = 3 [pid 9530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9530] munmap(0x7ff698483000, 138412032) = 0 [pid 9530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 554.816298][ T9528] loop0: detected capacity change from 0 to 512 [ 554.823449][ T9528] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 554.834036][ T9528] EXT4-fs (loop0): 1 truncate cleaned up [ 554.842977][ T9528] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9530] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9530] close(3) = 0 [pid 9530] close(4) = 0 [pid 9530] mkdir("./file0", 0777) = 0 [pid 9530] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9530] chdir("./file0") = 0 [pid 9530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9530] ioctl(4, LOOP_CLR_FD) = 0 [pid 9530] close(4) = 0 [pid 9530] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9530] truncate("./file2", 0) = 0 [pid 9530] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9530] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9530] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9530, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4320", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4320", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4320/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4320/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4320/binderfs") = 0 umount2("./4320/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4320/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4320/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4320/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4320/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4320/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4320") = 0 mkdir("./4321", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9532 ./strace-static-x86_64: Process 9532 attached [pid 9532] set_robust_list(0x55558abad660, 24) = 0 [pid 9532] chdir("./4321") = 0 [pid 9532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9532] setpgid(0, 0) = 0 [pid 9532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9532] write(3, "1000", 4) = 4 [pid 9532] close(3) = 0 [pid 9532] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9532] write(1, "executing program\n", 18executing program ) = 18 [pid 9532] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9532] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9532] memfd_create("syzkaller", 0) = 3 [pid 9532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9532] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9532] munmap(0x7ff698483000, 138412032) = 0 [pid 9532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 554.876822][ T9530] loop0: detected capacity change from 0 to 512 [ 554.884018][ T9530] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 554.894572][ T9530] EXT4-fs (loop0): 1 truncate cleaned up [ 554.901307][ T9530] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9532] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9532] close(3) = 0 [pid 9532] close(4) = 0 [pid 9532] mkdir("./file0", 0777) = 0 [pid 9532] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9532] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9532] chdir("./file0") = 0 [pid 9532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9532] ioctl(4, LOOP_CLR_FD) = 0 [pid 9532] close(4) = 0 [pid 9532] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9532] truncate("./file2", 0) = 0 [pid 9532] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9532] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9532] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9532, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4321", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4321", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4321/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4321/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4321/binderfs") = 0 umount2("./4321/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4321/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4321/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4321/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4321/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4321/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4321") = 0 mkdir("./4322", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9534 ./strace-static-x86_64: Process 9534 attached [pid 9534] set_robust_list(0x55558abad660, 24) = 0 [pid 9534] chdir("./4322") = 0 [pid 9534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9534] setpgid(0, 0) = 0 [pid 9534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9534] write(3, "1000", 4) = 4 [pid 9534] close(3) = 0 [pid 9534] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9534] write(1, "executing program\n", 18executing program ) = 18 [pid 9534] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9534] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9534] memfd_create("syzkaller", 0) = 3 [pid 9534] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9534] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9534] munmap(0x7ff698483000, 138412032) = 0 [pid 9534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 554.941638][ T9532] loop0: detected capacity change from 0 to 512 [ 554.949295][ T9532] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 554.959748][ T9532] EXT4-fs (loop0): 1 truncate cleaned up [ 554.966891][ T9532] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9534] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9534] close(3) = 0 [pid 9534] close(4) = 0 [pid 9534] mkdir("./file0", 0777) = 0 [pid 9534] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9534] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9534] chdir("./file0") = 0 [pid 9534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9534] ioctl(4, LOOP_CLR_FD) = 0 [pid 9534] close(4) = 0 [pid 9534] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9534] truncate("./file2", 0) = 0 [pid 9534] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9534] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9534] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9534, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4322", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4322", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4322/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4322/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4322/binderfs") = 0 umount2("./4322/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4322/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4322/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4322/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4322/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4322/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4322") = 0 mkdir("./4323", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9536 ./strace-static-x86_64: Process 9536 attached [pid 9536] set_robust_list(0x55558abad660, 24) = 0 [pid 9536] chdir("./4323") = 0 [pid 9536] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9536] setpgid(0, 0) = 0 [pid 9536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9536] write(3, "1000", 4) = 4 [pid 9536] close(3) = 0 [pid 9536] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9536] write(1, "executing program\n", 18executing program ) = 18 [pid 9536] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9536] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9536] memfd_create("syzkaller", 0) = 3 [pid 9536] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9536] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9536] munmap(0x7ff698483000, 138412032) = 0 [pid 9536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 555.005929][ T9534] loop0: detected capacity change from 0 to 512 [ 555.013492][ T9534] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 555.023967][ T9534] EXT4-fs (loop0): 1 truncate cleaned up [ 555.031327][ T9534] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9536] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9536] close(3) = 0 [pid 9536] close(4) = 0 [pid 9536] mkdir("./file0", 0777) = 0 [pid 9536] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9536] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9536] chdir("./file0") = 0 [pid 9536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9536] ioctl(4, LOOP_CLR_FD) = 0 [pid 9536] close(4) = 0 [pid 9536] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9536] truncate("./file2", 0) = 0 [pid 9536] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9536] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9536] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9536, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4323", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4323", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4323/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4323/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4323/binderfs") = 0 umount2("./4323/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4323/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4323/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4323/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4323/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4323/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4323") = 0 mkdir("./4324", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9538 ./strace-static-x86_64: Process 9538 attached [pid 9538] set_robust_list(0x55558abad660, 24) = 0 [pid 9538] chdir("./4324") = 0 [pid 9538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9538] setpgid(0, 0) = 0 [pid 9538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9538] write(3, "1000", 4) = 4 [pid 9538] close(3) = 0 [pid 9538] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9538] write(1, "executing program\n", 18) = 18 [pid 9538] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9538] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9538] memfd_create("syzkaller", 0) = 3 [pid 9538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9538] munmap(0x7ff698483000, 138412032) = 0 [pid 9538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 555.073027][ T9536] loop0: detected capacity change from 0 to 512 [ 555.080292][ T9536] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 555.090835][ T9536] EXT4-fs (loop0): 1 truncate cleaned up [ 555.097977][ T9536] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9538] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9538] close(3) = 0 [pid 9538] close(4) = 0 [pid 9538] mkdir("./file0", 0777) = 0 [pid 9538] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9538] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9538] chdir("./file0") = 0 [pid 9538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9538] ioctl(4, LOOP_CLR_FD) = 0 [pid 9538] close(4) = 0 [pid 9538] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9538] truncate("./file2", 0) = 0 [pid 9538] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9538] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9538] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9538, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4324", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4324", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4324/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4324/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4324/binderfs") = 0 umount2("./4324/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4324/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4324/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4324/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4324/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4324/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4324") = 0 mkdir("./4325", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9541 ./strace-static-x86_64: Process 9541 attached [pid 9541] set_robust_list(0x55558abad660, 24) = 0 [pid 9541] chdir("./4325") = 0 [pid 9541] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9541] setpgid(0, 0) = 0 [pid 9541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9541] write(3, "1000", 4) = 4 [pid 9541] close(3) = 0 [pid 9541] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9541] write(1, "executing program\n", 18) = 18 [pid 9541] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9541] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9541] memfd_create("syzkaller", 0) = 3 [pid 9541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9541] munmap(0x7ff698483000, 138412032) = 0 [pid 9541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 555.129069][ T9538] loop0: detected capacity change from 0 to 512 [ 555.136425][ T9538] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 555.147446][ T9538] EXT4-fs (loop0): 1 truncate cleaned up [ 555.154914][ T9538] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9541] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9541] close(3) = 0 [pid 9541] close(4) = 0 [pid 9541] mkdir("./file0", 0777) = 0 [pid 9541] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9541] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9541] chdir("./file0") = 0 [pid 9541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9541] ioctl(4, LOOP_CLR_FD) = 0 [pid 9541] close(4) = 0 [pid 9541] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9541] truncate("./file2", 0) = 0 [pid 9541] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9541] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9541] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9541, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4325", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4325", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4325/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4325/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4325/binderfs") = 0 umount2("./4325/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4325/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4325/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4325/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4325/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4325/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4325") = 0 mkdir("./4326", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9543 ./strace-static-x86_64: Process 9543 attached [pid 9543] set_robust_list(0x55558abad660, 24) = 0 [pid 9543] chdir("./4326") = 0 [pid 9543] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9543] setpgid(0, 0) = 0 [pid 9543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9543] write(3, "1000", 4) = 4 [pid 9543] close(3) = 0 [pid 9543] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9543] write(1, "executing program\n", 18executing program ) = 18 [pid 9543] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9543] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9543] memfd_create("syzkaller", 0) = 3 [pid 9543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9543] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9543] munmap(0x7ff698483000, 138412032) = 0 [pid 9543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 555.189583][ T9541] loop0: detected capacity change from 0 to 512 [ 555.196971][ T9541] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 555.207539][ T9541] EXT4-fs (loop0): 1 truncate cleaned up [ 555.214502][ T9541] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9543] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9543] close(3) = 0 [pid 9543] close(4) = 0 [pid 9543] mkdir("./file0", 0777) = 0 [pid 9543] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9543] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9543] chdir("./file0") = 0 [pid 9543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9543] ioctl(4, LOOP_CLR_FD) = 0 [pid 9543] close(4) = 0 [pid 9543] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9543] truncate("./file2", 0) = 0 [pid 9543] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9543] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9543] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9543, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4326", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4326", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4326/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4326/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4326/binderfs") = 0 umount2("./4326/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4326/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4326/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4326/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4326/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4326/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4326") = 0 mkdir("./4327", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9545 ./strace-static-x86_64: Process 9545 attached [pid 9545] set_robust_list(0x55558abad660, 24) = 0 executing program [pid 9545] chdir("./4327") = 0 [pid 9545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9545] setpgid(0, 0) = 0 [pid 9545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9545] write(3, "1000", 4) = 4 [pid 9545] close(3) = 0 [pid 9545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9545] write(1, "executing program\n", 18) = 18 [pid 9545] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9545] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9545] memfd_create("syzkaller", 0) = 3 [pid 9545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9545] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9545] munmap(0x7ff698483000, 138412032) = 0 [pid 9545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 555.246190][ T9543] loop0: detected capacity change from 0 to 512 [ 555.253731][ T9543] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 555.264360][ T9543] EXT4-fs (loop0): 1 truncate cleaned up [ 555.271264][ T9543] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9545] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9545] close(3) = 0 [pid 9545] close(4) = 0 [pid 9545] mkdir("./file0", 0777) = 0 [pid 9545] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9545] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9545] chdir("./file0") = 0 [pid 9545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9545] ioctl(4, LOOP_CLR_FD) = 0 [pid 9545] close(4) = 0 [pid 9545] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9545] truncate("./file2", 0) = 0 [pid 9545] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9545] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9545] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9545, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4327", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4327", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4327/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4327/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4327/binderfs") = 0 umount2("./4327/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4327/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4327/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4327/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4327/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4327/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4327") = 0 mkdir("./4328", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9547 ./strace-static-x86_64: Process 9547 attached [pid 9547] set_robust_list(0x55558abad660, 24) = 0 [pid 9547] chdir("./4328") = 0 [pid 9547] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9547] setpgid(0, 0) = 0 [pid 9547] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9547] write(3, "1000", 4) = 4 [pid 9547] close(3) = 0 [pid 9547] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9547] write(1, "executing program\n", 18) = 18 [pid 9547] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9547] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9547] memfd_create("syzkaller", 0) = 3 [pid 9547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9547] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9547] munmap(0x7ff698483000, 138412032) = 0 [pid 9547] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 555.307330][ T9545] loop0: detected capacity change from 0 to 512 [ 555.314626][ T9545] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 555.325262][ T9545] EXT4-fs (loop0): 1 truncate cleaned up [ 555.333289][ T9545] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9547] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9547] close(3) = 0 [pid 9547] close(4) = 0 [pid 9547] mkdir("./file0", 0777) = 0 [pid 9547] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9547] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9547] chdir("./file0") = 0 [pid 9547] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9547] ioctl(4, LOOP_CLR_FD) = 0 [pid 9547] close(4) = 0 [pid 9547] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9547] truncate("./file2", 0) = 0 [pid 9547] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9547] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9547] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9547, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4328", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4328", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4328/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4328/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4328/binderfs") = 0 umount2("./4328/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4328/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4328/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4328/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4328/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4328/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4328") = 0 mkdir("./4329", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9549 ./strace-static-x86_64: Process 9549 attached [pid 9549] set_robust_list(0x55558abad660, 24) = 0 [pid 9549] chdir("./4329") = 0 [pid 9549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9549] setpgid(0, 0) = 0 [pid 9549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9549] write(3, "1000", 4) = 4 [pid 9549] close(3) = 0 [pid 9549] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9549] write(1, "executing program\n", 18) = 18 [pid 9549] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9549] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9549] memfd_create("syzkaller", 0) = 3 [pid 9549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9549] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9549] munmap(0x7ff698483000, 138412032) = 0 [pid 9549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 555.372188][ T9547] loop0: detected capacity change from 0 to 512 [ 555.379888][ T9547] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 555.390414][ T9547] EXT4-fs (loop0): 1 truncate cleaned up [ 555.397672][ T9547] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9549] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9549] close(3) = 0 [pid 9549] close(4) = 0 [pid 9549] mkdir("./file0", 0777) = 0 [pid 9549] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9549] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9549] chdir("./file0") = 0 [pid 9549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9549] ioctl(4, LOOP_CLR_FD) = 0 [pid 9549] close(4) = 0 [pid 9549] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9549] truncate("./file2", 0) = 0 [pid 9549] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9549] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9549] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9549, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4329", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4329", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4329/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4329/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4329/binderfs") = 0 umount2("./4329/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4329/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4329/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4329/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4329/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4329/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4329") = 0 mkdir("./4330", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9551 ./strace-static-x86_64: Process 9551 attached [pid 9551] set_robust_list(0x55558abad660, 24) = 0 [pid 9551] chdir("./4330") = 0 [pid 9551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9551] setpgid(0, 0) = 0 [pid 9551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9551] write(3, "1000", 4) = 4 [pid 9551] close(3) = 0 [pid 9551] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9551] write(1, "executing program\n", 18) = 18 [pid 9551] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9551] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9551] memfd_create("syzkaller", 0) = 3 [pid 9551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9551] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9551] munmap(0x7ff698483000, 138412032) = 0 [pid 9551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 555.441157][ T9549] loop0: detected capacity change from 0 to 512 [ 555.448680][ T9549] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 555.459724][ T9549] EXT4-fs (loop0): 1 truncate cleaned up [ 555.467123][ T9549] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9551] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9551] close(3) = 0 [pid 9551] close(4) = 0 [pid 9551] mkdir("./file0", 0777) = 0 [pid 9551] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9551] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9551] chdir("./file0") = 0 [pid 9551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9551] ioctl(4, LOOP_CLR_FD) = 0 [pid 9551] close(4) = 0 [pid 9551] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9551] truncate("./file2", 0) = 0 [pid 9551] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9551] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9551] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9551, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4330", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4330", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4330/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4330/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4330/binderfs") = 0 umount2("./4330/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4330/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4330/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4330/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4330/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4330/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4330") = 0 mkdir("./4331", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9553 ./strace-static-x86_64: Process 9553 attached [pid 9553] set_robust_list(0x55558abad660, 24) = 0 [pid 9553] chdir("./4331") = 0 [pid 9553] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9553] setpgid(0, 0) = 0 [pid 9553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9553] write(3, "1000", 4) = 4 [pid 9553] close(3) = 0 [pid 9553] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9553] write(1, "executing program\n", 18executing program ) = 18 [pid 9553] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9553] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9553] memfd_create("syzkaller", 0) = 3 [pid 9553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9553] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9553] munmap(0x7ff698483000, 138412032) = 0 [pid 9553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 555.497325][ T9551] loop0: detected capacity change from 0 to 512 [ 555.504533][ T9551] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 555.515066][ T9551] EXT4-fs (loop0): 1 truncate cleaned up [ 555.523064][ T9551] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9553] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9553] close(3) = 0 [pid 9553] close(4) = 0 [pid 9553] mkdir("./file0", 0777) = 0 [pid 9553] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9553] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9553] chdir("./file0") = 0 [pid 9553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9553] ioctl(4, LOOP_CLR_FD) = 0 [pid 9553] close(4) = 0 [pid 9553] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9553] truncate("./file2", 0) = 0 [pid 9553] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9553] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9553] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9553, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4331", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4331", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4331/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4331/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4331/binderfs") = 0 umount2("./4331/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4331/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4331/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4331/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4331/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4331/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4331") = 0 mkdir("./4332", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9555 ./strace-static-x86_64: Process 9555 attached [pid 9555] set_robust_list(0x55558abad660, 24) = 0 [pid 9555] chdir("./4332") = 0 [pid 9555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9555] setpgid(0, 0) = 0 [pid 9555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9555] write(3, "1000", 4) = 4 [pid 9555] close(3) = 0 [pid 9555] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9555] write(1, "executing program\n", 18) = 18 [pid 9555] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9555] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9555] memfd_create("syzkaller", 0) = 3 [pid 9555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9555] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9555] munmap(0x7ff698483000, 138412032) = 0 [pid 9555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 555.561189][ T9553] loop0: detected capacity change from 0 to 512 [ 555.568493][ T9553] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 555.579011][ T9553] EXT4-fs (loop0): 1 truncate cleaned up [ 555.586221][ T9553] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9555] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9555] close(3) = 0 [pid 9555] close(4) = 0 [pid 9555] mkdir("./file0", 0777) = 0 [pid 9555] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9555] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9555] chdir("./file0") = 0 [pid 9555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9555] ioctl(4, LOOP_CLR_FD) = 0 [pid 9555] close(4) = 0 [pid 9555] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9555] truncate("./file2", 0) = 0 [pid 9555] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9555] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9555] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9555, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4332", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4332", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4332/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4332/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4332/binderfs") = 0 umount2("./4332/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4332/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4332/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4332/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4332/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4332/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4332") = 0 mkdir("./4333", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9557 ./strace-static-x86_64: Process 9557 attached [pid 9557] set_robust_list(0x55558abad660, 24) = 0 [pid 9557] chdir("./4333") = 0 [pid 9557] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9557] setpgid(0, 0) = 0 [pid 9557] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9557] write(3, "1000", 4) = 4 [pid 9557] close(3) = 0 [pid 9557] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9557] write(1, "executing program\n", 18executing program ) = 18 [pid 9557] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9557] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9557] memfd_create("syzkaller", 0) = 3 [pid 9557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9557] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9557] munmap(0x7ff698483000, 138412032) = 0 [pid 9557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 555.623891][ T9555] loop0: detected capacity change from 0 to 512 [ 555.631386][ T9555] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 555.641983][ T9555] EXT4-fs (loop0): 1 truncate cleaned up [ 555.649145][ T9555] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9557] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9557] close(3) = 0 [pid 9557] close(4) = 0 [pid 9557] mkdir("./file0", 0777) = 0 [pid 9557] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9557] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9557] chdir("./file0") = 0 [pid 9557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9557] ioctl(4, LOOP_CLR_FD) = 0 [pid 9557] close(4) = 0 [pid 9557] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9557] truncate("./file2", 0) = 0 [pid 9557] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9557] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9557] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9557, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4333", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4333", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4333/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4333/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4333/binderfs") = 0 umount2("./4333/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4333/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4333/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4333/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4333/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4333/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4333") = 0 mkdir("./4334", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9559 ./strace-static-x86_64: Process 9559 attached [pid 9559] set_robust_list(0x55558abad660, 24) = 0 [pid 9559] chdir("./4334") = 0 [pid 9559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9559] setpgid(0, 0) = 0 [pid 9559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9559] write(3, "1000", 4) = 4 [pid 9559] close(3) = 0 [pid 9559] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9559] write(1, "executing program\n", 18) = 18 [pid 9559] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9559] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9559] memfd_create("syzkaller", 0) = 3 [pid 9559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9559] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9559] munmap(0x7ff698483000, 138412032) = 0 [pid 9559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 555.675212][ T9557] loop0: detected capacity change from 0 to 512 [ 555.682384][ T9557] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 555.692931][ T9557] EXT4-fs (loop0): 1 truncate cleaned up [ 555.699794][ T9557] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9559] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9559] close(3) = 0 [pid 9559] close(4) = 0 [pid 9559] mkdir("./file0", 0777) = 0 [pid 9559] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9559] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9559] chdir("./file0") = 0 [pid 9559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9559] ioctl(4, LOOP_CLR_FD) = 0 [pid 9559] close(4) = 0 [pid 9559] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9559] truncate("./file2", 0) = 0 [pid 9559] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9559] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9559] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9559, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4334", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4334", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4334/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4334/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4334/binderfs") = 0 umount2("./4334/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4334/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4334/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4334/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4334/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4334/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4334") = 0 mkdir("./4335", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9561 ./strace-static-x86_64: Process 9561 attached [pid 9561] set_robust_list(0x55558abad660, 24) = 0 executing program [pid 9561] chdir("./4335") = 0 [pid 9561] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9561] setpgid(0, 0) = 0 [pid 9561] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9561] write(3, "1000", 4) = 4 [pid 9561] close(3) = 0 [pid 9561] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9561] write(1, "executing program\n", 18) = 18 [pid 9561] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9561] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9561] memfd_create("syzkaller", 0) = 3 [pid 9561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9561] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9561] munmap(0x7ff698483000, 138412032) = 0 [pid 9561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 555.728390][ T9559] loop0: detected capacity change from 0 to 512 [ 555.735484][ T9559] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 555.746205][ T9559] EXT4-fs (loop0): 1 truncate cleaned up [ 555.752933][ T9559] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9561] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9561] close(3) = 0 [pid 9561] close(4) = 0 [pid 9561] mkdir("./file0", 0777) = 0 [pid 9561] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9561] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9561] chdir("./file0") = 0 [pid 9561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9561] ioctl(4, LOOP_CLR_FD) = 0 [pid 9561] close(4) = 0 [pid 9561] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9561] truncate("./file2", 0) = 0 [pid 9561] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9561] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9561] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9561, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4335", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4335", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4335/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4335/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4335/binderfs") = 0 umount2("./4335/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4335/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4335/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4335/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4335/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4335/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4335") = 0 mkdir("./4336", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9563 ./strace-static-x86_64: Process 9563 attached [pid 9563] set_robust_list(0x55558abad660, 24) = 0 [pid 9563] chdir("./4336") = 0 [pid 9563] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9563] setpgid(0, 0) = 0 [pid 9563] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9563] write(3, "1000", 4) = 4 [pid 9563] close(3) = 0 [pid 9563] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9563] write(1, "executing program\n", 18) = 18 [pid 9563] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9563] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9563] memfd_create("syzkaller", 0) = 3 [pid 9563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9563] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9563] munmap(0x7ff698483000, 138412032) = 0 [pid 9563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 555.787240][ T9561] loop0: detected capacity change from 0 to 512 [ 555.794406][ T9561] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 555.805964][ T9561] EXT4-fs (loop0): 1 truncate cleaned up [ 555.813351][ T9561] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9563] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9563] close(3) = 0 [pid 9563] close(4) = 0 [pid 9563] mkdir("./file0", 0777) = 0 [pid 9563] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9563] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9563] chdir("./file0") = 0 [pid 9563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9563] ioctl(4, LOOP_CLR_FD) = 0 [pid 9563] close(4) = 0 [pid 9563] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9563] truncate("./file2", 0) = 0 [pid 9563] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9563] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9563] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9563, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4336", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4336", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4336/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4336/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4336/binderfs") = 0 umount2("./4336/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4336/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4336/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4336/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4336/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4336/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4336") = 0 mkdir("./4337", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9565 ./strace-static-x86_64: Process 9565 attached [pid 9565] set_robust_list(0x55558abad660, 24) = 0 [pid 9565] chdir("./4337") = 0 [pid 9565] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9565] setpgid(0, 0) = 0 [pid 9565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9565] write(3, "1000", 4) = 4 [pid 9565] close(3) = 0 [pid 9565] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9565] write(1, "executing program\n", 18) = 18 [pid 9565] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9565] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9565] memfd_create("syzkaller", 0) = 3 [pid 9565] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9565] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9565] munmap(0x7ff698483000, 138412032) = 0 [pid 9565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 555.855404][ T9563] loop0: detected capacity change from 0 to 512 [ 555.863147][ T9563] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 555.873615][ T9563] EXT4-fs (loop0): 1 truncate cleaned up [ 555.880570][ T9563] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9565] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9565] close(3) = 0 [pid 9565] close(4) = 0 [pid 9565] mkdir("./file0", 0777) = 0 [pid 9565] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9565] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9565] chdir("./file0") = 0 [pid 9565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9565] ioctl(4, LOOP_CLR_FD) = 0 [pid 9565] close(4) = 0 [pid 9565] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9565] truncate("./file2", 0) = 0 [pid 9565] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9565] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9565] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9565, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4337", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4337", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4337/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4337/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4337/binderfs") = 0 umount2("./4337/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4337/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4337/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4337/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4337/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4337/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4337") = 0 mkdir("./4338", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9567 ./strace-static-x86_64: Process 9567 attached [pid 9567] set_robust_list(0x55558abad660, 24) = 0 [pid 9567] chdir("./4338") = 0 [pid 9567] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9567] setpgid(0, 0) = 0 [pid 9567] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9567] write(3, "1000", 4) = 4 [pid 9567] close(3) = 0 [pid 9567] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9567] write(1, "executing program\n", 18executing program ) = 18 [pid 9567] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9567] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9567] memfd_create("syzkaller", 0) = 3 [pid 9567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9567] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9567] munmap(0x7ff698483000, 138412032) = 0 [pid 9567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 555.922604][ T9565] loop0: detected capacity change from 0 to 512 [ 555.929887][ T9565] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 555.940518][ T9565] EXT4-fs (loop0): 1 truncate cleaned up [ 555.948126][ T9565] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9567] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9567] close(3) = 0 [pid 9567] close(4) = 0 [pid 9567] mkdir("./file0", 0777) = 0 [pid 9567] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9567] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9567] chdir("./file0") = 0 [pid 9567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9567] ioctl(4, LOOP_CLR_FD) = 0 [pid 9567] close(4) = 0 [pid 9567] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9567] truncate("./file2", 0) = 0 [pid 9567] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9567] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9567] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9567, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4338", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4338", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4338/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4338/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4338/binderfs") = 0 umount2("./4338/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4338/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4338/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4338/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4338/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4338/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4338") = 0 mkdir("./4339", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9569 ./strace-static-x86_64: Process 9569 attached [pid 9569] set_robust_list(0x55558abad660, 24) = 0 [pid 9569] chdir("./4339") = 0 [pid 9569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9569] setpgid(0, 0) = 0 [pid 9569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9569] write(3, "1000", 4) = 4 [pid 9569] close(3) = 0 [pid 9569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9569] write(1, "executing program\n", 18executing program ) = 18 [pid 9569] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9569] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9569] memfd_create("syzkaller", 0) = 3 [pid 9569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9569] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9569] munmap(0x7ff698483000, 138412032) = 0 [pid 9569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 555.977776][ T9567] loop0: detected capacity change from 0 to 512 [ 555.984904][ T9567] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 555.995493][ T9567] EXT4-fs (loop0): 1 truncate cleaned up [ 556.002336][ T9567] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9569] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9569] close(3) = 0 [pid 9569] close(4) = 0 [pid 9569] mkdir("./file0", 0777) = 0 [pid 9569] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9569] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9569] chdir("./file0") = 0 [pid 9569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9569] ioctl(4, LOOP_CLR_FD) = 0 [pid 9569] close(4) = 0 [pid 9569] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9569] truncate("./file2", 0) = 0 [pid 9569] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9569] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9569] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9569, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4339", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4339", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4339/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4339/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4339/binderfs") = 0 umount2("./4339/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4339/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4339/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4339/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4339/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4339/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4339") = 0 mkdir("./4340", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9571 ./strace-static-x86_64: Process 9571 attached [pid 9571] set_robust_list(0x55558abad660, 24) = 0 [pid 9571] chdir("./4340") = 0 [pid 9571] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9571] setpgid(0, 0) = 0 [pid 9571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9571] write(3, "1000", 4) = 4 [pid 9571] close(3) = 0 [pid 9571] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9571] write(1, "executing program\n", 18executing program ) = 18 [pid 9571] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9571] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9571] memfd_create("syzkaller", 0) = 3 [pid 9571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9571] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9571] munmap(0x7ff698483000, 138412032) = 0 [pid 9571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 556.037889][ T9569] loop0: detected capacity change from 0 to 512 [ 556.045072][ T9569] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 556.055775][ T9569] EXT4-fs (loop0): 1 truncate cleaned up [ 556.062537][ T9569] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9571] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9571] close(3) = 0 [pid 9571] close(4) = 0 [pid 9571] mkdir("./file0", 0777) = 0 [pid 9571] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9571] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9571] chdir("./file0") = 0 [pid 9571] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9571] ioctl(4, LOOP_CLR_FD) = 0 [pid 9571] close(4) = 0 [pid 9571] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9571] truncate("./file2", 0) = 0 [pid 9571] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9571] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9571] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9571, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4340", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4340", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4340/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4340/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4340/binderfs") = 0 umount2("./4340/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4340/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4340/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4340/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4340/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4340/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4340") = 0 mkdir("./4341", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9574 ./strace-static-x86_64: Process 9574 attached [pid 9574] set_robust_list(0x55558abad660, 24) = 0 [pid 9574] chdir("./4341") = 0 [pid 9574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9574] setpgid(0, 0) = 0 [pid 9574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9574] write(3, "1000", 4) = 4 [pid 9574] close(3) = 0 [pid 9574] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9574] write(1, "executing program\n", 18executing program ) = 18 [pid 9574] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9574] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9574] memfd_create("syzkaller", 0) = 3 [pid 9574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9574] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9574] munmap(0x7ff698483000, 138412032) = 0 [pid 9574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 556.098314][ T9571] loop0: detected capacity change from 0 to 512 [ 556.105641][ T9571] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 556.116792][ T9571] EXT4-fs (loop0): 1 truncate cleaned up [ 556.123205][ T9571] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9574] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9574] close(3) = 0 [pid 9574] close(4) = 0 [pid 9574] mkdir("./file0", 0777) = 0 [pid 9574] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9574] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9574] chdir("./file0") = 0 [pid 9574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9574] ioctl(4, LOOP_CLR_FD) = 0 [pid 9574] close(4) = 0 [pid 9574] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9574] truncate("./file2", 0) = 0 [pid 9574] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9574] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9574] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9574, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4341", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4341", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4341/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4341/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4341/binderfs") = 0 umount2("./4341/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./4341/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4341/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4341/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4341/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4341/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4341") = 0 mkdir("./4342", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9576 ./strace-static-x86_64: Process 9576 attached [pid 9576] set_robust_list(0x55558abad660, 24) = 0 [pid 9576] chdir("./4342") = 0 [pid 9576] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9576] setpgid(0, 0) = 0 [pid 9576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9576] write(3, "1000", 4) = 4 [pid 9576] close(3) = 0 [pid 9576] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9576] write(1, "executing program\n", 18) = 18 [pid 9576] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9576] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9576] memfd_create("syzkaller", 0) = 3 [pid 9576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9576] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9576] munmap(0x7ff698483000, 138412032) = 0 [pid 9576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 556.162810][ T9574] loop0: detected capacity change from 0 to 512 [ 556.170226][ T9574] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 556.180941][ T9574] EXT4-fs (loop0): 1 truncate cleaned up [ 556.187963][ T9574] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9576] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9576] close(3) = 0 [pid 9576] close(4) = 0 [pid 9576] mkdir("./file0", 0777) = 0 [pid 9576] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9576] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9576] chdir("./file0") = 0 [pid 9576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9576] ioctl(4, LOOP_CLR_FD) = 0 [pid 9576] close(4) = 0 [pid 9576] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9576] truncate("./file2", 0) = 0 [pid 9576] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9576] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9576] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9576, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4342", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4342", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4342/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4342/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4342/binderfs") = 0 umount2("./4342/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4342/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4342/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4342/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4342/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4342/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4342") = 0 [ 556.225850][ T9576] loop0: detected capacity change from 0 to 512 [ 556.233205][ T9576] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 556.243830][ T9576] EXT4-fs (loop0): 1 truncate cleaned up [ 556.250920][ T9576] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. executing program mkdir("./4343", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9578 ./strace-static-x86_64: Process 9578 attached [pid 9578] set_robust_list(0x55558abad660, 24) = 0 [pid 9578] chdir("./4343") = 0 [pid 9578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9578] setpgid(0, 0) = 0 [pid 9578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9578] write(3, "1000", 4) = 4 [pid 9578] close(3) = 0 [pid 9578] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9578] write(1, "executing program\n", 18) = 18 [pid 9578] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9578] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9578] memfd_create("syzkaller", 0) = 3 [pid 9578] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9578] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9578] munmap(0x7ff698483000, 138412032) = 0 [pid 9578] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9578] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9578] close(3) = 0 [pid 9578] close(4) = 0 [pid 9578] mkdir("./file0", 0777) = 0 [pid 9578] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9578] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9578] chdir("./file0") = 0 [pid 9578] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9578] ioctl(4, LOOP_CLR_FD) = 0 [pid 9578] close(4) = 0 [pid 9578] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9578] truncate("./file2", 0) = 0 [pid 9578] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9578] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9578] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9578, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4343", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4343", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4343/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4343/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4343/binderfs") = 0 umount2("./4343/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4343/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4343/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4343/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4343/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4343/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4343") = 0 mkdir("./4344", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9580 ./strace-static-x86_64: Process 9580 attached [pid 9580] set_robust_list(0x55558abad660, 24) = 0 [pid 9580] chdir("./4344") = 0 [pid 9580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9580] setpgid(0, 0) = 0 [pid 9580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9580] write(3, "1000", 4) = 4 [pid 9580] close(3) = 0 [pid 9580] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9580] write(1, "executing program\n", 18) = 18 [pid 9580] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9580] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9580] memfd_create("syzkaller", 0) = 3 [pid 9580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9580] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9580] munmap(0x7ff698483000, 138412032) = 0 [pid 9580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 556.290146][ T9578] loop0: detected capacity change from 0 to 512 [ 556.298252][ T9578] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 556.308942][ T9578] EXT4-fs (loop0): 1 truncate cleaned up [ 556.315767][ T9578] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9580] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9580] close(3) = 0 [pid 9580] close(4) = 0 [pid 9580] mkdir("./file0", 0777) = 0 [pid 9580] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9580] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9580] chdir("./file0") = 0 [pid 9580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9580] ioctl(4, LOOP_CLR_FD) = 0 [pid 9580] close(4) = 0 [pid 9580] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9580] truncate("./file2", 0) = 0 [pid 9580] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9580] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9580] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9580, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4344", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4344", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4344/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4344/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4344/binderfs") = 0 umount2("./4344/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4344/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4344/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4344/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4344/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4344/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4344") = 0 mkdir("./4345", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9582 ./strace-static-x86_64: Process 9582 attached [pid 9582] set_robust_list(0x55558abad660, 24) = 0 [pid 9582] chdir("./4345") = 0 [pid 9582] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9582] setpgid(0, 0) = 0 [pid 9582] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9582] write(3, "1000", 4) = 4 [pid 9582] close(3) = 0 [pid 9582] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9582] write(1, "executing program\n", 18) = 18 executing program [pid 9582] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9582] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9582] memfd_create("syzkaller", 0) = 3 [pid 9582] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9582] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9582] munmap(0x7ff698483000, 138412032) = 0 [pid 9582] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 556.349383][ T9580] loop0: detected capacity change from 0 to 512 [ 556.356898][ T9580] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 556.367460][ T9580] EXT4-fs (loop0): 1 truncate cleaned up [ 556.374204][ T9580] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9582] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9582] close(3) = 0 [pid 9582] close(4) = 0 [pid 9582] mkdir("./file0", 0777) = 0 [pid 9582] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9582] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9582] chdir("./file0") = 0 [pid 9582] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9582] ioctl(4, LOOP_CLR_FD) = 0 [pid 9582] close(4) = 0 [pid 9582] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9582] truncate("./file2", 0) = 0 [pid 9582] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9582] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9582] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9582, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4345", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4345", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4345/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4345/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4345/binderfs") = 0 umount2("./4345/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4345/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4345/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4345/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4345/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4345/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4345") = 0 mkdir("./4346", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9584 ./strace-static-x86_64: Process 9584 attached [pid 9584] set_robust_list(0x55558abad660, 24) = 0 executing program [pid 9584] chdir("./4346") = 0 [pid 9584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9584] setpgid(0, 0) = 0 [pid 9584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9584] write(3, "1000", 4) = 4 [pid 9584] close(3) = 0 [pid 9584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9584] write(1, "executing program\n", 18) = 18 [pid 9584] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9584] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9584] memfd_create("syzkaller", 0) = 3 [pid 9584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9584] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9584] munmap(0x7ff698483000, 138412032) = 0 [pid 9584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 556.415678][ T9582] loop0: detected capacity change from 0 to 512 [ 556.423011][ T9582] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 556.433572][ T9582] EXT4-fs (loop0): 1 truncate cleaned up [ 556.440921][ T9582] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9584] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9584] close(3) = 0 [pid 9584] close(4) = 0 [pid 9584] mkdir("./file0", 0777) = 0 [pid 9584] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9584] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9584] chdir("./file0") = 0 [pid 9584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9584] ioctl(4, LOOP_CLR_FD) = 0 [pid 9584] close(4) = 0 [pid 9584] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9584] truncate("./file2", 0) = 0 [pid 9584] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9584] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9584] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9584, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4346", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4346", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4346/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4346/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4346/binderfs") = 0 umount2("./4346/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4346/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4346/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4346/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4346/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4346/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4346") = 0 mkdir("./4347", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9586 ./strace-static-x86_64: Process 9586 attached [pid 9586] set_robust_list(0x55558abad660, 24) = 0 [pid 9586] chdir("./4347") = 0 [pid 9586] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9586] setpgid(0, 0) = 0 [pid 9586] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9586] write(3, "1000", 4) = 4 [pid 9586] close(3) = 0 [pid 9586] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9586] write(1, "executing program\n", 18) = 18 [pid 9586] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9586] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9586] memfd_create("syzkaller", 0) = 3 [pid 9586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9586] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9586] munmap(0x7ff698483000, 138412032) = 0 [pid 9586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 556.476786][ T9584] loop0: detected capacity change from 0 to 512 [ 556.484397][ T9584] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 556.494828][ T9584] EXT4-fs (loop0): 1 truncate cleaned up [ 556.502226][ T9584] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9586] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9586] close(3) = 0 [pid 9586] close(4) = 0 [pid 9586] mkdir("./file0", 0777) = 0 [pid 9586] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9586] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9586] chdir("./file0") = 0 [pid 9586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9586] ioctl(4, LOOP_CLR_FD) = 0 [pid 9586] close(4) = 0 [pid 9586] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9586] truncate("./file2", 0) = 0 [pid 9586] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9586] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9586] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9586, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4347", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4347", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4347/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4347/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4347/binderfs") = 0 umount2("./4347/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4347/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4347/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4347/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4347/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4347/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4347") = 0 mkdir("./4348", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9588 executing program ./strace-static-x86_64: Process 9588 attached [pid 9588] set_robust_list(0x55558abad660, 24) = 0 [pid 9588] chdir("./4348") = 0 [pid 9588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9588] setpgid(0, 0) = 0 [pid 9588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9588] write(3, "1000", 4) = 4 [pid 9588] close(3) = 0 [pid 9588] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9588] write(1, "executing program\n", 18) = 18 [pid 9588] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9588] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9588] memfd_create("syzkaller", 0) = 3 [pid 9588] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9588] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9588] munmap(0x7ff698483000, 138412032) = 0 [pid 9588] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 556.543317][ T9586] loop0: detected capacity change from 0 to 512 [ 556.551091][ T9586] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 556.561959][ T9586] EXT4-fs (loop0): 1 truncate cleaned up [ 556.568821][ T9586] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9588] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9588] close(3) = 0 [pid 9588] close(4) = 0 [pid 9588] mkdir("./file0", 0777) = 0 [pid 9588] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9588] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9588] chdir("./file0") = 0 [pid 9588] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9588] ioctl(4, LOOP_CLR_FD) = 0 [pid 9588] close(4) = 0 [pid 9588] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9588] truncate("./file2", 0) = 0 [pid 9588] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9588] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9588] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9588, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4348", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4348", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4348/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4348/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4348/binderfs") = 0 umount2("./4348/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4348/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4348/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4348/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4348/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4348/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4348") = 0 mkdir("./4349", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9590 ./strace-static-x86_64: Process 9590 attached [pid 9590] set_robust_list(0x55558abad660, 24) = 0 [pid 9590] chdir("./4349") = 0 [pid 9590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9590] setpgid(0, 0) = 0 [pid 9590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9590] write(3, "1000", 4) = 4 [pid 9590] close(3) = 0 [pid 9590] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9590] write(1, "executing program\n", 18executing program ) = 18 [pid 9590] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9590] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9590] memfd_create("syzkaller", 0) = 3 [pid 9590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9590] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9590] munmap(0x7ff698483000, 138412032) = 0 [pid 9590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 556.606209][ T9588] loop0: detected capacity change from 0 to 512 [ 556.613902][ T9588] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 556.624526][ T9588] EXT4-fs (loop0): 1 truncate cleaned up [ 556.632371][ T9588] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9590] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9590] close(3) = 0 [pid 9590] close(4) = 0 [pid 9590] mkdir("./file0", 0777) = 0 [pid 9590] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9590] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9590] chdir("./file0") = 0 [pid 9590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9590] ioctl(4, LOOP_CLR_FD) = 0 [pid 9590] close(4) = 0 [pid 9590] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9590] truncate("./file2", 0) = 0 [pid 9590] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9590] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9590] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9590, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4349", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4349", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4349/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4349/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4349/binderfs") = 0 umount2("./4349/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4349/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4349/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4349/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4349/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4349/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4349") = 0 mkdir("./4350", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9592 ./strace-static-x86_64: Process 9592 attached [pid 9592] set_robust_list(0x55558abad660, 24) = 0 [pid 9592] chdir("./4350") = 0 [pid 9592] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9592] setpgid(0, 0) = 0 [pid 9592] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9592] write(3, "1000", 4) = 4 [pid 9592] close(3) = 0 [pid 9592] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9592] write(1, "executing program\n", 18) = 18 [pid 9592] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9592] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9592] memfd_create("syzkaller", 0) = 3 [pid 9592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9592] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9592] munmap(0x7ff698483000, 138412032) = 0 [pid 9592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 556.674552][ T9590] loop0: detected capacity change from 0 to 512 [ 556.682146][ T9590] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 556.692627][ T9590] EXT4-fs (loop0): 1 truncate cleaned up [ 556.699455][ T9590] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9592] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9592] close(3) = 0 [pid 9592] close(4) = 0 [pid 9592] mkdir("./file0", 0777) = 0 [pid 9592] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9592] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9592] chdir("./file0") = 0 [pid 9592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9592] ioctl(4, LOOP_CLR_FD) = 0 [pid 9592] close(4) = 0 [pid 9592] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9592] truncate("./file2", 0) = 0 [pid 9592] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9592] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9592] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9592, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4350", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4350", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4350/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4350/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4350/binderfs") = 0 umount2("./4350/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4350/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4350/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4350/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4350/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4350/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4350") = 0 mkdir("./4351", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9594 ./strace-static-x86_64: Process 9594 attached [pid 9594] set_robust_list(0x55558abad660, 24) = 0 [pid 9594] chdir("./4351") = 0 [pid 9594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9594] setpgid(0, 0) = 0 [pid 9594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9594] write(3, "1000", 4) = 4 [pid 9594] close(3) = 0 [pid 9594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9594] write(1, "executing program\n", 18executing program ) = 18 [pid 9594] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9594] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9594] memfd_create("syzkaller", 0) = 3 [pid 9594] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9594] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9594] munmap(0x7ff698483000, 138412032) = 0 [pid 9594] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 556.739038][ T9592] loop0: detected capacity change from 0 to 512 [ 556.747251][ T9592] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 556.757864][ T9592] EXT4-fs (loop0): 1 truncate cleaned up [ 556.767488][ T9592] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9594] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9594] close(3) = 0 [pid 9594] close(4) = 0 [pid 9594] mkdir("./file0", 0777) = 0 [pid 9594] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9594] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9594] chdir("./file0") = 0 [pid 9594] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9594] ioctl(4, LOOP_CLR_FD) = 0 [pid 9594] close(4) = 0 [pid 9594] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9594] truncate("./file2", 0) = 0 [pid 9594] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9594] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9594] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9594, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4351", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4351", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4351/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4351/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4351/binderfs") = 0 umount2("./4351/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4351/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4351/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4351/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4351/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4351/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4351") = 0 mkdir("./4352", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9596 ./strace-static-x86_64: Process 9596 attached [pid 9596] set_robust_list(0x55558abad660, 24) = 0 [pid 9596] chdir("./4352") = 0 [pid 9596] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9596] setpgid(0, 0) = 0 [pid 9596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9596] write(3, "1000", 4) = 4 [pid 9596] close(3) = 0 [pid 9596] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9596] write(1, "executing program\n", 18) = 18 [pid 9596] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9596] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9596] memfd_create("syzkaller", 0) = 3 [pid 9596] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9596] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9596] munmap(0x7ff698483000, 138412032) = 0 [pid 9596] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 556.811257][ T9594] loop0: detected capacity change from 0 to 512 [ 556.818519][ T9594] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 556.829077][ T9594] EXT4-fs (loop0): 1 truncate cleaned up [ 556.835861][ T9594] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9596] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9596] close(3) = 0 [pid 9596] close(4) = 0 [pid 9596] mkdir("./file0", 0777) = 0 [pid 9596] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9596] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9596] chdir("./file0") = 0 [pid 9596] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9596] ioctl(4, LOOP_CLR_FD) = 0 [pid 9596] close(4) = 0 [pid 9596] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9596] truncate("./file2", 0) = 0 [pid 9596] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9596] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9596] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9596, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4352", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4352", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4352/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4352/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4352/binderfs") = 0 umount2("./4352/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4352/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4352/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4352/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4352/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4352/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4352") = 0 mkdir("./4353", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9598 ./strace-static-x86_64: Process 9598 attached [pid 9598] set_robust_list(0x55558abad660, 24) = 0 [pid 9598] chdir("./4353") = 0 [pid 9598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9598] setpgid(0, 0) = 0 [pid 9598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9598] write(3, "1000", 4) = 4 [pid 9598] close(3) = 0 [pid 9598] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9598] write(1, "executing program\n", 18) = 18 [pid 9598] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9598] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9598] memfd_create("syzkaller", 0) = 3 [pid 9598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9598] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9598] munmap(0x7ff698483000, 138412032) = 0 [pid 9598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 556.864040][ T9596] loop0: detected capacity change from 0 to 512 [ 556.871296][ T9596] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 556.881897][ T9596] EXT4-fs (loop0): 1 truncate cleaned up [ 556.888981][ T9596] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9598] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9598] close(3) = 0 [pid 9598] close(4) = 0 [pid 9598] mkdir("./file0", 0777) = 0 [pid 9598] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9598] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9598] chdir("./file0") = 0 [pid 9598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9598] ioctl(4, LOOP_CLR_FD) = 0 [pid 9598] close(4) = 0 [pid 9598] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9598] truncate("./file2", 0) = 0 [pid 9598] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9598] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9598] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9598, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4353", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4353", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4353/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4353/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4353/binderfs") = 0 umount2("./4353/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4353/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4353/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4353/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4353/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4353/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4353") = 0 mkdir("./4354", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9600 ./strace-static-x86_64: Process 9600 attached [pid 9600] set_robust_list(0x55558abad660, 24) = 0 [pid 9600] chdir("./4354") = 0 [pid 9600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9600] setpgid(0, 0) = 0 [pid 9600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9600] write(3, "1000", 4) = 4 [pid 9600] close(3) = 0 [pid 9600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9600] write(1, "executing program\n", 18) = 18 [pid 9600] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9600] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9600] memfd_create("syzkaller", 0) = 3 [pid 9600] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9600] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9600] munmap(0x7ff698483000, 138412032) = 0 [pid 9600] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 556.925985][ T9598] loop0: detected capacity change from 0 to 512 [ 556.933285][ T9598] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 556.943841][ T9598] EXT4-fs (loop0): 1 truncate cleaned up [ 556.951250][ T9598] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9600] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9600] close(3) = 0 [pid 9600] close(4) = 0 [pid 9600] mkdir("./file0", 0777) = 0 [pid 9600] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9600] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9600] chdir("./file0") = 0 [pid 9600] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9600] ioctl(4, LOOP_CLR_FD) = 0 [pid 9600] close(4) = 0 [pid 9600] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9600] truncate("./file2", 0) = 0 [pid 9600] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9600] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9600] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9600, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4354", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4354", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4354/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4354/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4354/binderfs") = 0 umount2("./4354/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4354/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4354/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4354/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4354/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4354/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4354") = 0 mkdir("./4355", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9602 ./strace-static-x86_64: Process 9602 attached [pid 9602] set_robust_list(0x55558abad660, 24) = 0 [pid 9602] chdir("./4355") = 0 [pid 9602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9602] setpgid(0, 0) = 0 [pid 9602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9602] write(3, "1000", 4) = 4 [pid 9602] close(3) = 0 [pid 9602] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9602] write(1, "executing program\n", 18executing program ) = 18 [pid 9602] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9602] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9602] memfd_create("syzkaller", 0) = 3 [pid 9602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9602] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9602] munmap(0x7ff698483000, 138412032) = 0 [pid 9602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 556.987253][ T9600] loop0: detected capacity change from 0 to 512 [ 556.994457][ T9600] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 557.005170][ T9600] EXT4-fs (loop0): 1 truncate cleaned up [ 557.011977][ T9600] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9602] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9602] close(3) = 0 [pid 9602] close(4) = 0 [pid 9602] mkdir("./file0", 0777) = 0 [pid 9602] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9602] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9602] chdir("./file0") = 0 [pid 9602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9602] ioctl(4, LOOP_CLR_FD) = 0 [pid 9602] close(4) = 0 [pid 9602] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9602] truncate("./file2", 0) = 0 [pid 9602] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9602] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9602] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9602, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4355", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4355", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4355/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4355/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4355/binderfs") = 0 umount2("./4355/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4355/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4355/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4355/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4355/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4355/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4355") = 0 mkdir("./4356", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9604 ./strace-static-x86_64: Process 9604 attached [pid 9604] set_robust_list(0x55558abad660, 24) = 0 [pid 9604] chdir("./4356") = 0 [pid 9604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9604] setpgid(0, 0) = 0 [pid 9604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9604] write(3, "1000", 4) = 4 [pid 9604] close(3) = 0 [pid 9604] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9604] write(1, "executing program\n", 18executing program ) = 18 [pid 9604] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9604] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9604] memfd_create("syzkaller", 0) = 3 [pid 9604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9604] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9604] munmap(0x7ff698483000, 138412032) = 0 [pid 9604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 557.046074][ T9602] loop0: detected capacity change from 0 to 512 [ 557.053267][ T9602] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 557.063951][ T9602] EXT4-fs (loop0): 1 truncate cleaned up [ 557.070958][ T9602] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9604] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9604] close(3) = 0 [pid 9604] close(4) = 0 [pid 9604] mkdir("./file0", 0777) = 0 [pid 9604] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9604] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9604] chdir("./file0") = 0 [pid 9604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9604] ioctl(4, LOOP_CLR_FD) = 0 [pid 9604] close(4) = 0 [pid 9604] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9604] truncate("./file2", 0) = 0 [pid 9604] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9604] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9604] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9604, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4356", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4356", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4356/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4356/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4356/binderfs") = 0 umount2("./4356/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4356/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4356/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4356/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4356/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4356/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4356") = 0 mkdir("./4357", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9607 ./strace-static-x86_64: Process 9607 attached [pid 9607] set_robust_list(0x55558abad660, 24) = 0 [pid 9607] chdir("./4357") = 0 [pid 9607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9607] setpgid(0, 0) = 0 [pid 9607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9607] write(3, "1000", 4) = 4 [pid 9607] close(3) = 0 [pid 9607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9607] write(1, "executing program\n", 18) = 18 [pid 9607] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9607] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9607] memfd_create("syzkaller", 0) = 3 [pid 9607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9607] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9607] munmap(0x7ff698483000, 138412032) = 0 [pid 9607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 557.106769][ T9604] loop0: detected capacity change from 0 to 512 [ 557.113914][ T9604] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 557.124587][ T9604] EXT4-fs (loop0): 1 truncate cleaned up [ 557.131572][ T9604] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9607] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9607] close(3) = 0 [pid 9607] close(4) = 0 [pid 9607] mkdir("./file0", 0777) = 0 [pid 9607] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9607] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9607] chdir("./file0") = 0 [pid 9607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9607] ioctl(4, LOOP_CLR_FD) = 0 [pid 9607] close(4) = 0 [pid 9607] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9607] truncate("./file2", 0) = 0 [pid 9607] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9607] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9607] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9607, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4357", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4357", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4357/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4357/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4357/binderfs") = 0 umount2("./4357/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4357/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4357/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4357/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4357/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4357/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4357") = 0 mkdir("./4358", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9609 ./strace-static-x86_64: Process 9609 attached [pid 9609] set_robust_list(0x55558abad660, 24) = 0 [pid 9609] chdir("./4358") = 0 [pid 9609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9609] setpgid(0, 0) = 0 [pid 9609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9609] write(3, "1000", 4) = 4 [pid 9609] close(3) = 0 [pid 9609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9609] write(1, "executing program\n", 18executing program ) = 18 [pid 9609] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9609] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9609] memfd_create("syzkaller", 0) = 3 [pid 9609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9609] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9609] munmap(0x7ff698483000, 138412032) = 0 [pid 9609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 557.168187][ T9607] loop0: detected capacity change from 0 to 512 [ 557.175406][ T9607] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 557.185977][ T9607] EXT4-fs (loop0): 1 truncate cleaned up [ 557.193634][ T9607] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9609] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9609] close(3) = 0 [pid 9609] close(4) = 0 [pid 9609] mkdir("./file0", 0777) = 0 [pid 9609] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9609] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9609] chdir("./file0") = 0 [pid 9609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9609] ioctl(4, LOOP_CLR_FD) = 0 [pid 9609] close(4) = 0 [pid 9609] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9609] truncate("./file2", 0) = 0 [pid 9609] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9609] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9609] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9609, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4358", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4358", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4358/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4358/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4358/binderfs") = 0 umount2("./4358/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4358/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4358/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4358/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4358/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4358/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4358") = 0 mkdir("./4359", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9611 ./strace-static-x86_64: Process 9611 attached [pid 9611] set_robust_list(0x55558abad660, 24) = 0 [pid 9611] chdir("./4359") = 0 [pid 9611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9611] setpgid(0, 0) = 0 [pid 9611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9611] write(3, "1000", 4) = 4 [pid 9611] close(3) = 0 [pid 9611] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9611] write(1, "executing program\n", 18) = 18 [pid 9611] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9611] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9611] memfd_create("syzkaller", 0) = 3 [pid 9611] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9611] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9611] munmap(0x7ff698483000, 138412032) = 0 [pid 9611] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 557.233357][ T9609] loop0: detected capacity change from 0 to 512 [ 557.240829][ T9609] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 557.251405][ T9609] EXT4-fs (loop0): 1 truncate cleaned up [ 557.258451][ T9609] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9611] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9611] close(3) = 0 [pid 9611] close(4) = 0 [pid 9611] mkdir("./file0", 0777) = 0 [pid 9611] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9611] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9611] chdir("./file0") = 0 [pid 9611] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9611] ioctl(4, LOOP_CLR_FD) = 0 [pid 9611] close(4) = 0 [pid 9611] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9611] truncate("./file2", 0) = 0 [pid 9611] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9611] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9611] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9611, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4359", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4359", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4359/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4359/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4359/binderfs") = 0 [ 557.288136][ T9611] loop0: detected capacity change from 0 to 512 [ 557.295341][ T9611] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 557.305964][ T9611] EXT4-fs (loop0): 1 truncate cleaned up [ 557.312640][ T9611] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 557.331338][ T560] EXT4-fs unmount: 901 callbacks suppressed umount2("./4359/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4359/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4359/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4359/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4359/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4359/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4359") = 0 mkdir("./4360", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9613 ./strace-static-x86_64: Process 9613 attached [pid 9613] set_robust_list(0x55558abad660, 24) = 0 [pid 9613] chdir("./4360") = 0 [pid 9613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9613] setpgid(0, 0) = 0 [pid 9613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9613] write(3, "1000", 4) = 4 [pid 9613] close(3) = 0 [pid 9613] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9613] write(1, "executing program\n", 18executing program ) = 18 [pid 9613] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9613] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9613] memfd_create("syzkaller", 0) = 3 [pid 9613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9613] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9613] munmap(0x7ff698483000, 138412032) = 0 [pid 9613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9613] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9613] close(3) = 0 [pid 9613] close(4) = 0 [pid 9613] mkdir("./file0", 0777) = 0 [pid 9613] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9613] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9613] chdir("./file0") = 0 [pid 9613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9613] ioctl(4, LOOP_CLR_FD) = 0 [pid 9613] close(4) = 0 [pid 9613] creat(NULL, 000) = -1 EFAULT (Bad address) [ 557.331349][ T560] EXT4-fs (loop0): unmounting filesystem. [ 557.355336][ T9613] loop0: detected capacity change from 0 to 512 [ 557.363061][ T9613] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 557.374061][ T9613] EXT4-fs (loop0): 1 truncate cleaned up [ 557.379571][ T9613] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 9613] truncate("./file2", 0) = 0 [pid 9613] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9613] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9613] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9613, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4360", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4360", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4360/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4360/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4360/binderfs") = 0 umount2("./4360/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4360/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4360/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4360/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4360/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4360/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4360") = 0 mkdir("./4361", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9615 ./strace-static-x86_64: Process 9615 attached [pid 9615] set_robust_list(0x55558abad660, 24) = 0 [pid 9615] chdir("./4361") = 0 [pid 9615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9615] setpgid(0, 0) = 0 [pid 9615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9615] write(3, "1000", 4) = 4 [pid 9615] close(3) = 0 [pid 9615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9615] write(1, "executing program\n", 18) = 18 [pid 9615] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9615] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9615] memfd_create("syzkaller", 0) = 3 [pid 9615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9615] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9615] munmap(0x7ff698483000, 138412032) = 0 [pid 9615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 557.389959][ T9613] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 557.418554][ T560] EXT4-fs (loop0): unmounting filesystem. [pid 9615] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9615] close(3) = 0 [pid 9615] close(4) = 0 [pid 9615] mkdir("./file0", 0777) = 0 [pid 9615] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9615] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9615] chdir("./file0") = 0 [pid 9615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9615] ioctl(4, LOOP_CLR_FD) = 0 [pid 9615] close(4) = 0 [pid 9615] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9615] truncate("./file2", 0) = 0 [pid 9615] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9615] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9615] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9615, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4361", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4361", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4361/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4361/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4361/binderfs") = 0 [ 557.437412][ T9615] loop0: detected capacity change from 0 to 512 [ 557.444679][ T9615] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 557.455540][ T9615] EXT4-fs (loop0): 1 truncate cleaned up [ 557.461045][ T9615] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 557.471493][ T9615] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. umount2("./4361/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4361/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4361/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4361/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4361/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4361/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4361") = 0 mkdir("./4362", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9617 ./strace-static-x86_64: Process 9617 attached [pid 9617] set_robust_list(0x55558abad660, 24) = 0 [pid 9617] chdir("./4362") = 0 [pid 9617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9617] setpgid(0, 0) = 0 [pid 9617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9617] write(3, "1000", 4) = 4 [pid 9617] close(3) = 0 [pid 9617] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9617] write(1, "executing program\n", 18) = 18 [pid 9617] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9617] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9617] memfd_create("syzkaller", 0) = 3 [pid 9617] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9617] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9617] munmap(0x7ff698483000, 138412032) = 0 [pid 9617] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9617] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9617] close(3) = 0 [pid 9617] close(4) = 0 [pid 9617] mkdir("./file0", 0777) = 0 [ 557.498859][ T560] EXT4-fs (loop0): unmounting filesystem. [ 557.518040][ T9617] loop0: detected capacity change from 0 to 512 [ 557.525728][ T9617] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 557.536344][ T9617] EXT4-fs (loop0): 1 truncate cleaned up [pid 9617] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9617] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9617] chdir("./file0") = 0 [pid 9617] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9617] ioctl(4, LOOP_CLR_FD) = 0 [pid 9617] close(4) = 0 [pid 9617] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9617] truncate("./file2", 0) = 0 [pid 9617] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9617] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9617] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9617, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4362", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4362", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4362/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4362/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4362/binderfs") = 0 umount2("./4362/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4362/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4362/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4362/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4362/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4362/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4362") = 0 mkdir("./4363", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9619 ./strace-static-x86_64: Process 9619 attached [pid 9619] set_robust_list(0x55558abad660, 24) = 0 [pid 9619] chdir("./4363") = 0 [pid 9619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9619] setpgid(0, 0) = 0 [pid 9619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9619] write(3, "1000", 4) = 4 [pid 9619] close(3) = 0 [pid 9619] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9619] write(1, "executing program\n", 18executing program ) = 18 [pid 9619] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9619] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9619] memfd_create("syzkaller", 0) = 3 [pid 9619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9619] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9619] munmap(0x7ff698483000, 138412032) = 0 [pid 9619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 557.542260][ T9617] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 557.551965][ T9617] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 557.580556][ T560] EXT4-fs (loop0): unmounting filesystem. [pid 9619] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9619] close(3) = 0 [pid 9619] close(4) = 0 [pid 9619] mkdir("./file0", 0777) = 0 [pid 9619] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9619] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9619] chdir("./file0") = 0 [pid 9619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9619] ioctl(4, LOOP_CLR_FD) = 0 [pid 9619] close(4) = 0 [pid 9619] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9619] truncate("./file2", 0) = 0 [pid 9619] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9619] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9619] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9619, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4363", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4363", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4363/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4363/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4363/binderfs") = 0 [ 557.597209][ T9619] loop0: detected capacity change from 0 to 512 [ 557.604571][ T9619] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 557.615152][ T9619] EXT4-fs (loop0): 1 truncate cleaned up [ 557.620655][ T9619] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 557.630252][ T9619] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. umount2("./4363/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4363/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4363/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4363/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4363/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4363/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4363") = 0 mkdir("./4364", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9621 ./strace-static-x86_64: Process 9621 attached [pid 9621] set_robust_list(0x55558abad660, 24) = 0 [pid 9621] chdir("./4364") = 0 [pid 9621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9621] setpgid(0, 0) = 0 [pid 9621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9621] write(3, "1000", 4) = 4 [pid 9621] close(3) = 0 [pid 9621] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9621] write(1, "executing program\n", 18) = 18 [pid 9621] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9621] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9621] memfd_create("syzkaller", 0) = 3 [pid 9621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9621] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9621] munmap(0x7ff698483000, 138412032) = 0 [pid 9621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9621] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9621] close(3) = 0 [pid 9621] close(4) = 0 [pid 9621] mkdir("./file0", 0777) = 0 [pid 9621] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9621] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9621] chdir("./file0") = 0 [pid 9621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9621] ioctl(4, LOOP_CLR_FD) = 0 [pid 9621] close(4) = 0 [pid 9621] creat(NULL, 000) = -1 EFAULT (Bad address) [ 557.658262][ T560] EXT4-fs (loop0): unmounting filesystem. [ 557.672951][ T9621] loop0: detected capacity change from 0 to 512 [ 557.680692][ T9621] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 557.691301][ T9621] EXT4-fs (loop0): 1 truncate cleaned up [ 557.697280][ T9621] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 9621] truncate("./file2", 0) = 0 [pid 9621] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9621] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9621] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9621, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4364", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4364", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4364/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4364/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4364/binderfs") = 0 umount2("./4364/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4364/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4364/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4364/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4364/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4364/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4364") = 0 mkdir("./4365", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9623 ./strace-static-x86_64: Process 9623 attached [pid 9623] set_robust_list(0x55558abad660, 24) = 0 executing program [pid 9623] chdir("./4365") = 0 [pid 9623] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9623] setpgid(0, 0) = 0 [pid 9623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9623] write(3, "1000", 4) = 4 [pid 9623] close(3) = 0 [pid 9623] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9623] write(1, "executing program\n", 18) = 18 [pid 9623] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9623] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9623] memfd_create("syzkaller", 0) = 3 [pid 9623] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9623] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9623] munmap(0x7ff698483000, 138412032) = 0 [pid 9623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9623] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9623] close(3) = 0 [pid 9623] close(4) = 0 [pid 9623] mkdir("./file0", 0777) = 0 [ 557.707733][ T9621] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 557.728727][ T560] EXT4-fs (loop0): unmounting filesystem. [ 557.748666][ T9623] loop0: detected capacity change from 0 to 512 [pid 9623] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9623] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9623] chdir("./file0") = 0 [pid 9623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9623] ioctl(4, LOOP_CLR_FD) = 0 [pid 9623] close(4) = 0 [pid 9623] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9623] truncate("./file2", 0) = 0 [pid 9623] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9623] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9623] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9623, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4365", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4365", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4365/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4365/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4365/binderfs") = 0 [ 557.756926][ T9623] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 557.767480][ T9623] EXT4-fs (loop0): 1 truncate cleaned up [ 557.772922][ T9623] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 557.782406][ T9623] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. umount2("./4365/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4365/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4365/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4365/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4365/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4365/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4365") = 0 mkdir("./4366", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9625 ./strace-static-x86_64: Process 9625 attached [pid 9625] set_robust_list(0x55558abad660, 24) = 0 [pid 9625] chdir("./4366") = 0 [pid 9625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9625] setpgid(0, 0) = 0 [pid 9625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9625] write(3, "1000", 4) = 4 [pid 9625] close(3) = 0 [pid 9625] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9625] write(1, "executing program\n", 18) = 18 [pid 9625] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9625] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9625] memfd_create("syzkaller", 0) = 3 [pid 9625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9625] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9625] munmap(0x7ff698483000, 138412032) = 0 [pid 9625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 557.807672][ T560] EXT4-fs (loop0): unmounting filesystem. [pid 9625] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9625] close(3) = 0 [pid 9625] close(4) = 0 [pid 9625] mkdir("./file0", 0777) = 0 [pid 9625] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9625] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9625] chdir("./file0") = 0 [pid 9625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9625] ioctl(4, LOOP_CLR_FD) = 0 [pid 9625] close(4) = 0 [pid 9625] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9625] truncate("./file2", 0) = 0 [pid 9625] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9625] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9625] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9625, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4366", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4366", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4366/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4366/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4366/binderfs") = 0 [ 557.829345][ T9625] loop0: detected capacity change from 0 to 512 [ 557.836890][ T9625] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 557.847546][ T9625] EXT4-fs (loop0): 1 truncate cleaned up [ 557.852987][ T9625] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 557.863285][ T9625] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. umount2("./4366/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4366/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4366/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4366/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4366/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4366/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4366") = 0 mkdir("./4367", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9627 ./strace-static-x86_64: Process 9627 attached [pid 9627] set_robust_list(0x55558abad660, 24) = 0 [pid 9627] chdir("./4367") = 0 [pid 9627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9627] setpgid(0, 0) = 0 [pid 9627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9627] write(3, "1000", 4) = 4 [pid 9627] close(3) = 0 [pid 9627] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9627] write(1, "executing program\n", 18) = 18 [pid 9627] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9627] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9627] memfd_create("syzkaller", 0) = 3 [pid 9627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9627] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9627] munmap(0x7ff698483000, 138412032) = 0 [pid 9627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9627] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9627] close(3) = 0 [pid 9627] close(4) = 0 [pid 9627] mkdir("./file0", 0777) = 0 [ 557.883310][ T560] EXT4-fs (loop0): unmounting filesystem. [ 557.901534][ T9627] loop0: detected capacity change from 0 to 512 [ 557.909139][ T9627] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 557.920361][ T9627] EXT4-fs (loop0): 1 truncate cleaned up [pid 9627] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9627] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9627] chdir("./file0") = 0 [pid 9627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9627] ioctl(4, LOOP_CLR_FD) = 0 [pid 9627] close(4) = 0 [pid 9627] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9627] truncate("./file2", 0) = 0 [pid 9627] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9627] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9627] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9627, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4367", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4367", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4367/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4367/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4367/binderfs") = 0 umount2("./4367/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4367/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4367/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4367/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4367/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4367/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4367") = 0 mkdir("./4368", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9629 ./strace-static-x86_64: Process 9629 attached [pid 9629] set_robust_list(0x55558abad660, 24) = 0 [pid 9629] chdir("./4368") = 0 [pid 9629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9629] setpgid(0, 0) = 0 [pid 9629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9629] write(3, "1000", 4) = 4 [pid 9629] close(3) = 0 [pid 9629] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9629] write(1, "executing program\n", 18) = 18 [pid 9629] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9629] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9629] memfd_create("syzkaller", 0) = 3 [pid 9629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9629] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9629] munmap(0x7ff698483000, 138412032) = 0 [pid 9629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 557.925811][ T9627] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 557.936715][ T9627] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 557.965647][ T560] EXT4-fs (loop0): unmounting filesystem. [pid 9629] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9629] close(3) = 0 [pid 9629] close(4) = 0 [pid 9629] mkdir("./file0", 0777) = 0 [pid 9629] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9629] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9629] chdir("./file0") = 0 [pid 9629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9629] ioctl(4, LOOP_CLR_FD) = 0 [pid 9629] close(4) = 0 [pid 9629] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9629] truncate("./file2", 0) = 0 [pid 9629] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9629] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9629] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9629, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4368", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4368", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4368/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4368/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4368/binderfs") = 0 [ 557.981401][ T9629] loop0: detected capacity change from 0 to 512 [ 557.989028][ T9629] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 557.999899][ T9629] EXT4-fs (loop0): 1 truncate cleaned up [ 558.005343][ T9629] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 558.015170][ T9629] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. umount2("./4368/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4368/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4368/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4368/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4368/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4368/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4368") = 0 mkdir("./4369", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9631 ./strace-static-x86_64: Process 9631 attached [pid 9631] set_robust_list(0x55558abad660, 24) = 0 [pid 9631] chdir("./4369") = 0 [pid 9631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9631] setpgid(0, 0) = 0 [pid 9631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9631] write(3, "1000", 4) = 4 [pid 9631] close(3) = 0 [pid 9631] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9631] write(1, "executing program\n", 18) = 18 [pid 9631] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9631] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9631] memfd_create("syzkaller", 0) = 3 [pid 9631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9631] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9631] munmap(0x7ff698483000, 138412032) = 0 [pid 9631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9631] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9631] close(3) = 0 [pid 9631] close(4) = 0 [pid 9631] mkdir("./file0", 0777) = 0 [pid 9631] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9631] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9631] chdir("./file0") = 0 [pid 9631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9631] ioctl(4, LOOP_CLR_FD) = 0 [pid 9631] close(4) = 0 [pid 9631] creat(NULL, 000) = -1 EFAULT (Bad address) [ 558.042430][ T560] EXT4-fs (loop0): unmounting filesystem. [ 558.058464][ T9631] loop0: detected capacity change from 0 to 512 [ 558.065682][ T9631] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 558.076247][ T9631] EXT4-fs (loop0): 1 truncate cleaned up [ 558.081724][ T9631] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 9631] truncate("./file2", 0) = 0 [pid 9631] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9631] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9631] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9631, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4369", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4369", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4369/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4369/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4369/binderfs") = 0 umount2("./4369/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4369/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4369/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4369/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4369/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4369/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4369") = 0 mkdir("./4370", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9633 ./strace-static-x86_64: Process 9633 attached [pid 9633] set_robust_list(0x55558abad660, 24) = 0 executing program [pid 9633] chdir("./4370") = 0 [pid 9633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9633] setpgid(0, 0) = 0 [pid 9633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9633] write(3, "1000", 4) = 4 [pid 9633] close(3) = 0 [pid 9633] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9633] write(1, "executing program\n", 18) = 18 [pid 9633] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9633] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9633] memfd_create("syzkaller", 0) = 3 [pid 9633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9633] munmap(0x7ff698483000, 138412032) = 0 [pid 9633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9633] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9633] close(3) = 0 [pid 9633] close(4) = 0 [pid 9633] mkdir("./file0", 0777) = 0 [ 558.091328][ T9631] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 558.113358][ T560] EXT4-fs (loop0): unmounting filesystem. [ 558.133963][ T9633] loop0: detected capacity change from 0 to 512 [pid 9633] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9633] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9633] chdir("./file0") = 0 [pid 9633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9633] ioctl(4, LOOP_CLR_FD) = 0 [pid 9633] close(4) = 0 [pid 9633] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9633] truncate("./file2", 0) = 0 [pid 9633] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9633] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9633] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9633, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4370", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4370", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4370/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4370/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4370/binderfs") = 0 umount2("./4370/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4370/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4370/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4370/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4370/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4370/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4370") = 0 mkdir("./4371", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9636 ./strace-static-x86_64: Process 9636 attached [pid 9636] set_robust_list(0x55558abad660, 24) = 0 [pid 9636] chdir("./4371") = 0 [pid 9636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9636] setpgid(0, 0) = 0 [pid 9636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9636] write(3, "1000", 4) = 4 [pid 9636] close(3) = 0 [pid 9636] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9636] write(1, "executing program\n", 18executing program ) = 18 [pid 9636] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9636] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9636] memfd_create("syzkaller", 0) = 3 [pid 9636] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9636] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9636] munmap(0x7ff698483000, 138412032) = 0 [pid 9636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 558.141948][ T9633] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 558.152707][ T9633] EXT4-fs (loop0): 1 truncate cleaned up [ 558.158191][ T9633] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 558.167823][ T9633] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 558.185753][ T560] EXT4-fs (loop0): unmounting filesystem. [pid 9636] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9636] close(3) = 0 [pid 9636] close(4) = 0 [pid 9636] mkdir("./file0", 0777) = 0 [pid 9636] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9636] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9636] chdir("./file0") = 0 [pid 9636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9636] ioctl(4, LOOP_CLR_FD) = 0 [pid 9636] close(4) = 0 [pid 9636] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9636] truncate("./file2", 0) = 0 [pid 9636] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9636] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9636] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9636, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4371", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4371", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4371/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4371/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4371/binderfs") = 0 [ 558.203425][ T9636] loop0: detected capacity change from 0 to 512 [ 558.210626][ T9636] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 558.221294][ T9636] EXT4-fs (loop0): 1 truncate cleaned up [ 558.226770][ T9636] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 558.236897][ T9636] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. umount2("./4371/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4371/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4371/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4371/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4371/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4371/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4371") = 0 mkdir("./4372", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9638 ./strace-static-x86_64: Process 9638 attached [pid 9638] set_robust_list(0x55558abad660, 24) = 0 [pid 9638] chdir("./4372") = 0 [pid 9638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9638] setpgid(0, 0) = 0 [pid 9638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9638] write(3, "1000", 4) = 4 [pid 9638] close(3) = 0 [pid 9638] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9638] write(1, "executing program\n", 18) = 18 [pid 9638] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9638] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9638] memfd_create("syzkaller", 0) = 3 [pid 9638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9638] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9638] munmap(0x7ff698483000, 138412032) = 0 [pid 9638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9638] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9638] close(3) = 0 [pid 9638] close(4) = 0 [pid 9638] mkdir("./file0", 0777) = 0 [ 558.257105][ T560] EXT4-fs (loop0): unmounting filesystem. [ 558.278598][ T9638] loop0: detected capacity change from 0 to 512 [ 558.285876][ T9638] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 558.296892][ T9638] EXT4-fs (loop0): 1 truncate cleaned up [pid 9638] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9638] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9638] chdir("./file0") = 0 [pid 9638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9638] ioctl(4, LOOP_CLR_FD) = 0 [pid 9638] close(4) = 0 [pid 9638] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9638] truncate("./file2", 0) = 0 [pid 9638] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9638] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9638] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9638, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4372", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4372", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4372/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4372/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4372/binderfs") = 0 umount2("./4372/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4372/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4372/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4372/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4372/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4372/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4372") = 0 mkdir("./4373", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9640 ./strace-static-x86_64: Process 9640 attached [pid 9640] set_robust_list(0x55558abad660, 24) = 0 [pid 9640] chdir("./4373") = 0 [pid 9640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9640] setpgid(0, 0) = 0 [pid 9640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9640] write(3, "1000", 4) = 4 [pid 9640] close(3) = 0 [pid 9640] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9640] write(1, "executing program\n", 18executing program ) = 18 [pid 9640] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9640] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9640] memfd_create("syzkaller", 0) = 3 [pid 9640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9640] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9640] munmap(0x7ff698483000, 138412032) = 0 [pid 9640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 558.302339][ T9638] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 558.312302][ T9638] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 558.330811][ T560] EXT4-fs (loop0): unmounting filesystem. [pid 9640] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9640] close(3) = 0 [pid 9640] close(4) = 0 [pid 9640] mkdir("./file0", 0777) = 0 [pid 9640] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9640] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9640] chdir("./file0") = 0 [pid 9640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9640] ioctl(4, LOOP_CLR_FD) = 0 [pid 9640] close(4) = 0 [pid 9640] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9640] truncate("./file2", 0) = 0 [pid 9640] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9640] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9640] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9640, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4373", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4373", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4373/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4373/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4373/binderfs") = 0 [ 558.353208][ T9640] loop0: detected capacity change from 0 to 512 [ 558.360776][ T9640] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 558.371992][ T9640] EXT4-fs (loop0): 1 truncate cleaned up [ 558.377482][ T9640] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 558.387606][ T9640] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. umount2("./4373/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4373/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4373/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4373/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4373/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4373/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4373") = 0 mkdir("./4374", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9642 ./strace-static-x86_64: Process 9642 attached [pid 9642] set_robust_list(0x55558abad660, 24) = 0 [pid 9642] chdir("./4374") = 0 [pid 9642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9642] setpgid(0, 0) = 0 [pid 9642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9642] write(3, "1000", 4) = 4 [pid 9642] close(3) = 0 [pid 9642] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9642] write(1, "executing program\n", 18) = 18 [pid 9642] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9642] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9642] memfd_create("syzkaller", 0) = 3 [pid 9642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9642] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9642] munmap(0x7ff698483000, 138412032) = 0 [pid 9642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9642] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9642] close(3) = 0 [pid 9642] close(4) = 0 [pid 9642] mkdir("./file0", 0777) = 0 [pid 9642] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9642] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9642] chdir("./file0") = 0 [pid 9642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9642] ioctl(4, LOOP_CLR_FD) = 0 [pid 9642] close(4) = 0 [pid 9642] creat(NULL, 000) = -1 EFAULT (Bad address) [ 558.415100][ T560] EXT4-fs (loop0): unmounting filesystem. [ 558.430764][ T9642] loop0: detected capacity change from 0 to 512 [ 558.438486][ T9642] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 558.449354][ T9642] EXT4-fs (loop0): 1 truncate cleaned up [ 558.454796][ T9642] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 9642] truncate("./file2", 0) = 0 [pid 9642] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9642] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9642] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9642, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4374", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4374", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4374/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4374/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4374/binderfs") = 0 umount2("./4374/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4374/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4374/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4374/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4374/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4374/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4374") = 0 mkdir("./4375", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9644 ./strace-static-x86_64: Process 9644 attached [pid 9644] set_robust_list(0x55558abad660, 24) = 0 [pid 9644] chdir("./4375") = 0 [pid 9644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9644] setpgid(0, 0) = 0 [pid 9644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9644] write(3, "1000", 4) = 4 [pid 9644] close(3) = 0 [pid 9644] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9644] write(1, "executing program\n", 18executing program ) = 18 [pid 9644] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9644] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9644] memfd_create("syzkaller", 0) = 3 [pid 9644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9644] munmap(0x7ff698483000, 138412032) = 0 [pid 9644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9644] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9644] close(3) = 0 [pid 9644] close(4) = 0 [pid 9644] mkdir("./file0", 0777) = 0 [ 558.465357][ T9642] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 558.486610][ T560] EXT4-fs (loop0): unmounting filesystem. [ 558.502482][ T9644] loop0: detected capacity change from 0 to 512 [pid 9644] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9644] chdir("./file0") = 0 [pid 9644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9644] ioctl(4, LOOP_CLR_FD) = 0 [pid 9644] close(4) = 0 [pid 9644] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9644] truncate("./file2", 0) = 0 [pid 9644] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9644] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9644] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9644, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4375", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4375", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4375/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4375/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4375/binderfs") = 0 umount2("./4375/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4375/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4375/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4375/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4375/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4375/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4375") = 0 mkdir("./4376", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9646 ./strace-static-x86_64: Process 9646 attached [pid 9646] set_robust_list(0x55558abad660, 24) = 0 [pid 9646] chdir("./4376") = 0 [pid 9646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9646] setpgid(0, 0) = 0 [pid 9646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9646] write(3, "1000", 4) = 4 [pid 9646] close(3) = 0 [pid 9646] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9646] write(1, "executing program\n", 18) = 18 [pid 9646] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9646] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9646] memfd_create("syzkaller", 0) = 3 [pid 9646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9646] munmap(0x7ff698483000, 138412032) = 0 [pid 9646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 558.509837][ T9644] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 558.520683][ T9644] EXT4-fs (loop0): 1 truncate cleaned up [ 558.526125][ T9644] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 558.536660][ T9644] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 558.554572][ T560] EXT4-fs (loop0): unmounting filesystem. [pid 9646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9646] close(3) = 0 [pid 9646] close(4) = 0 [pid 9646] mkdir("./file0", 0777) = 0 [pid 9646] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9646] chdir("./file0") = 0 [pid 9646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9646] ioctl(4, LOOP_CLR_FD) = 0 [pid 9646] close(4) = 0 [pid 9646] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9646] truncate("./file2", 0) = 0 [pid 9646] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9646] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9646] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9646, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4376", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4376", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4376/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4376/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4376/binderfs") = 0 [ 558.573366][ T9646] loop0: detected capacity change from 0 to 512 [ 558.581057][ T9646] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 558.591641][ T9646] EXT4-fs (loop0): 1 truncate cleaned up [ 558.597410][ T9646] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 558.607530][ T9646] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. umount2("./4376/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4376/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4376/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4376/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4376/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4376/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4376") = 0 mkdir("./4377", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9648 ./strace-static-x86_64: Process 9648 attached [pid 9648] set_robust_list(0x55558abad660, 24) = 0 [pid 9648] chdir("./4377") = 0 [pid 9648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9648] setpgid(0, 0) = 0 [pid 9648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9648] write(3, "1000", 4) = 4 [pid 9648] close(3) = 0 [pid 9648] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9648] write(1, "executing program\n", 18) = 18 [pid 9648] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9648] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9648] memfd_create("syzkaller", 0) = 3 [pid 9648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9648] munmap(0x7ff698483000, 138412032) = 0 [pid 9648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9648] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9648] close(3) = 0 [pid 9648] close(4) = 0 [pid 9648] mkdir("./file0", 0777) = 0 [pid 9648] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9648] chdir("./file0") = 0 [pid 9648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9648] ioctl(4, LOOP_CLR_FD) = 0 [pid 9648] close(4) = 0 [pid 9648] creat(NULL, 000) = -1 EFAULT (Bad address) [ 558.626027][ T560] EXT4-fs (loop0): unmounting filesystem. [ 558.643086][ T9648] loop0: detected capacity change from 0 to 512 [ 558.650841][ T9648] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 558.661749][ T9648] EXT4-fs (loop0): 1 truncate cleaned up [ 558.667220][ T9648] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 9648] truncate("./file2", 0) = 0 [pid 9648] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9648] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9648] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9648, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4377", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4377", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4377/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4377/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4377/binderfs") = 0 umount2("./4377/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4377/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4377/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4377/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4377/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4377/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4377") = 0 mkdir("./4378", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9650 ./strace-static-x86_64: Process 9650 attached [pid 9650] set_robust_list(0x55558abad660, 24) = 0 [pid 9650] chdir("./4378"executing program ) = 0 [pid 9650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9650] setpgid(0, 0) = 0 [pid 9650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9650] write(3, "1000", 4) = 4 [pid 9650] close(3) = 0 [pid 9650] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9650] write(1, "executing program\n", 18) = 18 [pid 9650] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9650] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9650] memfd_create("syzkaller", 0) = 3 [pid 9650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9650] munmap(0x7ff698483000, 138412032) = 0 [pid 9650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9650] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9650] close(3) = 0 [pid 9650] close(4) = 0 [pid 9650] mkdir("./file0", 0777) = 0 [ 558.677917][ T9648] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 558.699097][ T560] EXT4-fs (loop0): unmounting filesystem. [ 558.719618][ T9650] loop0: detected capacity change from 0 to 512 [pid 9650] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9650] chdir("./file0") = 0 [pid 9650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9650] ioctl(4, LOOP_CLR_FD) = 0 [pid 9650] close(4) = 0 [pid 9650] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9650] truncate("./file2", 0) = 0 [pid 9650] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9650] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9650] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9650, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4378", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4378", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4378/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4378/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4378/binderfs") = 0 umount2("./4378/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4378/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4378/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4378/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4378/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4378/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4378") = 0 mkdir("./4379", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9652 ./strace-static-x86_64: Process 9652 attached [pid 9652] set_robust_list(0x55558abad660, 24) = 0 [pid 9652] chdir("./4379") = 0 [pid 9652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9652] setpgid(0, 0) = 0 [pid 9652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9652] write(3, "1000", 4) = 4 [pid 9652] close(3) = 0 [pid 9652] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9652] write(1, "executing program\n", 18executing program ) = 18 [pid 9652] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9652] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9652] memfd_create("syzkaller", 0) = 3 [pid 9652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9652] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9652] munmap(0x7ff698483000, 138412032) = 0 [pid 9652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 558.727283][ T9650] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 558.737991][ T9650] EXT4-fs (loop0): 1 truncate cleaned up [ 558.743433][ T9650] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 558.752869][ T9650] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 558.770831][ T560] EXT4-fs (loop0): unmounting filesystem. [pid 9652] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9652] close(3) = 0 [pid 9652] close(4) = 0 [pid 9652] mkdir("./file0", 0777) = 0 [pid 9652] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9652] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9652] chdir("./file0") = 0 [pid 9652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9652] ioctl(4, LOOP_CLR_FD) = 0 [pid 9652] close(4) = 0 [pid 9652] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9652] truncate("./file2", 0) = 0 [pid 9652] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9652] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9652] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9652, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4379", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4379", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4379/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4379/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4379/binderfs") = 0 [ 558.788563][ T9652] loop0: detected capacity change from 0 to 512 [ 558.796172][ T9652] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 558.807134][ T9652] EXT4-fs (loop0): 1 truncate cleaned up [ 558.812576][ T9652] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 558.823850][ T9652] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. umount2("./4379/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4379/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4379/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4379/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4379/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4379/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4379") = 0 mkdir("./4380", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9654 ./strace-static-x86_64: Process 9654 attached [pid 9654] set_robust_list(0x55558abad660, 24) = 0 [pid 9654] chdir("./4380") = 0 [pid 9654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9654] setpgid(0, 0) = 0 [pid 9654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9654] write(3, "1000", 4) = 4 [pid 9654] close(3) = 0 [pid 9654] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9654] write(1, "executing program\n", 18executing program ) = 18 [pid 9654] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9654] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9654] memfd_create("syzkaller", 0) = 3 [pid 9654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9654] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9654] munmap(0x7ff698483000, 138412032) = 0 [pid 9654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9654] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9654] close(3) = 0 [pid 9654] close(4) = 0 [pid 9654] mkdir("./file0", 0777) = 0 [pid 9654] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9654] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9654] chdir("./file0") = 0 [pid 9654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9654] ioctl(4, LOOP_CLR_FD) = 0 [pid 9654] close(4) = 0 [pid 9654] creat(NULL, 000) = -1 EFAULT (Bad address) [ 558.851264][ T560] EXT4-fs (loop0): unmounting filesystem. [ 558.865658][ T9654] loop0: detected capacity change from 0 to 512 [ 558.873486][ T9654] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 558.884120][ T9654] EXT4-fs (loop0): 1 truncate cleaned up [ 558.889612][ T9654] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 9654] truncate("./file2", 0) = 0 [pid 9654] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9654] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9654] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9654, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4380", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4380", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4380/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4380/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4380/binderfs") = 0 umount2("./4380/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4380/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4380/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4380/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4380/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4380/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4380") = 0 mkdir("./4381", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9656 ./strace-static-x86_64: Process 9656 attached [pid 9656] set_robust_list(0x55558abad660, 24) = 0 [pid 9656] chdir("./4381") = 0 [pid 9656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9656] setpgid(0, 0) = 0 [pid 9656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9656] write(3, "1000", 4) = 4 [pid 9656] close(3) = 0 [pid 9656] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9656] write(1, "executing program\n", 18) = 18 [pid 9656] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9656] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9656] memfd_create("syzkaller", 0) = 3 [pid 9656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9656] munmap(0x7ff698483000, 138412032) = 0 [pid 9656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9656] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9656] close(3) = 0 [pid 9656] close(4) = 0 [pid 9656] mkdir("./file0", 0777) = 0 [pid 9656] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9656] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9656] chdir("./file0") = 0 [pid 9656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9656] ioctl(4, LOOP_CLR_FD) = 0 [pid 9656] close(4) = 0 [pid 9656] creat(NULL, 000) = -1 EFAULT (Bad address) [ 558.899358][ T9654] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 558.918981][ T560] EXT4-fs (loop0): unmounting filesystem. [ 558.940223][ T9656] loop0: detected capacity change from 0 to 512 [pid 9656] truncate("./file2", 0) = 0 [pid 9656] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9656] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9656] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9656, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4381", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4381", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4381/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4381/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4381/binderfs") = 0 umount2("./4381/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4381/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4381/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4381/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4381/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4381/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4381") = 0 mkdir("./4382", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9658 ./strace-static-x86_64: Process 9658 attached [pid 9658] set_robust_list(0x55558abad660, 24) = 0 [pid 9658] chdir("./4382") = 0 [pid 9658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9658] setpgid(0, 0) = 0 [pid 9658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9658] write(3, "1000", 4) = 4 [pid 9658] close(3) = 0 [pid 9658] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9658] write(1, "executing program\n", 18executing program ) = 18 [pid 9658] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9658] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9658] memfd_create("syzkaller", 0) = 3 [pid 9658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9658] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9658] munmap(0x7ff698483000, 138412032) = 0 [pid 9658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 558.948290][ T9656] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 558.959114][ T9656] EXT4-fs (loop0): 1 truncate cleaned up [ 558.964557][ T9656] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 558.974046][ T9656] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 558.993139][ T560] EXT4-fs (loop0): unmounting filesystem. [pid 9658] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9658] close(3) = 0 [pid 9658] close(4) = 0 [pid 9658] mkdir("./file0", 0777) = 0 [pid 9658] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9658] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9658] chdir("./file0") = 0 [pid 9658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9658] ioctl(4, LOOP_CLR_FD) = 0 [pid 9658] close(4) = 0 [pid 9658] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9658] truncate("./file2", 0) = 0 [pid 9658] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9658] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9658] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9658, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4382", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4382", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4382/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4382/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4382/binderfs") = 0 [ 559.015782][ T9658] loop0: detected capacity change from 0 to 512 [ 559.023013][ T9658] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 559.033543][ T9658] EXT4-fs (loop0): 1 truncate cleaned up [ 559.039372][ T9658] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 559.048983][ T9658] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. umount2("./4382/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4382/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4382/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4382/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4382/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4382/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4382") = 0 mkdir("./4383", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9660 ./strace-static-x86_64: Process 9660 attached [pid 9660] set_robust_list(0x55558abad660, 24) = 0 [pid 9660] chdir("./4383") = 0 [pid 9660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9660] setpgid(0, 0) = 0 [pid 9660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9660] write(3, "1000", 4) = 4 [pid 9660] close(3) = 0 [pid 9660] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9660] write(1, "executing program\n", 18) = 18 [pid 9660] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9660] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9660] memfd_create("syzkaller", 0) = 3 [pid 9660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9660] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9660] munmap(0x7ff698483000, 138412032) = 0 [pid 9660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9660] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9660] close(3) = 0 [pid 9660] close(4) = 0 [pid 9660] mkdir("./file0", 0777) = 0 [ 559.068485][ T560] EXT4-fs (loop0): unmounting filesystem. [ 559.090436][ T9660] loop0: detected capacity change from 0 to 512 [ 559.098260][ T9660] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 559.109270][ T9660] EXT4-fs (loop0): 1 truncate cleaned up [pid 9660] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9660] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9660] chdir("./file0") = 0 [pid 9660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9660] ioctl(4, LOOP_CLR_FD) = 0 [pid 9660] close(4) = 0 [pid 9660] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9660] truncate("./file2", 0) = 0 [pid 9660] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9660] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9660] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9660, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4383", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4383", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4383/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4383/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4383/binderfs") = 0 umount2("./4383/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4383/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4383/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4383/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4383/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4383/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4383") = 0 mkdir("./4384", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9664 ./strace-static-x86_64: Process 9664 attached [pid 9664] set_robust_list(0x55558abad660, 24) = 0 [pid 9664] chdir("./4384") = 0 [pid 9664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9664] setpgid(0, 0) = 0 [pid 9664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9664] write(3, "1000", 4) = 4 [pid 9664] close(3) = 0 [pid 9664] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9664] write(1, "executing program\n", 18executing program ) = 18 [pid 9664] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9664] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9664] memfd_create("syzkaller", 0) = 3 [pid 9664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9664] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9664] munmap(0x7ff698483000, 138412032) = 0 [pid 9664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 559.114713][ T9660] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 559.124433][ T9660] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 559.142973][ T560] EXT4-fs (loop0): unmounting filesystem. [pid 9664] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9664] close(3) = 0 [pid 9664] close(4) = 0 [pid 9664] mkdir("./file0", 0777) = 0 [pid 9664] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9664] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9664] chdir("./file0") = 0 [pid 9664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9664] ioctl(4, LOOP_CLR_FD) = 0 [pid 9664] close(4) = 0 [pid 9664] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9664] truncate("./file2", 0) = 0 [pid 9664] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9664] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9664] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9664, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4384", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4384", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4384/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4384/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4384/binderfs") = 0 [ 559.163653][ T9664] loop0: detected capacity change from 0 to 512 [ 559.171266][ T9664] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 559.182042][ T9664] EXT4-fs (loop0): 1 truncate cleaned up [ 559.187594][ T9664] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 559.198555][ T9664] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. umount2("./4384/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4384/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4384/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4384/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4384/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4384/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4384") = 0 mkdir("./4385", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9666 ./strace-static-x86_64: Process 9666 attached [pid 9666] set_robust_list(0x55558abad660, 24) = 0 [pid 9666] chdir("./4385") = 0 [pid 9666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9666] setpgid(0, 0) = 0 [pid 9666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9666] write(3, "1000", 4) = 4 [pid 9666] close(3) = 0 [pid 9666] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9666] write(1, "executing program\n", 18executing program ) = 18 [pid 9666] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9666] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9666] memfd_create("syzkaller", 0) = 3 [pid 9666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9666] munmap(0x7ff698483000, 138412032) = 0 [pid 9666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9666] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9666] close(3) = 0 [pid 9666] close(4) = 0 [pid 9666] mkdir("./file0", 0777) = 0 [pid 9666] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [ 559.218874][ T560] EXT4-fs (loop0): unmounting filesystem. [ 559.236766][ T9666] loop0: detected capacity change from 0 to 512 [ 559.244352][ T9666] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 559.255562][ T9666] EXT4-fs (loop0): 1 truncate cleaned up [pid 9666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9666] chdir("./file0") = 0 [pid 9666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9666] ioctl(4, LOOP_CLR_FD) = 0 [pid 9666] close(4) = 0 [pid 9666] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9666] truncate("./file2", 0) = 0 [pid 9666] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9666] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9666] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9666, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4385", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4385", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4385/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4385/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4385/binderfs") = 0 umount2("./4385/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4385/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4385/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4385/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4385/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4385/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4385") = 0 mkdir("./4386", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9668 ./strace-static-x86_64: Process 9668 attached [pid 9668] set_robust_list(0x55558abad660, 24) = 0 [pid 9668] chdir("./4386") = 0 [pid 9668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9668] setpgid(0, 0) = 0 [pid 9668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9668] write(3, "1000", 4) = 4 [pid 9668] close(3) = 0 [pid 9668] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9668] write(1, "executing program\n", 18) = 18 [pid 9668] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9668] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9668] memfd_create("syzkaller", 0) = 3 [pid 9668] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9668] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9668] munmap(0x7ff698483000, 138412032) = 0 [pid 9668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 559.261469][ T9666] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 559.270733][ T9666] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 559.298362][ T560] EXT4-fs (loop0): unmounting filesystem. [pid 9668] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9668] close(3) = 0 [pid 9668] close(4) = 0 [pid 9668] mkdir("./file0", 0777) = 0 [pid 9668] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9668] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9668] chdir("./file0") = 0 [pid 9668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9668] ioctl(4, LOOP_CLR_FD) = 0 [pid 9668] close(4) = 0 [pid 9668] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9668] truncate("./file2", 0) = 0 [pid 9668] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9668] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9668] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9668, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4386", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4386", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4386/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4386/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4386/binderfs") = 0 [ 559.315514][ T9668] loop0: detected capacity change from 0 to 512 [ 559.323505][ T9668] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 559.334233][ T9668] EXT4-fs (loop0): 1 truncate cleaned up [ 559.339710][ T9668] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 559.349628][ T9668] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. umount2("./4386/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4386/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4386/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4386/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4386/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4386/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4386") = 0 mkdir("./4387", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9670 ./strace-static-x86_64: Process 9670 attached [pid 9670] set_robust_list(0x55558abad660, 24) = 0 [pid 9670] chdir("./4387") = 0 [pid 9670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9670] setpgid(0, 0) = 0 [pid 9670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9670] write(3, "1000", 4) = 4 [pid 9670] close(3) = 0 [pid 9670] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9670] write(1, "executing program\n", 18) = 18 [pid 9670] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9670] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9670] memfd_create("syzkaller", 0) = 3 [pid 9670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9670] munmap(0x7ff698483000, 138412032) = 0 [pid 9670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9670] close(3) = 0 [pid 9670] close(4) = 0 [pid 9670] mkdir("./file0", 0777) = 0 [ 559.368949][ T560] EXT4-fs (loop0): unmounting filesystem. [ 559.389677][ T9670] loop0: detected capacity change from 0 to 512 [ 559.397191][ T9670] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 559.407907][ T9670] EXT4-fs (loop0): 1 truncate cleaned up [pid 9670] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9670] chdir("./file0") = 0 [pid 9670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9670] ioctl(4, LOOP_CLR_FD) = 0 [pid 9670] close(4) = 0 [pid 9670] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9670] truncate("./file2", 0) = 0 [pid 9670] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9670] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9670] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9670, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4387", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4387", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4387/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4387/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4387/binderfs") = 0 umount2("./4387/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4387/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4387/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4387/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4387/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4387/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4387") = 0 mkdir("./4388", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9672 ./strace-static-x86_64: Process 9672 attached [pid 9672] set_robust_list(0x55558abad660, 24) = 0 [pid 9672] chdir("./4388") = 0 [pid 9672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9672] setpgid(0, 0) = 0 [pid 9672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9672] write(3, "1000", 4) = 4 [pid 9672] close(3) = 0 [pid 9672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9672] write(1, "executing program\n", 18executing program ) = 18 [pid 9672] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9672] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9672] memfd_create("syzkaller", 0) = 3 [pid 9672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9672] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9672] munmap(0x7ff698483000, 138412032) = 0 [pid 9672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9672] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9672] close(3) = 0 [pid 9672] close(4) = 0 [ 559.413378][ T9670] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 559.422702][ T9670] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 559.441483][ T560] EXT4-fs (loop0): unmounting filesystem. [ 559.461893][ T9672] loop0: detected capacity change from 0 to 512 [pid 9672] mkdir("./file0", 0777) = 0 [pid 9672] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9672] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9672] chdir("./file0") = 0 [pid 9672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9672] ioctl(4, LOOP_CLR_FD) = 0 [pid 9672] close(4) = 0 [pid 9672] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9672] truncate("./file2", 0) = 0 [pid 9672] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9672] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9672] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9672, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4388", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4388", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4388/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4388/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4388/binderfs") = 0 [ 559.469622][ T9672] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 559.480352][ T9672] EXT4-fs (loop0): 1 truncate cleaned up [ 559.485803][ T9672] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 559.495207][ T9672] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. umount2("./4388/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4388/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4388/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4388/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4388/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4388/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4388") = 0 mkdir("./4389", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9674 ./strace-static-x86_64: Process 9674 attached [pid 9674] set_robust_list(0x55558abad660, 24) = 0 [pid 9674] chdir("./4389") = 0 [pid 9674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9674] setpgid(0, 0) = 0 [pid 9674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9674] write(3, "1000", 4) = 4 [pid 9674] close(3) = 0 [pid 9674] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9674] write(1, "executing program\n", 18executing program ) = 18 [pid 9674] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9674] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9674] memfd_create("syzkaller", 0) = 3 [pid 9674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9674] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9674] munmap(0x7ff698483000, 138412032) = 0 [pid 9674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9674] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9674] close(3) = 0 [pid 9674] close(4) = 0 [pid 9674] mkdir("./file0", 0777) = 0 [ 559.523259][ T560] EXT4-fs (loop0): unmounting filesystem. [ 559.543505][ T9674] loop0: detected capacity change from 0 to 512 [ 559.550988][ T9674] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 559.561896][ T9674] EXT4-fs (loop0): 1 truncate cleaned up [pid 9674] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9674] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9674] chdir("./file0") = 0 [pid 9674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9674] ioctl(4, LOOP_CLR_FD) = 0 [pid 9674] close(4) = 0 [pid 9674] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9674] truncate("./file2", 0) = 0 [pid 9674] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9674] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9674] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9674, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4389", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4389/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4389/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4389/binderfs") = 0 umount2("./4389/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4389/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4389/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4389/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4389/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4389/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4389") = 0 mkdir("./4390", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9676 ./strace-static-x86_64: Process 9676 attached [pid 9676] set_robust_list(0x55558abad660, 24) = 0 [pid 9676] chdir("./4390"executing program ) = 0 [pid 9676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9676] setpgid(0, 0) = 0 [pid 9676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9676] write(3, "1000", 4) = 4 [pid 9676] close(3) = 0 [pid 9676] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9676] write(1, "executing program\n", 18) = 18 [pid 9676] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9676] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9676] memfd_create("syzkaller", 0) = 3 [pid 9676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9676] munmap(0x7ff698483000, 138412032) = 0 [pid 9676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 559.567369][ T9674] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 559.577359][ T9674] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 559.605161][ T560] EXT4-fs (loop0): unmounting filesystem. [pid 9676] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9676] close(3) = 0 [pid 9676] close(4) = 0 [pid 9676] mkdir("./file0", 0777) = 0 [pid 9676] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9676] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9676] chdir("./file0") = 0 [pid 9676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9676] ioctl(4, LOOP_CLR_FD) = 0 [pid 9676] close(4) = 0 [pid 9676] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9676] truncate("./file2", 0) = 0 [pid 9676] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9676] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9676] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9676, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4390", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4390/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4390/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4390/binderfs") = 0 [ 559.623023][ T9676] loop0: detected capacity change from 0 to 512 [ 559.630399][ T9676] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 559.641242][ T9676] EXT4-fs (loop0): 1 truncate cleaned up [ 559.646757][ T9676] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 559.656701][ T9676] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. umount2("./4390/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4390/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4390/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4390/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4390/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4390/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4390") = 0 mkdir("./4391", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9678 ./strace-static-x86_64: Process 9678 attached [pid 9678] set_robust_list(0x55558abad660, 24) = 0 [pid 9678] chdir("./4391") = 0 [pid 9678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9678] setpgid(0, 0) = 0 [pid 9678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9678] write(3, "1000", 4) = 4 [pid 9678] close(3) = 0 [pid 9678] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9678] write(1, "executing program\n", 18) = 18 [pid 9678] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9678] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9678] memfd_create("syzkaller", 0) = 3 [pid 9678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9678] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9678] munmap(0x7ff698483000, 138412032) = 0 [pid 9678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9678] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9678] close(3) = 0 [pid 9678] close(4) = 0 [pid 9678] mkdir("./file0", 0777) = 0 [ 559.675724][ T560] EXT4-fs (loop0): unmounting filesystem. [ 559.695018][ T9678] loop0: detected capacity change from 0 to 512 [ 559.702995][ T9678] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 559.713603][ T9678] EXT4-fs (loop0): 1 truncate cleaned up [pid 9678] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9678] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9678] chdir("./file0") = 0 [pid 9678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9678] ioctl(4, LOOP_CLR_FD) = 0 [pid 9678] close(4) = 0 [pid 9678] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9678] truncate("./file2", 0) = 0 [pid 9678] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9678] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9678] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9678, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4391", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4391/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4391/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4391/binderfs") = 0 umount2("./4391/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4391/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4391/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4391/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4391/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4391/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4391") = 0 mkdir("./4392", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9680 ./strace-static-x86_64: Process 9680 attached [pid 9680] set_robust_list(0x55558abad660, 24) = 0 [pid 9680] chdir("./4392") = 0 [pid 9680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9680] setpgid(0, 0) = 0 [pid 9680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9680] write(3, "1000", 4) = 4 [pid 9680] close(3) = 0 [pid 9680] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9680] write(1, "executing program\n", 18) = 18 [pid 9680] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9680] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9680] memfd_create("syzkaller", 0) = 3 [pid 9680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9680] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9680] munmap(0x7ff698483000, 138412032) = 0 [pid 9680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9680] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9680] close(3) = 0 [pid 9680] close(4) = 0 [pid 9680] mkdir("./file0", 0777) = 0 [ 559.719066][ T9678] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 559.728774][ T9678] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 559.758831][ T9680] loop0: detected capacity change from 0 to 512 [ 559.766097][ T9680] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [pid 9680] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9680] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9680] chdir("./file0") = 0 [pid 9680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9680] ioctl(4, LOOP_CLR_FD) = 0 [pid 9680] close(4) = 0 [pid 9680] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9680] truncate("./file2", 0) = 0 [pid 9680] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9680] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9680] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9680, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4392", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4392/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4392/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4392/binderfs") = 0 umount2("./4392/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4392/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4392/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4392/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4392/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4392/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4392") = 0 mkdir("./4393", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9682 ./strace-static-x86_64: Process 9682 attached [pid 9682] set_robust_list(0x55558abad660, 24) = 0 [pid 9682] chdir("./4393") = 0 [pid 9682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9682] setpgid(0, 0) = 0 [pid 9682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9682] write(3, "1000", 4) = 4 [pid 9682] close(3) = 0 [pid 9682] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9682] write(1, "executing program\n", 18) = 18 [pid 9682] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9682] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9682] memfd_create("syzkaller", 0) = 3 [pid 9682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9682] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9682] munmap(0x7ff698483000, 138412032) = 0 [pid 9682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 559.776873][ T9680] EXT4-fs (loop0): 1 truncate cleaned up [ 559.783372][ T9680] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9682] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9682] close(3) = 0 [pid 9682] close(4) = 0 [pid 9682] mkdir("./file0", 0777) = 0 [pid 9682] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9682] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9682] chdir("./file0") = 0 [pid 9682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9682] ioctl(4, LOOP_CLR_FD) = 0 [pid 9682] close(4) = 0 [pid 9682] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9682] truncate("./file2", 0) = 0 [pid 9682] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9682] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9682] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9682, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4393", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4393/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4393/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4393/binderfs") = 0 umount2("./4393/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4393/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4393/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4393/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4393/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4393/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4393") = 0 mkdir("./4394", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9684 ./strace-static-x86_64: Process 9684 attached [pid 9684] set_robust_list(0x55558abad660, 24) = 0 [pid 9684] chdir("./4394") = 0 [pid 9684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9684] setpgid(0, 0) = 0 [pid 9684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9684] write(3, "1000", 4) = 4 [pid 9684] close(3) = 0 [pid 9684] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9684] write(1, "executing program\n", 18) = 18 [pid 9684] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9684] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9684] memfd_create("syzkaller", 0) = 3 [pid 9684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [ 559.818905][ T9682] loop0: detected capacity change from 0 to 512 [ 559.826115][ T9682] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 559.836925][ T9682] EXT4-fs (loop0): 1 truncate cleaned up [ 559.843952][ T9682] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9684] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9684] munmap(0x7ff698483000, 138412032) = 0 [pid 9684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9684] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9684] close(3) = 0 [pid 9684] close(4) = 0 [pid 9684] mkdir("./file0", 0777) = 0 [pid 9684] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9684] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9684] chdir("./file0") = 0 [pid 9684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9684] ioctl(4, LOOP_CLR_FD) = 0 [pid 9684] close(4) = 0 [pid 9684] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9684] truncate("./file2", 0) = 0 [pid 9684] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9684] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9684] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9684, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4394", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4394/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4394/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4394/binderfs") = 0 umount2("./4394/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4394/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4394/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4394/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4394/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4394/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4394") = 0 mkdir("./4395", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9686 ./strace-static-x86_64: Process 9686 attached [pid 9686] set_robust_list(0x55558abad660, 24) = 0 [pid 9686] chdir("./4395") = 0 [pid 9686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9686] setpgid(0, 0) = 0 [pid 9686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9686] write(3, "1000", 4) = 4 [pid 9686] close(3) = 0 [pid 9686] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9686] write(1, "executing program\n", 18) = 18 [pid 9686] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9686] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9686] memfd_create("syzkaller", 0) = 3 [pid 9686] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9686] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9686] munmap(0x7ff698483000, 138412032) = 0 [pid 9686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 559.873750][ T9684] loop0: detected capacity change from 0 to 512 [ 559.881152][ T9684] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 559.891930][ T9684] EXT4-fs (loop0): 1 truncate cleaned up [ 559.898420][ T9684] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9686] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9686] close(3) = 0 [pid 9686] close(4) = 0 [pid 9686] mkdir("./file0", 0777) = 0 [pid 9686] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9686] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9686] chdir("./file0") = 0 [pid 9686] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9686] ioctl(4, LOOP_CLR_FD) = 0 [pid 9686] close(4) = 0 [pid 9686] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9686] truncate("./file2", 0) = 0 [pid 9686] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9686] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9686] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9686, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4395", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4395/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4395/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4395/binderfs") = 0 umount2("./4395/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4395/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4395/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4395/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4395/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4395/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4395") = 0 mkdir("./4396", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9688 ./strace-static-x86_64: Process 9688 attached [pid 9688] set_robust_list(0x55558abad660, 24) = 0 [pid 9688] chdir("./4396") = 0 [pid 9688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9688] setpgid(0, 0) = 0 [pid 9688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9688] write(3, "1000", 4) = 4 [pid 9688] close(3) = 0 [pid 9688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9688] write(1, "executing program\n", 18executing program ) = 18 [pid 9688] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9688] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9688] memfd_create("syzkaller", 0) = 3 [pid 9688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9688] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9688] munmap(0x7ff698483000, 138412032) = 0 [pid 9688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 559.926918][ T9686] loop0: detected capacity change from 0 to 512 [ 559.934267][ T9686] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 559.944935][ T9686] EXT4-fs (loop0): 1 truncate cleaned up [ 559.951659][ T9686] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9688] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9688] close(3) = 0 [pid 9688] close(4) = 0 [pid 9688] mkdir("./file0", 0777) = 0 [pid 9688] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9688] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9688] chdir("./file0") = 0 [pid 9688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9688] ioctl(4, LOOP_CLR_FD) = 0 [pid 9688] close(4) = 0 [pid 9688] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9688] truncate("./file2", 0) = 0 [pid 9688] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9688] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9688] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9688, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4396", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4396/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4396/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4396/binderfs") = 0 umount2("./4396/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4396/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4396/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4396/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4396/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4396/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4396") = 0 mkdir("./4397", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9690 ./strace-static-x86_64: Process 9690 attached [pid 9690] set_robust_list(0x55558abad660, 24) = 0 [pid 9690] chdir("./4397") = 0 [pid 9690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9690] setpgid(0, 0) = 0 [pid 9690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9690] write(3, "1000", 4) = 4 [pid 9690] close(3) = 0 [pid 9690] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9690] write(1, "executing program\n", 18executing program ) = 18 [pid 9690] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9690] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9690] memfd_create("syzkaller", 0) = 3 [pid 9690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9690] munmap(0x7ff698483000, 138412032) = 0 [pid 9690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 559.981058][ T9688] loop0: detected capacity change from 0 to 512 [ 559.989397][ T9688] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 560.000299][ T9688] EXT4-fs (loop0): 1 truncate cleaned up [ 560.007451][ T9688] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9690] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9690] close(3) = 0 [pid 9690] close(4) = 0 [pid 9690] mkdir("./file0", 0777) = 0 [pid 9690] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9690] chdir("./file0") = 0 [pid 9690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9690] ioctl(4, LOOP_CLR_FD) = 0 [pid 9690] close(4) = 0 [pid 9690] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9690] truncate("./file2", 0) = 0 [pid 9690] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9690] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9690] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9690, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- umount2("./4397", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4397/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4397/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4397/binderfs") = 0 umount2("./4397/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4397/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4397/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4397/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4397/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4397/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4397") = 0 mkdir("./4398", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9692 ./strace-static-x86_64: Process 9692 attached [pid 9692] set_robust_list(0x55558abad660, 24) = 0 [pid 9692] chdir("./4398") = 0 [pid 9692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9692] setpgid(0, 0) = 0 [pid 9692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9692] write(3, "1000", 4) = 4 [pid 9692] close(3) = 0 [pid 9692] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9692] write(1, "executing program\n", 18) = 18 [pid 9692] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9692] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9692] memfd_create("syzkaller", 0) = 3 [pid 9692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9692] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9692] munmap(0x7ff698483000, 138412032) = 0 [pid 9692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 560.043259][ T9690] loop0: detected capacity change from 0 to 512 [ 560.050652][ T9690] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 560.061226][ T9690] EXT4-fs (loop0): 1 truncate cleaned up [ 560.068821][ T9690] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9692] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9692] close(3) = 0 [pid 9692] close(4) = 0 [pid 9692] mkdir("./file0", 0777) = 0 [pid 9692] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9692] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9692] chdir("./file0") = 0 [pid 9692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9692] ioctl(4, LOOP_CLR_FD) = 0 [pid 9692] close(4) = 0 [pid 9692] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9692] truncate("./file2", 0) = 0 [pid 9692] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9692] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9692] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9692, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4398", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4398", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4398/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4398/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4398/binderfs") = 0 umount2("./4398/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4398/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4398/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4398/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4398/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4398/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4398") = 0 mkdir("./4399", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9694 ./strace-static-x86_64: Process 9694 attached [pid 9694] set_robust_list(0x55558abad660, 24) = 0 [pid 9694] chdir("./4399") = 0 [pid 9694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9694] setpgid(0, 0) = 0 [pid 9694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9694] write(3, "1000", 4) = 4 [pid 9694] close(3) = 0 [pid 9694] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9694] write(1, "executing program\n", 18) = 18 [pid 9694] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9694] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9694] memfd_create("syzkaller", 0) = 3 [pid 9694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9694] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9694] munmap(0x7ff698483000, 138412032) = 0 [ 560.100025][ T9692] loop0: detected capacity change from 0 to 512 [ 560.108075][ T9692] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 560.118704][ T9692] EXT4-fs (loop0): 1 truncate cleaned up [ 560.125732][ T9692] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9694] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9694] close(3) = 0 [pid 9694] close(4) = 0 [pid 9694] mkdir("./file0", 0777) = 0 [pid 9694] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9694] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9694] chdir("./file0") = 0 [pid 9694] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9694] ioctl(4, LOOP_CLR_FD) = 0 [pid 9694] close(4) = 0 [pid 9694] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9694] truncate("./file2", 0) = 0 [pid 9694] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9694] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9694] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9694, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4399", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4399", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4399/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4399/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4399/binderfs") = 0 umount2("./4399/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4399/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4399/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4399/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4399/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4399/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4399") = 0 mkdir("./4400", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9697 ./strace-static-x86_64: Process 9697 attached [pid 9697] set_robust_list(0x55558abad660, 24) = 0 [pid 9697] chdir("./4400") = 0 [pid 9697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9697] setpgid(0, 0) = 0 [pid 9697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9697] write(3, "1000", 4) = 4 [pid 9697] close(3) = 0 [pid 9697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9697] write(1, "executing program\n", 18executing program ) = 18 [pid 9697] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9697] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9697] memfd_create("syzkaller", 0) = 3 [pid 9697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [ 560.162445][ T9694] loop0: detected capacity change from 0 to 512 [ 560.170266][ T9694] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 560.180979][ T9694] EXT4-fs (loop0): 1 truncate cleaned up [ 560.188482][ T9694] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9697] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9697] munmap(0x7ff698483000, 138412032) = 0 [pid 9697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9697] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9697] close(3) = 0 [pid 9697] close(4) = 0 [pid 9697] mkdir("./file0", 0777) = 0 [pid 9697] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9697] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9697] chdir("./file0") = 0 [pid 9697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9697] ioctl(4, LOOP_CLR_FD) = 0 [pid 9697] close(4) = 0 [pid 9697] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9697] truncate("./file2", 0) = 0 [pid 9697] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9697] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9697] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9697, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4400", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4400", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4400/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4400/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4400/binderfs") = 0 umount2("./4400/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4400/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4400/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4400/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4400/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4400/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4400") = 0 mkdir("./4401", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9699 ./strace-static-x86_64: Process 9699 attached [pid 9699] set_robust_list(0x55558abad660, 24) = 0 [pid 9699] chdir("./4401") = 0 [pid 9699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9699] setpgid(0, 0) = 0 [pid 9699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9699] write(3, "1000", 4) = 4 [pid 9699] close(3) = 0 [pid 9699] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9699] write(1, "executing program\n", 18) = 18 [pid 9699] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9699] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9699] memfd_create("syzkaller", 0) = 3 [pid 9699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9699] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9699] munmap(0x7ff698483000, 138412032) = 0 [pid 9699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 560.228108][ T9697] loop0: detected capacity change from 0 to 512 [ 560.235552][ T9697] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 560.246259][ T9697] EXT4-fs (loop0): 1 truncate cleaned up [ 560.252982][ T9697] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9699] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9699] close(3) = 0 [pid 9699] close(4) = 0 [pid 9699] mkdir("./file0", 0777) = 0 [pid 9699] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9699] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9699] chdir("./file0") = 0 [pid 9699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9699] ioctl(4, LOOP_CLR_FD) = 0 [pid 9699] close(4) = 0 [pid 9699] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9699] truncate("./file2", 0) = 0 [pid 9699] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9699] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9699] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9699, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4401", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4401", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4401/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4401/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4401/binderfs") = 0 umount2("./4401/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4401/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4401/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4401/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4401/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4401/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4401") = 0 mkdir("./4402", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9701 ./strace-static-x86_64: Process 9701 attached [pid 9701] set_robust_list(0x55558abad660, 24) = 0 [pid 9701] chdir("./4402") = 0 [pid 9701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9701] setpgid(0, 0) = 0 [pid 9701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9701] write(3, "1000", 4) = 4 [pid 9701] close(3) = 0 [pid 9701] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9701] write(1, "executing program\n", 18executing program ) = 18 [pid 9701] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9701] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9701] memfd_create("syzkaller", 0) = 3 [pid 9701] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9701] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9701] munmap(0x7ff698483000, 138412032) = 0 [ 560.280120][ T9699] loop0: detected capacity change from 0 to 512 [ 560.288041][ T9699] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 560.298935][ T9699] EXT4-fs (loop0): 1 truncate cleaned up [ 560.306178][ T9699] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9701] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9701] close(3) = 0 [pid 9701] close(4) = 0 [pid 9701] mkdir("./file0", 0777) = 0 [pid 9701] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9701] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9701] chdir("./file0") = 0 [pid 9701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9701] ioctl(4, LOOP_CLR_FD) = 0 [pid 9701] close(4) = 0 [pid 9701] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9701] truncate("./file2", 0) = 0 [pid 9701] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9701] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9701] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9701, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4402", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4402", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4402/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4402/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4402/binderfs") = 0 umount2("./4402/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4402/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4402/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4402/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4402/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4402/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4402") = 0 mkdir("./4403", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9703 ./strace-static-x86_64: Process 9703 attached [pid 9703] set_robust_list(0x55558abad660, 24) = 0 [pid 9703] chdir("./4403") = 0 [pid 9703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9703] setpgid(0, 0) = 0 [pid 9703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9703] write(3, "1000", 4) = 4 [pid 9703] close(3) = 0 [pid 9703] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9703] write(1, "executing program\n", 18executing program ) = 18 [pid 9703] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9703] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9703] memfd_create("syzkaller", 0) = 3 [pid 9703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9703] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9703] munmap(0x7ff698483000, 138412032) = 0 [pid 9703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 560.346687][ T9701] loop0: detected capacity change from 0 to 512 [ 560.354332][ T9701] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 560.364977][ T9701] EXT4-fs (loop0): 1 truncate cleaned up [ 560.371963][ T9701] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9703] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9703] close(3) = 0 [pid 9703] close(4) = 0 [pid 9703] mkdir("./file0", 0777) = 0 [pid 9703] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9703] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9703] chdir("./file0") = 0 [pid 9703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9703] ioctl(4, LOOP_CLR_FD) = 0 [pid 9703] close(4) = 0 [pid 9703] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9703] truncate("./file2", 0) = 0 [pid 9703] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9703] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9703] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9703, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4403", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4403", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4403/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4403/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4403/binderfs") = 0 umount2("./4403/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4403/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4403/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4403/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4403/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4403/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4403") = 0 mkdir("./4404", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9705 ./strace-static-x86_64: Process 9705 attached [pid 9705] set_robust_list(0x55558abad660, 24) = 0 [pid 9705] chdir("./4404") = 0 [pid 9705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9705] setpgid(0, 0) = 0 [pid 9705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9705] write(3, "1000", 4) = 4 [pid 9705] close(3) = 0 [pid 9705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9705] write(1, "executing program\n", 18) = 18 [pid 9705] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9705] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9705] memfd_create("syzkaller", 0) = 3 [pid 9705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9705] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9705] munmap(0x7ff698483000, 138412032) = 0 [pid 9705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 560.412099][ T9703] loop0: detected capacity change from 0 to 512 [ 560.419350][ T9703] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 560.429959][ T9703] EXT4-fs (loop0): 1 truncate cleaned up [ 560.437755][ T9703] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9705] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9705] close(3) = 0 [pid 9705] close(4) = 0 [pid 9705] mkdir("./file0", 0777) = 0 [pid 9705] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9705] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9705] chdir("./file0") = 0 [pid 9705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9705] ioctl(4, LOOP_CLR_FD) = 0 [pid 9705] close(4) = 0 [pid 9705] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9705] truncate("./file2", 0) = 0 [pid 9705] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9705] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9705] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9705, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4404", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4404", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4404/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4404/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4404/binderfs") = 0 umount2("./4404/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4404/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4404/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4404/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4404/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4404/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4404") = 0 mkdir("./4405", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9707 ./strace-static-x86_64: Process 9707 attached [pid 9707] set_robust_list(0x55558abad660, 24) = 0 [pid 9707] chdir("./4405") = 0 [pid 9707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9707] setpgid(0, 0) = 0 [pid 9707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9707] write(3, "1000", 4) = 4 [pid 9707] close(3) = 0 [pid 9707] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9707] write(1, "executing program\n", 18) = 18 [pid 9707] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9707] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9707] memfd_create("syzkaller", 0) = 3 [pid 9707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9707] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9707] munmap(0x7ff698483000, 138412032) = 0 [ 560.473123][ T9705] loop0: detected capacity change from 0 to 512 [ 560.480590][ T9705] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 560.491143][ T9705] EXT4-fs (loop0): 1 truncate cleaned up [ 560.498388][ T9705] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9707] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9707] close(3) = 0 [pid 9707] close(4) = 0 [pid 9707] mkdir("./file0", 0777) = 0 [pid 9707] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9707] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9707] chdir("./file0") = 0 [pid 9707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9707] ioctl(4, LOOP_CLR_FD) = 0 [pid 9707] close(4) = 0 [pid 9707] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9707] truncate("./file2", 0) = 0 [pid 9707] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9707] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9707] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9707, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4405", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4405", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4405/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4405/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4405/binderfs") = 0 umount2("./4405/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4405/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4405/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4405/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4405/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4405/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4405") = 0 mkdir("./4406", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9709 ./strace-static-x86_64: Process 9709 attached [pid 9709] set_robust_list(0x55558abad660, 24) = 0 [pid 9709] chdir("./4406") = 0 [pid 9709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9709] setpgid(0, 0) = 0 [pid 9709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9709] write(3, "1000", 4) = 4 [pid 9709] close(3) = 0 [pid 9709] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9709] write(1, "executing program\n", 18) = 18 [pid 9709] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9709] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9709] memfd_create("syzkaller", 0) = 3 [pid 9709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9709] munmap(0x7ff698483000, 138412032) = 0 [pid 9709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 560.536819][ T9707] loop0: detected capacity change from 0 to 512 [ 560.544166][ T9707] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 560.554809][ T9707] EXT4-fs (loop0): 1 truncate cleaned up [ 560.561650][ T9707] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9709] close(3) = 0 [pid 9709] close(4) = 0 [pid 9709] mkdir("./file0", 0777) = 0 [pid 9709] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9709] chdir("./file0") = 0 [pid 9709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9709] ioctl(4, LOOP_CLR_FD) = 0 [pid 9709] close(4) = 0 [pid 9709] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9709] truncate("./file2", 0) = 0 [pid 9709] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9709] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9709] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9709, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4406", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4406", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4406/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4406/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4406/binderfs") = 0 umount2("./4406/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4406/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4406/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4406/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4406/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4406/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4406") = 0 mkdir("./4407", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9711 ./strace-static-x86_64: Process 9711 attached [pid 9711] set_robust_list(0x55558abad660, 24) = 0 [pid 9711] chdir("./4407") = 0 [pid 9711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9711] setpgid(0, 0) = 0 [pid 9711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9711] write(3, "1000", 4) = 4 [pid 9711] close(3) = 0 [pid 9711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9711] write(1, "executing program\n", 18executing program ) = 18 [pid 9711] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9711] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9711] memfd_create("syzkaller", 0) = 3 [pid 9711] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9711] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9711] munmap(0x7ff698483000, 138412032) = 0 [pid 9711] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 560.591998][ T9709] loop0: detected capacity change from 0 to 512 [ 560.600210][ T9709] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 560.610940][ T9709] EXT4-fs (loop0): 1 truncate cleaned up [ 560.620903][ T9709] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9711] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9711] close(3) = 0 [pid 9711] close(4) = 0 [pid 9711] mkdir("./file0", 0777) = 0 [pid 9711] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9711] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9711] chdir("./file0") = 0 [pid 9711] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9711] ioctl(4, LOOP_CLR_FD) = 0 [pid 9711] close(4) = 0 [pid 9711] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9711] truncate("./file2", 0) = 0 [pid 9711] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9711] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9711] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9711, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4407", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4407", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4407/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4407/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4407/binderfs") = 0 umount2("./4407/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4407/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4407/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4407/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4407/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4407/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4407") = 0 mkdir("./4408", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9713 ./strace-static-x86_64: Process 9713 attached [pid 9713] set_robust_list(0x55558abad660, 24) = 0 [pid 9713] chdir("./4408") = 0 [pid 9713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9713] setpgid(0, 0) = 0 [pid 9713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9713] write(3, "1000", 4) = 4 [pid 9713] close(3) = 0 [pid 9713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9713] write(1, "executing program\n", 18executing program ) = 18 [pid 9713] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9713] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9713] memfd_create("syzkaller", 0) = 3 [pid 9713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9713] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9713] munmap(0x7ff698483000, 138412032) = 0 [pid 9713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 560.650812][ T9711] loop0: detected capacity change from 0 to 512 [ 560.658226][ T9711] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 560.668942][ T9711] EXT4-fs (loop0): 1 truncate cleaned up [ 560.676957][ T9711] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9713] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9713] close(3) = 0 [pid 9713] close(4) = 0 [pid 9713] mkdir("./file0", 0777) = 0 [pid 9713] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9713] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9713] chdir("./file0") = 0 [pid 9713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9713] ioctl(4, LOOP_CLR_FD) = 0 [pid 9713] close(4) = 0 [pid 9713] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9713] truncate("./file2", 0) = 0 [pid 9713] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9713] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9713] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9713, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4408", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4408", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4408/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4408/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4408/binderfs") = 0 umount2("./4408/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4408/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4408/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4408/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4408/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4408/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4408") = 0 mkdir("./4409", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9715 ./strace-static-x86_64: Process 9715 attached [pid 9715] set_robust_list(0x55558abad660, 24) = 0 [pid 9715] chdir("./4409") = 0 [pid 9715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9715] setpgid(0, 0) = 0 [pid 9715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9715] write(3, "1000", 4) = 4 [pid 9715] close(3) = 0 [pid 9715] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9715] write(1, "executing program\n", 18) = 18 [pid 9715] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9715] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9715] memfd_create("syzkaller", 0) = 3 [pid 9715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9715] munmap(0x7ff698483000, 138412032) = 0 [pid 9715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 560.715438][ T9713] loop0: detected capacity change from 0 to 512 [ 560.723024][ T9713] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 560.733544][ T9713] EXT4-fs (loop0): 1 truncate cleaned up [ 560.741301][ T9713] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9715] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9715] close(3) = 0 [pid 9715] close(4) = 0 [pid 9715] mkdir("./file0", 0777) = 0 [pid 9715] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9715] chdir("./file0") = 0 [pid 9715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9715] ioctl(4, LOOP_CLR_FD) = 0 [pid 9715] close(4) = 0 [pid 9715] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9715] truncate("./file2", 0) = 0 [pid 9715] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9715] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9715] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9715, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4409", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4409", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4409/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4409/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4409/binderfs") = 0 umount2("./4409/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4409/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4409/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4409/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4409/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4409/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4409") = 0 mkdir("./4410", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9717 ./strace-static-x86_64: Process 9717 attached [pid 9717] set_robust_list(0x55558abad660, 24) = 0 [pid 9717] chdir("./4410") = 0 [pid 9717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9717] setpgid(0, 0) = 0 [pid 9717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9717] write(3, "1000", 4) = 4 [pid 9717] close(3) = 0 [pid 9717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9717] write(1, "executing program\n", 18executing program ) = 18 [pid 9717] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9717] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9717] memfd_create("syzkaller", 0) = 3 [pid 9717] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9717] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9717] munmap(0x7ff698483000, 138412032) = 0 [pid 9717] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 560.780172][ T9715] loop0: detected capacity change from 0 to 512 [ 560.787722][ T9715] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 560.798223][ T9715] EXT4-fs (loop0): 1 truncate cleaned up [ 560.805543][ T9715] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9717] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9717] close(3) = 0 [pid 9717] close(4) = 0 [pid 9717] mkdir("./file0", 0777) = 0 [pid 9717] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9717] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9717] chdir("./file0") = 0 [pid 9717] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9717] ioctl(4, LOOP_CLR_FD) = 0 [pid 9717] close(4) = 0 [pid 9717] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9717] truncate("./file2", 0) = 0 [pid 9717] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9717] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9717] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9717, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4410", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4410", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4410/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4410/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4410/binderfs") = 0 umount2("./4410/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4410/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4410/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4410/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4410/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4410/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4410") = 0 mkdir("./4411", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9719 ./strace-static-x86_64: Process 9719 attached [pid 9719] set_robust_list(0x55558abad660, 24) = 0 [pid 9719] chdir("./4411") = 0 [pid 9719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9719] setpgid(0, 0) = 0 [pid 9719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9719] write(3, "1000", 4) = 4 [pid 9719] close(3) = 0 [pid 9719] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9719] write(1, "executing program\n", 18) = 18 [pid 9719] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9719] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9719] memfd_create("syzkaller", 0) = 3 [pid 9719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9719] munmap(0x7ff698483000, 138412032) = 0 [pid 9719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 560.847480][ T9717] loop0: detected capacity change from 0 to 512 [ 560.854661][ T9717] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 560.865427][ T9717] EXT4-fs (loop0): 1 truncate cleaned up [ 560.872097][ T9717] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9719] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9719] close(3) = 0 [pid 9719] close(4) = 0 [pid 9719] mkdir("./file0", 0777) = 0 [pid 9719] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9719] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9719] chdir("./file0") = 0 [pid 9719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9719] ioctl(4, LOOP_CLR_FD) = 0 [pid 9719] close(4) = 0 [pid 9719] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9719] truncate("./file2", 0) = 0 [pid 9719] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9719] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9719] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9719, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4411", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4411", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4411/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4411/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4411/binderfs") = 0 umount2("./4411/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4411/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4411/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4411/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4411/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4411/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4411") = 0 mkdir("./4412", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9721 ./strace-static-x86_64: Process 9721 attached [pid 9721] set_robust_list(0x55558abad660, 24) = 0 [pid 9721] chdir("./4412") = 0 [pid 9721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9721] setpgid(0, 0) = 0 [pid 9721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9721] write(3, "1000", 4) = 4 [pid 9721] close(3) = 0 [pid 9721] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9721] write(1, "executing program\n", 18) = 18 [pid 9721] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9721] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9721] memfd_create("syzkaller", 0) = 3 [pid 9721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9721] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9721] munmap(0x7ff698483000, 138412032) = 0 [pid 9721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 560.899777][ T9719] loop0: detected capacity change from 0 to 512 [ 560.907099][ T9719] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 560.917723][ T9719] EXT4-fs (loop0): 1 truncate cleaned up [ 560.924678][ T9719] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9721] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9721] close(3) = 0 [pid 9721] close(4) = 0 [pid 9721] mkdir("./file0", 0777) = 0 [pid 9721] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9721] chdir("./file0") = 0 [pid 9721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9721] ioctl(4, LOOP_CLR_FD) = 0 [pid 9721] close(4) = 0 [pid 9721] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9721] truncate("./file2", 0) = 0 [pid 9721] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9721] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9721] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9721, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4412", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4412", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4412/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4412/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4412/binderfs") = 0 umount2("./4412/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4412/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4412/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4412/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4412/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4412/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4412") = 0 mkdir("./4413", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9723 ./strace-static-x86_64: Process 9723 attached [pid 9723] set_robust_list(0x55558abad660, 24) = 0 [pid 9723] chdir("./4413") = 0 [pid 9723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9723] setpgid(0, 0) = 0 [pid 9723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9723] write(3, "1000", 4) = 4 [pid 9723] close(3) = 0 [pid 9723] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9723] write(1, "executing program\n", 18) = 18 [pid 9723] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9723] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9723] memfd_create("syzkaller", 0) = 3 [pid 9723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9723] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9723] munmap(0x7ff698483000, 138412032) = 0 [ 560.952779][ T9721] loop0: detected capacity change from 0 to 512 [ 560.960212][ T9721] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 560.970924][ T9721] EXT4-fs (loop0): 1 truncate cleaned up [ 560.978100][ T9721] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9723] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9723] close(3) = 0 [pid 9723] close(4) = 0 [pid 9723] mkdir("./file0", 0777) = 0 [pid 9723] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9723] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9723] chdir("./file0") = 0 [pid 9723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9723] ioctl(4, LOOP_CLR_FD) = 0 [pid 9723] close(4) = 0 [pid 9723] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9723] truncate("./file2", 0) = 0 [pid 9723] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9723] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9723] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9723, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- umount2("./4413", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4413", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4413/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4413/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4413/binderfs") = 0 umount2("./4413/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4413/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4413/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4413/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4413/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4413/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4413") = 0 mkdir("./4414", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9725 ./strace-static-x86_64: Process 9725 attached [pid 9725] set_robust_list(0x55558abad660, 24) = 0 [pid 9725] chdir("./4414") = 0 [pid 9725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9725] setpgid(0, 0) = 0 [pid 9725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9725] write(3, "1000", 4) = 4 [pid 9725] close(3) = 0 [pid 9725] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9725] write(1, "executing program\n", 18) = 18 [pid 9725] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9725] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9725] memfd_create("syzkaller", 0) = 3 [pid 9725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9725] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9725] munmap(0x7ff698483000, 138412032) = 0 [pid 9725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 561.016045][ T9723] loop0: detected capacity change from 0 to 512 [ 561.023771][ T9723] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 561.034591][ T9723] EXT4-fs (loop0): 1 truncate cleaned up [ 561.042328][ T9723] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9725] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9725] close(3) = 0 [pid 9725] close(4) = 0 [pid 9725] mkdir("./file0", 0777) = 0 [pid 9725] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9725] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9725] chdir("./file0") = 0 [pid 9725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9725] ioctl(4, LOOP_CLR_FD) = 0 [pid 9725] close(4) = 0 [pid 9725] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9725] truncate("./file2", 0) = 0 [pid 9725] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9725] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9725] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9725, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4414", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4414", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4414/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4414/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4414/binderfs") = 0 umount2("./4414/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4414/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4414/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4414/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4414/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4414/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4414") = 0 mkdir("./4415", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9727 ./strace-static-x86_64: Process 9727 attached [pid 9727] set_robust_list(0x55558abad660, 24) = 0 [pid 9727] chdir("./4415") = 0 [pid 9727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9727] setpgid(0, 0) = 0 [pid 9727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9727] write(3, "1000", 4) = 4 [pid 9727] close(3) = 0 [pid 9727] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9727] write(1, "executing program\n", 18executing program ) = 18 [pid 9727] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9727] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9727] memfd_create("syzkaller", 0) = 3 [pid 9727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9727] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9727] munmap(0x7ff698483000, 138412032) = 0 [pid 9727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 561.069326][ T9725] loop0: detected capacity change from 0 to 512 [ 561.076644][ T9725] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 561.087247][ T9725] EXT4-fs (loop0): 1 truncate cleaned up [ 561.094164][ T9725] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9727] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9727] close(3) = 0 [pid 9727] close(4) = 0 [pid 9727] mkdir("./file0", 0777) = 0 [pid 9727] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9727] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9727] chdir("./file0") = 0 [pid 9727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9727] ioctl(4, LOOP_CLR_FD) = 0 [pid 9727] close(4) = 0 [pid 9727] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9727] truncate("./file2", 0) = 0 [pid 9727] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9727] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9727] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9727, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4415", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4415", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4415/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4415/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4415/binderfs") = 0 umount2("./4415/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4415/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4415/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4415/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4415/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4415/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4415") = 0 mkdir("./4416", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9730 ./strace-static-x86_64: Process 9730 attached [pid 9730] set_robust_list(0x55558abad660, 24) = 0 [pid 9730] chdir("./4416") = 0 [pid 9730] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 9730] setpgid(0, 0) = 0 [pid 9730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9730] write(3, "1000", 4) = 4 [pid 9730] close(3) = 0 [pid 9730] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9730] write(1, "executing program\n", 18) = 18 [pid 9730] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9730] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9730] memfd_create("syzkaller", 0) = 3 [pid 9730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9730] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9730] munmap(0x7ff698483000, 138412032) = 0 [pid 9730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 561.125287][ T9727] loop0: detected capacity change from 0 to 512 [ 561.133180][ T9727] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 561.143960][ T9727] EXT4-fs (loop0): 1 truncate cleaned up [ 561.151763][ T9727] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9730] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9730] close(3) = 0 [pid 9730] close(4) = 0 [pid 9730] mkdir("./file0", 0777) = 0 [pid 9730] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9730] chdir("./file0") = 0 [pid 9730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9730] ioctl(4, LOOP_CLR_FD) = 0 [pid 9730] close(4) = 0 [pid 9730] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9730] truncate("./file2", 0) = 0 [pid 9730] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9730] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9730] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9730, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4416", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4416", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4416/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4416/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4416/binderfs") = 0 umount2("./4416/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4416/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4416/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4416/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4416/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4416/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4416") = 0 mkdir("./4417", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9732 ./strace-static-x86_64: Process 9732 attached [pid 9732] set_robust_list(0x55558abad660, 24) = 0 [pid 9732] chdir("./4417") = 0 [pid 9732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9732] setpgid(0, 0) = 0 [pid 9732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9732] write(3, "1000", 4) = 4 [pid 9732] close(3) = 0 [pid 9732] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9732] write(1, "executing program\n", 18) = 18 [pid 9732] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9732] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9732] memfd_create("syzkaller", 0) = 3 [pid 9732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9732] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9732] munmap(0x7ff698483000, 138412032) = 0 [pid 9732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 561.191191][ T9730] loop0: detected capacity change from 0 to 512 [ 561.198638][ T9730] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 561.209243][ T9730] EXT4-fs (loop0): 1 truncate cleaned up [ 561.216076][ T9730] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9732] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9732] close(3) = 0 [pid 9732] close(4) = 0 [pid 9732] mkdir("./file0", 0777) = 0 [pid 9732] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9732] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9732] chdir("./file0") = 0 [pid 9732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9732] ioctl(4, LOOP_CLR_FD) = 0 [pid 9732] close(4) = 0 [pid 9732] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9732] truncate("./file2", 0) = 0 [pid 9732] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9732] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9732] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9732, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4417", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4417", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4417/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4417/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4417/binderfs") = 0 umount2("./4417/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4417/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4417/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4417/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4417/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4417/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4417") = 0 mkdir("./4418", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9734 ./strace-static-x86_64: Process 9734 attached [pid 9734] set_robust_list(0x55558abad660, 24) = 0 [pid 9734] chdir("./4418") = 0 [pid 9734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9734] setpgid(0, 0) = 0 [pid 9734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9734] write(3, "1000", 4) = 4 [pid 9734] close(3) = 0 [pid 9734] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9734] write(1, "executing program\n", 18executing program ) = 18 [pid 9734] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9734] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9734] memfd_create("syzkaller", 0) = 3 [pid 9734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9734] munmap(0x7ff698483000, 138412032) = 0 [ 561.243070][ T9732] loop0: detected capacity change from 0 to 512 [ 561.250291][ T9732] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 561.261074][ T9732] EXT4-fs (loop0): 1 truncate cleaned up [ 561.267806][ T9732] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9734] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9734] close(3) = 0 [pid 9734] close(4) = 0 [pid 9734] mkdir("./file0", 0777) = 0 [pid 9734] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9734] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9734] chdir("./file0") = 0 [pid 9734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9734] ioctl(4, LOOP_CLR_FD) = 0 [pid 9734] close(4) = 0 [pid 9734] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9734] truncate("./file2", 0) = 0 [pid 9734] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9734] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9734] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9734, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4418", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4418", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4418/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4418/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4418/binderfs") = 0 umount2("./4418/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4418/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4418/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4418/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4418/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4418/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4418") = 0 mkdir("./4419", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9736 ./strace-static-x86_64: Process 9736 attached [pid 9736] set_robust_list(0x55558abad660, 24) = 0 [pid 9736] chdir("./4419") = 0 [pid 9736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9736] setpgid(0, 0) = 0 [pid 9736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9736] write(3, "1000", 4) = 4 [pid 9736] close(3) = 0 [pid 9736] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9736] write(1, "executing program\n", 18) = 18 [pid 9736] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9736] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9736] memfd_create("syzkaller", 0) = 3 [pid 9736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9736] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9736] munmap(0x7ff698483000, 138412032) = 0 [ 561.298122][ T9734] loop0: detected capacity change from 0 to 512 [ 561.305567][ T9734] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 561.316319][ T9734] EXT4-fs (loop0): 1 truncate cleaned up [ 561.323388][ T9734] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9736] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9736] close(3) = 0 [pid 9736] close(4) = 0 [pid 9736] mkdir("./file0", 0777) = 0 [pid 9736] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9736] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9736] chdir("./file0") = 0 [pid 9736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9736] ioctl(4, LOOP_CLR_FD) = 0 [pid 9736] close(4) = 0 [pid 9736] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9736] truncate("./file2", 0) = 0 [pid 9736] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9736] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9736] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9736, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4419", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4419", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4419/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4419/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4419/binderfs") = 0 umount2("./4419/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4419/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4419/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4419/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4419/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4419/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4419") = 0 mkdir("./4420", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9738 ./strace-static-x86_64: Process 9738 attached [pid 9738] set_robust_list(0x55558abad660, 24) = 0 [pid 9738] chdir("./4420") = 0 [pid 9738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9738] setpgid(0, 0) = 0 [pid 9738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 9738] write(3, "1000", 4) = 4 [pid 9738] close(3) = 0 [pid 9738] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9738] write(1, "executing program\n", 18) = 18 [pid 9738] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9738] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9738] memfd_create("syzkaller", 0) = 3 [pid 9738] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9738] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9738] munmap(0x7ff698483000, 138412032) = 0 [pid 9738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 561.359332][ T9736] loop0: detected capacity change from 0 to 512 [ 561.368996][ T9736] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 561.381514][ T9736] EXT4-fs (loop0): 1 truncate cleaned up [ 561.388453][ T9736] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9738] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9738] close(3) = 0 [pid 9738] close(4) = 0 [pid 9738] mkdir("./file0", 0777) = 0 [pid 9738] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9738] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9738] chdir("./file0") = 0 [pid 9738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9738] ioctl(4, LOOP_CLR_FD) = 0 [pid 9738] close(4) = 0 [pid 9738] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9738] truncate("./file2", 0) = 0 [pid 9738] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9738] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9738] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9738, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4420", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4420", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4420/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4420/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4420/binderfs") = 0 umount2("./4420/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4420/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4420/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4420/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4420/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4420/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4420") = 0 mkdir("./4421", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9740 ./strace-static-x86_64: Process 9740 attached [pid 9740] set_robust_list(0x55558abad660, 24) = 0 [pid 9740] chdir("./4421") = 0 [pid 9740] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9740] setpgid(0, 0) = 0 [pid 9740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9740] write(3, "1000", 4) = 4 [pid 9740] close(3) = 0 [pid 9740] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9740] write(1, "executing program\n", 18executing program ) = 18 [pid 9740] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9740] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9740] memfd_create("syzkaller", 0) = 3 [pid 9740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9740] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9740] munmap(0x7ff698483000, 138412032) = 0 [pid 9740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 561.424403][ T9738] loop0: detected capacity change from 0 to 512 [ 561.431779][ T9738] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 561.442397][ T9738] EXT4-fs (loop0): 1 truncate cleaned up [ 561.449086][ T9738] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9740] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9740] close(3) = 0 [pid 9740] close(4) = 0 [pid 9740] mkdir("./file0", 0777) = 0 [pid 9740] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9740] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9740] chdir("./file0") = 0 [pid 9740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9740] ioctl(4, LOOP_CLR_FD) = 0 [pid 9740] close(4) = 0 [pid 9740] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9740] truncate("./file2", 0) = 0 [pid 9740] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9740] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9740] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9740, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4421", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4421", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4421/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4421/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4421/binderfs") = 0 umount2("./4421/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4421/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4421/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4421/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4421/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4421/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4421") = 0 mkdir("./4422", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9742 ./strace-static-x86_64: Process 9742 attached [pid 9742] set_robust_list(0x55558abad660, 24) = 0 [pid 9742] chdir("./4422") = 0 [pid 9742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9742] setpgid(0, 0) = 0 [pid 9742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9742] write(3, "1000", 4) = 4 [pid 9742] close(3) = 0 [pid 9742] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9742] write(1, "executing program\n", 18executing program ) = 18 [pid 9742] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9742] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9742] memfd_create("syzkaller", 0) = 3 [pid 9742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9742] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9742] munmap(0x7ff698483000, 138412032) = 0 [ 561.492156][ T9740] loop0: detected capacity change from 0 to 512 [ 561.499577][ T9740] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 561.510204][ T9740] EXT4-fs (loop0): 1 truncate cleaned up [ 561.517992][ T9740] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9742] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9742] close(3) = 0 [pid 9742] close(4) = 0 [pid 9742] mkdir("./file0", 0777) = 0 [pid 9742] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9742] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9742] chdir("./file0") = 0 [pid 9742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9742] ioctl(4, LOOP_CLR_FD) = 0 [pid 9742] close(4) = 0 [pid 9742] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9742] truncate("./file2", 0) = 0 [pid 9742] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9742] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9742] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9742, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4422", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4422", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4422/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4422/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4422/binderfs") = 0 umount2("./4422/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4422/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4422/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4422/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4422/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4422/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4422") = 0 mkdir("./4423", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9744 ./strace-static-x86_64: Process 9744 attached [pid 9744] set_robust_list(0x55558abad660, 24) = 0 [pid 9744] chdir("./4423") = 0 [pid 9744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9744] setpgid(0, 0) = 0 [pid 9744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9744] write(3, "1000", 4) = 4 [pid 9744] close(3) = 0 [pid 9744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9744] write(1, "executing program\n", 18executing program ) = 18 [pid 9744] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9744] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9744] memfd_create("syzkaller", 0) = 3 [pid 9744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9744] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9744] munmap(0x7ff698483000, 138412032) = 0 [ 561.552305][ T9742] loop0: detected capacity change from 0 to 512 [ 561.559654][ T9742] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 561.570370][ T9742] EXT4-fs (loop0): 1 truncate cleaned up [ 561.577654][ T9742] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9744] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9744] close(3) = 0 [pid 9744] close(4) = 0 [pid 9744] mkdir("./file0", 0777) = 0 [pid 9744] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9744] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9744] chdir("./file0") = 0 [pid 9744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9744] ioctl(4, LOOP_CLR_FD) = 0 [pid 9744] close(4) = 0 [pid 9744] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9744] truncate("./file2", 0) = 0 [pid 9744] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9744] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9744] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9744, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4423", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4423", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4423/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4423/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4423/binderfs") = 0 umount2("./4423/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4423/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4423/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4423/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4423/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4423/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4423") = 0 mkdir("./4424", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9746 ./strace-static-x86_64: Process 9746 attached [pid 9746] set_robust_list(0x55558abad660, 24) = 0 [pid 9746] chdir("./4424") = 0 [pid 9746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9746] setpgid(0, 0) = 0 [pid 9746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9746] write(3, "1000", 4) = 4 [pid 9746] close(3) = 0 [pid 9746] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9746] write(1, "executing program\n", 18) = 18 [pid 9746] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9746] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9746] memfd_create("syzkaller", 0) = 3 [pid 9746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9746] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9746] munmap(0x7ff698483000, 138412032) = 0 [pid 9746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 561.611470][ T9744] loop0: detected capacity change from 0 to 512 [ 561.619377][ T9744] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 561.630037][ T9744] EXT4-fs (loop0): 1 truncate cleaned up [ 561.637731][ T9744] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9746] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9746] close(3) = 0 [pid 9746] close(4) = 0 [pid 9746] mkdir("./file0", 0777) = 0 [pid 9746] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9746] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9746] chdir("./file0") = 0 [pid 9746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9746] ioctl(4, LOOP_CLR_FD) = 0 [pid 9746] close(4) = 0 [pid 9746] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9746] truncate("./file2", 0) = 0 [pid 9746] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9746] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9746] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9746, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4424", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4424", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4424/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4424/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4424/binderfs") = 0 umount2("./4424/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4424/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4424/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4424/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4424/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4424/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4424") = 0 mkdir("./4425", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9748 ./strace-static-x86_64: Process 9748 attached [pid 9748] set_robust_list(0x55558abad660, 24) = 0 [pid 9748] chdir("./4425") = 0 [pid 9748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9748] setpgid(0, 0) = 0 [pid 9748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9748] write(3, "1000", 4) = 4 [pid 9748] close(3) = 0 [pid 9748] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9748] write(1, "executing program\n", 18executing program ) = 18 [pid 9748] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9748] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9748] memfd_create("syzkaller", 0) = 3 [pid 9748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9748] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9748] munmap(0x7ff698483000, 138412032) = 0 [pid 9748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 561.673212][ T9746] loop0: detected capacity change from 0 to 512 [ 561.680886][ T9746] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 561.691469][ T9746] EXT4-fs (loop0): 1 truncate cleaned up [ 561.698296][ T9746] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9748] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9748] close(3) = 0 [pid 9748] close(4) = 0 [pid 9748] mkdir("./file0", 0777) = 0 [pid 9748] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9748] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9748] chdir("./file0") = 0 [pid 9748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9748] ioctl(4, LOOP_CLR_FD) = 0 [pid 9748] close(4) = 0 [pid 9748] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9748] truncate("./file2", 0) = 0 [pid 9748] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9748] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9748] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9748, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4425", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4425", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4425/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4425/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4425/binderfs") = 0 umount2("./4425/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4425/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4425/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4425/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4425/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4425/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4425") = 0 mkdir("./4426", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9750 ./strace-static-x86_64: Process 9750 attached [pid 9750] set_robust_list(0x55558abad660, 24) = 0 [pid 9750] chdir("./4426") = 0 [pid 9750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9750] setpgid(0, 0) = 0 [pid 9750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9750] write(3, "1000", 4) = 4 [pid 9750] close(3) = 0 [pid 9750] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9750] write(1, "executing program\n", 18) = 18 [pid 9750] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9750] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9750] memfd_create("syzkaller", 0) = 3 [pid 9750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9750] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9750] munmap(0x7ff698483000, 138412032) = 0 [pid 9750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 561.737642][ T9748] loop0: detected capacity change from 0 to 512 [ 561.745299][ T9748] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 561.755878][ T9748] EXT4-fs (loop0): 1 truncate cleaned up [ 561.762886][ T9748] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9750] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9750] close(3) = 0 [pid 9750] close(4) = 0 [pid 9750] mkdir("./file0", 0777) = 0 [pid 9750] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9750] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9750] chdir("./file0") = 0 [pid 9750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9750] ioctl(4, LOOP_CLR_FD) = 0 [pid 9750] close(4) = 0 [pid 9750] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9750] truncate("./file2", 0) = 0 [pid 9750] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9750] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9750] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9750, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4426", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4426", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4426/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4426/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4426/binderfs") = 0 umount2("./4426/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4426/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4426/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4426/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4426/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4426/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4426") = 0 mkdir("./4427", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9752 ./strace-static-x86_64: Process 9752 attached [pid 9752] set_robust_list(0x55558abad660, 24) = 0 [pid 9752] chdir("./4427") = 0 [pid 9752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9752] setpgid(0, 0) = 0 [pid 9752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9752] write(3, "1000", 4) = 4 [pid 9752] close(3) = 0 [pid 9752] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9752] write(1, "executing program\n", 18) = 18 [pid 9752] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9752] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9752] memfd_create("syzkaller", 0) = 3 [pid 9752] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9752] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9752] munmap(0x7ff698483000, 138412032) = 0 [pid 9752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 561.790683][ T9750] loop0: detected capacity change from 0 to 512 [ 561.798542][ T9750] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 561.809163][ T9750] EXT4-fs (loop0): 1 truncate cleaned up [ 561.816382][ T9750] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9752] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9752] close(3) = 0 [pid 9752] close(4) = 0 [pid 9752] mkdir("./file0", 0777) = 0 [pid 9752] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9752] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9752] chdir("./file0") = 0 [pid 9752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9752] ioctl(4, LOOP_CLR_FD) = 0 [pid 9752] close(4) = 0 [pid 9752] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9752] truncate("./file2", 0) = 0 [pid 9752] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9752] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9752] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9752, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4427", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4427", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4427/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4427/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4427/binderfs") = 0 umount2("./4427/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4427/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4427/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4427/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4427/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4427/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4427"executing program ) = 0 mkdir("./4428", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9754 ./strace-static-x86_64: Process 9754 attached [pid 9754] set_robust_list(0x55558abad660, 24) = 0 [pid 9754] chdir("./4428") = 0 [pid 9754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9754] setpgid(0, 0) = 0 [pid 9754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9754] write(3, "1000", 4) = 4 [pid 9754] close(3) = 0 [pid 9754] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9754] write(1, "executing program\n", 18) = 18 [pid 9754] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9754] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9754] memfd_create("syzkaller", 0) = 3 [pid 9754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9754] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9754] munmap(0x7ff698483000, 138412032) = 0 [pid 9754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 561.849069][ T9752] loop0: detected capacity change from 0 to 512 [ 561.857048][ T9752] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 561.867869][ T9752] EXT4-fs (loop0): 1 truncate cleaned up [ 561.875127][ T9752] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9754] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9754] close(3) = 0 [pid 9754] close(4) = 0 [pid 9754] mkdir("./file0", 0777) = 0 [pid 9754] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9754] chdir("./file0") = 0 [pid 9754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9754] ioctl(4, LOOP_CLR_FD) = 0 [pid 9754] close(4) = 0 [pid 9754] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9754] truncate("./file2", 0) = 0 [pid 9754] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9754] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9754] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9754, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4428", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4428", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4428/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4428/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4428/binderfs") = 0 umount2("./4428/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4428/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4428/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4428/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4428/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4428/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4428") = 0 mkdir("./4429", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9756 ./strace-static-x86_64: Process 9756 attached [pid 9756] set_robust_list(0x55558abad660, 24) = 0 [pid 9756] chdir("./4429") = 0 [pid 9756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9756] setpgid(0, 0) = 0 [pid 9756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9756] write(3, "1000", 4) = 4 [pid 9756] close(3) = 0 [pid 9756] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9756] write(1, "executing program\n", 18) = 18 [pid 9756] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9756] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9756] memfd_create("syzkaller", 0) = 3 [pid 9756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9756] munmap(0x7ff698483000, 138412032) = 0 [pid 9756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 561.903074][ T9754] loop0: detected capacity change from 0 to 512 [ 561.910995][ T9754] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 561.921659][ T9754] EXT4-fs (loop0): 1 truncate cleaned up [ 561.928855][ T9754] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9756] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9756] close(3) = 0 [pid 9756] close(4) = 0 [pid 9756] mkdir("./file0", 0777) = 0 [pid 9756] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9756] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9756] chdir("./file0") = 0 [pid 9756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9756] ioctl(4, LOOP_CLR_FD) = 0 [pid 9756] close(4) = 0 [pid 9756] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9756] truncate("./file2", 0) = 0 [pid 9756] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9756] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9756] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9756, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4429", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4429", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4429/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4429/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4429/binderfs") = 0 umount2("./4429/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4429/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4429/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4429/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4429/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4429/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4429") = 0 mkdir("./4430", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9758 ./strace-static-x86_64: Process 9758 attached [pid 9758] set_robust_list(0x55558abad660, 24) = 0 [pid 9758] chdir("./4430") = 0 [pid 9758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9758] setpgid(0, 0) = 0 [pid 9758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9758] write(3, "1000", 4) = 4 [pid 9758] close(3) = 0 [pid 9758] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9758] write(1, "executing program\n", 18) = 18 [pid 9758] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9758] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9758] memfd_create("syzkaller", 0) = 3 [pid 9758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9758] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9758] munmap(0x7ff698483000, 138412032) = 0 [pid 9758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 561.968349][ T9756] loop0: detected capacity change from 0 to 512 [ 561.976149][ T9756] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 561.986916][ T9756] EXT4-fs (loop0): 1 truncate cleaned up [ 561.993584][ T9756] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9758] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9758] close(3) = 0 [pid 9758] close(4) = 0 [pid 9758] mkdir("./file0", 0777) = 0 [pid 9758] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9758] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9758] chdir("./file0") = 0 [pid 9758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9758] ioctl(4, LOOP_CLR_FD) = 0 [pid 9758] close(4) = 0 [pid 9758] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9758] truncate("./file2", 0) = 0 [pid 9758] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9758] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9758] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9758, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4430", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4430", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4430/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4430/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4430/binderfs") = 0 umount2("./4430/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4430/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4430/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4430/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4430/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4430/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4430") = 0 mkdir("./4431", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9760 ./strace-static-x86_64: Process 9760 attached [pid 9760] set_robust_list(0x55558abad660, 24) = 0 [pid 9760] chdir("./4431") = 0 [pid 9760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9760] setpgid(0, 0) = 0 [pid 9760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9760] write(3, "1000", 4) = 4 [pid 9760] close(3) = 0 [pid 9760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9760] write(1, "executing program\n", 18executing program ) = 18 [pid 9760] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9760] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9760] memfd_create("syzkaller", 0) = 3 [pid 9760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9760] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9760] munmap(0x7ff698483000, 138412032) = 0 [pid 9760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 562.033239][ T9758] loop0: detected capacity change from 0 to 512 [ 562.040695][ T9758] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 562.051312][ T9758] EXT4-fs (loop0): 1 truncate cleaned up [ 562.058381][ T9758] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9760] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9760] close(3) = 0 [pid 9760] close(4) = 0 [pid 9760] mkdir("./file0", 0777) = 0 [pid 9760] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9760] chdir("./file0") = 0 [pid 9760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9760] ioctl(4, LOOP_CLR_FD) = 0 [pid 9760] close(4) = 0 [pid 9760] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9760] truncate("./file2", 0) = 0 [pid 9760] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9760] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9760] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9760, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- umount2("./4431", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4431", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4431/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4431/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4431/binderfs") = 0 umount2("./4431/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4431/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4431/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4431/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4431/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4431/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4431") = 0 mkdir("./4432", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9762 ./strace-static-x86_64: Process 9762 attached [pid 9762] set_robust_list(0x55558abad660, 24) = 0 [pid 9762] chdir("./4432") = 0 [pid 9762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9762] setpgid(0, 0) = 0 [pid 9762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9762] write(3, "1000", 4) = 4 [pid 9762] close(3) = 0 [pid 9762] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9762] write(1, "executing program\n", 18) = 18 [pid 9762] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9762] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9762] memfd_create("syzkaller", 0) = 3 [pid 9762] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9762] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9762] munmap(0x7ff698483000, 138412032) = 0 [pid 9762] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 562.088861][ T9760] loop0: detected capacity change from 0 to 512 [ 562.096320][ T9760] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 562.107365][ T9760] EXT4-fs (loop0): 1 truncate cleaned up [ 562.114526][ T9760] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9762] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9762] close(3) = 0 [pid 9762] close(4) = 0 [pid 9762] mkdir("./file0", 0777) = 0 [pid 9762] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9762] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9762] chdir("./file0") = 0 [pid 9762] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9762] ioctl(4, LOOP_CLR_FD) = 0 [pid 9762] close(4) = 0 [pid 9762] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9762] truncate("./file2", 0) = 0 [pid 9762] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9762] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9762] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9762, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4432", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4432", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4432/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4432/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4432/binderfs") = 0 umount2("./4432/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4432/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4432/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4432/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4432/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4432/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4432") = 0 mkdir("./4433", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9765 ./strace-static-x86_64: Process 9765 attached [pid 9765] set_robust_list(0x55558abad660, 24) = 0 [pid 9765] chdir("./4433") = 0 [pid 9765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9765] setpgid(0, 0) = 0 [pid 9765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9765] write(3, "1000", 4) = 4 [pid 9765] close(3) = 0 [pid 9765] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9765] write(1, "executing program\n", 18) = 18 [pid 9765] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9765] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9765] memfd_create("syzkaller", 0) = 3 [pid 9765] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9765] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9765] munmap(0x7ff698483000, 138412032) = 0 [pid 9765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 562.141540][ T9762] loop0: detected capacity change from 0 to 512 [ 562.149261][ T9762] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 562.160789][ T9762] EXT4-fs (loop0): 1 truncate cleaned up [ 562.167663][ T9762] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9765] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9765] close(3) = 0 [pid 9765] close(4) = 0 [pid 9765] mkdir("./file0", 0777) = 0 [pid 9765] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9765] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9765] chdir("./file0") = 0 [pid 9765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9765] ioctl(4, LOOP_CLR_FD) = 0 [pid 9765] close(4) = 0 [pid 9765] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9765] truncate("./file2", 0) = 0 [pid 9765] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9765] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9765] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9765, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4433", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4433", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4433/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4433/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4433/binderfs") = 0 umount2("./4433/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4433/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4433/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4433/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4433/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4433/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4433") = 0 mkdir("./4434", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9767 ./strace-static-x86_64: Process 9767 attached [pid 9767] set_robust_list(0x55558abad660, 24) = 0 [pid 9767] chdir("./4434") = 0 [pid 9767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9767] setpgid(0, 0) = 0 [pid 9767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9767] write(3, "1000", 4) = 4 [pid 9767] close(3) = 0 executing program [pid 9767] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9767] write(1, "executing program\n", 18) = 18 [pid 9767] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9767] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9767] memfd_create("syzkaller", 0) = 3 [pid 9767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9767] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9767] munmap(0x7ff698483000, 138412032) = 0 [pid 9767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 562.195222][ T9765] loop0: detected capacity change from 0 to 512 [ 562.202827][ T9765] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 562.213328][ T9765] EXT4-fs (loop0): 1 truncate cleaned up [ 562.220032][ T9765] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9767] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9767] close(3) = 0 [pid 9767] close(4) = 0 [pid 9767] mkdir("./file0", 0777) = 0 [pid 9767] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9767] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9767] chdir("./file0") = 0 [pid 9767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9767] ioctl(4, LOOP_CLR_FD) = 0 [pid 9767] close(4) = 0 [pid 9767] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9767] truncate("./file2", 0) = 0 [pid 9767] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9767] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9767] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9767, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4434", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4434", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4434/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4434/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4434/binderfs") = 0 umount2("./4434/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4434/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4434/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4434/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4434/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4434/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4434") = 0 mkdir("./4435", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9769 ./strace-static-x86_64: Process 9769 attached [pid 9769] set_robust_list(0x55558abad660, 24) = 0 [pid 9769] chdir("./4435") = 0 [pid 9769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9769] setpgid(0, 0) = 0 [pid 9769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9769] write(3, "1000", 4) = 4 [pid 9769] close(3) = 0 [pid 9769] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9769] write(1, "executing program\n", 18) = 18 [pid 9769] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9769] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9769] memfd_create("syzkaller", 0) = 3 [pid 9769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9769] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9769] munmap(0x7ff698483000, 138412032) = 0 [pid 9769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 562.256637][ T9767] loop0: detected capacity change from 0 to 512 [ 562.263895][ T9767] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 562.274486][ T9767] EXT4-fs (loop0): 1 truncate cleaned up [ 562.281588][ T9767] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9769] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9769] close(3) = 0 [pid 9769] close(4) = 0 [pid 9769] mkdir("./file0", 0777) = 0 [pid 9769] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9769] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9769] chdir("./file0") = 0 [pid 9769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9769] ioctl(4, LOOP_CLR_FD) = 0 [pid 9769] close(4) = 0 [pid 9769] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9769] truncate("./file2", 0) = 0 [pid 9769] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9769] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9769] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9769, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4435", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4435", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4435/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4435/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4435/binderfs") = 0 umount2("./4435/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4435/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4435/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4435/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4435/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4435/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4435") = 0 mkdir("./4436", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9771 ./strace-static-x86_64: Process 9771 attached [pid 9771] set_robust_list(0x55558abad660, 24) = 0 [pid 9771] chdir("./4436") = 0 [pid 9771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9771] setpgid(0, 0) = 0 [pid 9771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9771] write(3, "1000", 4) = 4 [pid 9771] close(3) = 0 [pid 9771] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9771] write(1, "executing program\n", 18) = 18 [pid 9771] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9771] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9771] memfd_create("syzkaller", 0) = 3 [pid 9771] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9771] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9771] munmap(0x7ff698483000, 138412032) = 0 [pid 9771] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 562.318413][ T9769] loop0: detected capacity change from 0 to 512 [ 562.325595][ T9769] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 562.336295][ T9769] EXT4-fs (loop0): 1 truncate cleaned up [ 562.343438][ T9769] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9771] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9771] close(3) = 0 [pid 9771] close(4) = 0 [pid 9771] mkdir("./file0", 0777) = 0 [pid 9771] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9771] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9771] chdir("./file0") = 0 [pid 9771] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9771] ioctl(4, LOOP_CLR_FD) = 0 [pid 9771] close(4) = 0 [pid 9771] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9771] truncate("./file2", 0) = 0 [pid 9771] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9771] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9771] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9771, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4436", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4436", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4436/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4436/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4436/binderfs") = 0 umount2("./4436/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4436/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4436/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4436/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4436/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4436/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4436") = 0 mkdir("./4437", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9773 ./strace-static-x86_64: Process 9773 attached [pid 9773] set_robust_list(0x55558abad660, 24) = 0 [pid 9773] chdir("./4437") = 0 [pid 9773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9773] setpgid(0, 0) = 0 [pid 9773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9773] write(3, "1000", 4) = 4 [pid 9773] close(3) = 0 [pid 9773] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9773] write(1, "executing program\n", 18executing program ) = 18 [pid 9773] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9773] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9773] memfd_create("syzkaller", 0) = 3 [pid 9773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9773] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9773] munmap(0x7ff698483000, 138412032) = 0 [pid 9773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 562.385042][ T9771] loop0: detected capacity change from 0 to 512 [ 562.392469][ T9771] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 562.403090][ T9771] EXT4-fs (loop0): 1 truncate cleaned up [ 562.410267][ T9771] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9773] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9773] close(3) = 0 [pid 9773] close(4) = 0 [pid 9773] mkdir("./file0", 0777) = 0 [pid 9773] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9773] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9773] chdir("./file0") = 0 [pid 9773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9773] ioctl(4, LOOP_CLR_FD) = 0 [pid 9773] close(4) = 0 [pid 9773] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9773] truncate("./file2", 0) = 0 [pid 9773] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9773] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9773] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9773, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4437", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4437", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4437/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4437/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4437/binderfs") = 0 umount2("./4437/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4437/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4437/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4437/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4437/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4437/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4437") = 0 mkdir("./4438", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9775 ./strace-static-x86_64: Process 9775 attached [pid 9775] set_robust_list(0x55558abad660, 24) = 0 [pid 9775] chdir("./4438") = 0 [pid 9775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9775] setpgid(0, 0) = 0 [pid 9775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9775] write(3, "1000", 4) = 4 [pid 9775] close(3) = 0 [pid 9775] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9775] write(1, "executing program\n", 18) = 18 [pid 9775] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9775] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9775] memfd_create("syzkaller", 0) = 3 [pid 9775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9775] munmap(0x7ff698483000, 138412032) = 0 [pid 9775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 562.444470][ T9773] loop0: detected capacity change from 0 to 512 [ 562.452010][ T9773] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 562.462922][ T9773] EXT4-fs (loop0): 1 truncate cleaned up [ 562.469658][ T9773] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9775] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9775] close(3) = 0 [pid 9775] close(4) = 0 [pid 9775] mkdir("./file0", 0777) = 0 [pid 9775] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9775] chdir("./file0") = 0 [pid 9775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9775] ioctl(4, LOOP_CLR_FD) = 0 [pid 9775] close(4) = 0 [pid 9775] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9775] truncate("./file2", 0) = 0 [pid 9775] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9775] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9775] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9775, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4438", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4438", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4438/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4438/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4438/binderfs") = 0 umount2("./4438/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4438/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4438/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4438/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4438/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4438/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4438") = 0 mkdir("./4439", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9777 ./strace-static-x86_64: Process 9777 attached [pid 9777] set_robust_list(0x55558abad660, 24) = 0 [pid 9777] chdir("./4439") = 0 [pid 9777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9777] setpgid(0, 0) = 0 [pid 9777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9777] write(3, "1000", 4) = 4 [pid 9777] close(3) = 0 [pid 9777] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9777] write(1, "executing program\n", 18) = 18 [pid 9777] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9777] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9777] memfd_create("syzkaller", 0) = 3 [pid 9777] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9777] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9777] munmap(0x7ff698483000, 138412032) = 0 [pid 9777] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 562.500336][ T9775] loop0: detected capacity change from 0 to 512 [ 562.508618][ T9775] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 562.520188][ T9775] EXT4-fs (loop0): 1 truncate cleaned up [ 562.526783][ T9775] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9777] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9777] close(3) = 0 [pid 9777] close(4) = 0 [pid 9777] mkdir("./file0", 0777) = 0 [pid 9777] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9777] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9777] chdir("./file0") = 0 [pid 9777] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9777] ioctl(4, LOOP_CLR_FD) = 0 [pid 9777] close(4) = 0 [pid 9777] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9777] truncate("./file2", 0) = 0 [pid 9777] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9777] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9777] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9777, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4439", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4439", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4439/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4439/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4439/binderfs") = 0 umount2("./4439/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4439/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4439/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4439/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4439/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4439/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4439") = 0 mkdir("./4440", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9779 ./strace-static-x86_64: Process 9779 attached [pid 9779] set_robust_list(0x55558abad660, 24) = 0 [pid 9779] chdir("./4440") = 0 [pid 9779] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9779] setpgid(0, 0) = 0 [pid 9779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9779] write(3, "1000", 4) = 4 [pid 9779] close(3) = 0 [pid 9779] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9779] write(1, "executing program\n", 18) = 18 [pid 9779] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9779] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9779] memfd_create("syzkaller", 0) = 3 [pid 9779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9779] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9779] munmap(0x7ff698483000, 138412032) = 0 [pid 9779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 562.563883][ T9777] loop0: detected capacity change from 0 to 512 [ 562.571337][ T9777] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 562.581973][ T9777] EXT4-fs (loop0): 1 truncate cleaned up [ 562.588720][ T9777] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9779] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9779] close(3) = 0 [pid 9779] close(4) = 0 [pid 9779] mkdir("./file0", 0777) = 0 [pid 9779] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9779] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9779] chdir("./file0") = 0 [pid 9779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9779] ioctl(4, LOOP_CLR_FD) = 0 [pid 9779] close(4) = 0 [pid 9779] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9779] truncate("./file2", 0) = 0 [pid 9779] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9779] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9779] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9779, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4440", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4440", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4440/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4440/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4440/binderfs") = 0 umount2("./4440/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4440/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4440/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4440/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4440/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4440/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4440") = 0 mkdir("./4441", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9781 ./strace-static-x86_64: Process 9781 attached [pid 9781] set_robust_list(0x55558abad660, 24) = 0 [pid 9781] chdir("./4441") = 0 [pid 9781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9781] setpgid(0, 0) = 0 [pid 9781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9781] write(3, "1000", 4) = 4 [pid 9781] close(3) = 0 [pid 9781] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9781] write(1, "executing program\n", 18) = 18 [pid 9781] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9781] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9781] memfd_create("syzkaller", 0) = 3 [pid 9781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9781] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9781] munmap(0x7ff698483000, 138412032) = 0 [pid 9781] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 562.616804][ T9779] loop0: detected capacity change from 0 to 512 [ 562.624157][ T9779] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 562.634685][ T9779] EXT4-fs (loop0): 1 truncate cleaned up [ 562.641442][ T9779] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9781] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9781] close(3) = 0 [pid 9781] close(4) = 0 [pid 9781] mkdir("./file0", 0777) = 0 [pid 9781] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9781] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9781] chdir("./file0") = 0 [pid 9781] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9781] ioctl(4, LOOP_CLR_FD) = 0 [pid 9781] close(4) = 0 [pid 9781] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9781] truncate("./file2", 0) = 0 [pid 9781] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9781] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9781] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9781, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4441", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4441", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4441/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4441/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4441/binderfs") = 0 umount2("./4441/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4441/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4441/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4441/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4441/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4441/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4441") = 0 mkdir("./4442", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9783 ./strace-static-x86_64: Process 9783 attached [pid 9783] set_robust_list(0x55558abad660, 24) = 0 [pid 9783] chdir("./4442") = 0 [pid 9783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9783] setpgid(0, 0) = 0 [pid 9783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9783] write(3, "1000", 4) = 4 [pid 9783] close(3) = 0 [pid 9783] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9783] write(1, "executing program\n", 18) = 18 [pid 9783] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9783] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9783] memfd_create("syzkaller", 0) = 3 [pid 9783] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9783] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9783] munmap(0x7ff698483000, 138412032) = 0 [pid 9783] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 562.680232][ T9781] loop0: detected capacity change from 0 to 512 [ 562.687680][ T9781] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 562.698669][ T9781] EXT4-fs (loop0): 1 truncate cleaned up [ 562.705926][ T9781] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9783] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9783] close(3) = 0 [pid 9783] close(4) = 0 [pid 9783] mkdir("./file0", 0777) = 0 [pid 9783] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9783] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9783] chdir("./file0") = 0 [pid 9783] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9783] ioctl(4, LOOP_CLR_FD) = 0 [pid 9783] close(4) = 0 [pid 9783] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9783] truncate("./file2", 0) = 0 [pid 9783] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9783] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9783] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9783, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4442", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4442", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4442/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4442/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4442/binderfs") = 0 umount2("./4442/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4442/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4442/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4442/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4442/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4442/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4442") = 0 mkdir("./4443", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9785 attached , child_tidptr=0x55558abad650) = 9785 [pid 9785] set_robust_list(0x55558abad660, 24) = 0 [pid 9785] chdir("./4443") = 0 [pid 9785] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9785] setpgid(0, 0) = 0 [pid 9785] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9785] write(3, "1000", 4) = 4 [pid 9785] close(3) = 0 [pid 9785] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9785] write(1, "executing program\n", 18executing program ) = 18 [pid 9785] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9785] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9785] memfd_create("syzkaller", 0) = 3 [pid 9785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9785] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9785] munmap(0x7ff698483000, 138412032) = 0 [pid 9785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 562.742427][ T9783] loop0: detected capacity change from 0 to 512 [ 562.749840][ T9783] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 562.760466][ T9783] EXT4-fs (loop0): 1 truncate cleaned up [ 562.767971][ T9783] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9785] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9785] close(3) = 0 [pid 9785] close(4) = 0 [pid 9785] mkdir("./file0", 0777) = 0 [pid 9785] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9785] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9785] chdir("./file0") = 0 [pid 9785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9785] ioctl(4, LOOP_CLR_FD) = 0 [pid 9785] close(4) = 0 [pid 9785] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9785] truncate("./file2", 0) = 0 [pid 9785] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9785] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9785] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9785, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- umount2("./4443", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4443", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4443/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4443/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4443/binderfs") = 0 umount2("./4443/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4443/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4443/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4443/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4443/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4443/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4443") = 0 mkdir("./4444", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9787 ./strace-static-x86_64: Process 9787 attached [pid 9787] set_robust_list(0x55558abad660, 24) = 0 [pid 9787] chdir("./4444") = 0 [pid 9787] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9787] setpgid(0, 0) = 0 [pid 9787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9787] write(3, "1000", 4) = 4 [pid 9787] close(3) = 0 [pid 9787] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9787] write(1, "executing program\n", 18) = 18 [pid 9787] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9787] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9787] memfd_create("syzkaller", 0) = 3 [pid 9787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9787] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9787] munmap(0x7ff698483000, 138412032) = 0 [pid 9787] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 562.807768][ T9785] loop0: detected capacity change from 0 to 512 [ 562.815375][ T9785] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 562.825966][ T9785] EXT4-fs (loop0): 1 truncate cleaned up [ 562.833214][ T9785] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9787] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9787] close(3) = 0 [pid 9787] close(4) = 0 [pid 9787] mkdir("./file0", 0777) = 0 [pid 9787] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9787] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9787] chdir("./file0") = 0 [pid 9787] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9787] ioctl(4, LOOP_CLR_FD) = 0 [pid 9787] close(4) = 0 [pid 9787] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9787] truncate("./file2", 0) = 0 [pid 9787] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9787] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9787] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9787, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4444", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4444", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4444/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4444/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4444/binderfs") = 0 umount2("./4444/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4444/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4444/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4444/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4444/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4444/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4444") = 0 mkdir("./4445", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9789 ./strace-static-x86_64: Process 9789 attached [pid 9789] set_robust_list(0x55558abad660, 24) = 0 [pid 9789] chdir("./4445") = 0 [pid 9789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9789] setpgid(0, 0) = 0 [pid 9789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9789] write(3, "1000", 4) = 4 [pid 9789] close(3) = 0 [pid 9789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9789] write(1, "executing program\n", 18executing program ) = 18 [pid 9789] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9789] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9789] memfd_create("syzkaller", 0) = 3 [pid 9789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9789] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9789] munmap(0x7ff698483000, 138412032) = 0 [pid 9789] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 562.859713][ T9787] loop0: detected capacity change from 0 to 512 [ 562.867347][ T9787] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 562.878207][ T9787] EXT4-fs (loop0): 1 truncate cleaned up [ 562.884942][ T9787] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9789] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9789] close(3) = 0 [pid 9789] close(4) = 0 [pid 9789] mkdir("./file0", 0777) = 0 [pid 9789] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9789] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9789] chdir("./file0") = 0 [pid 9789] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9789] ioctl(4, LOOP_CLR_FD) = 0 [pid 9789] close(4) = 0 [pid 9789] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9789] truncate("./file2", 0) = 0 [pid 9789] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9789] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9789] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9789, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4445", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4445", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4445/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4445/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4445/binderfs") = 0 umount2("./4445/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4445/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4445/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4445/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4445/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4445/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4445") = 0 mkdir("./4446", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9791 ./strace-static-x86_64: Process 9791 attached [pid 9791] set_robust_list(0x55558abad660, 24) = 0 [pid 9791] chdir("./4446") = 0 [pid 9791] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9791] setpgid(0, 0) = 0 [pid 9791] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9791] write(3, "1000", 4) = 4 [pid 9791] close(3) = 0 [pid 9791] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9791] write(1, "executing program\n", 18executing program ) = 18 [pid 9791] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9791] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9791] memfd_create("syzkaller", 0) = 3 [pid 9791] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9791] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9791] munmap(0x7ff698483000, 138412032) = 0 [pid 9791] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 562.926398][ T9789] loop0: detected capacity change from 0 to 512 [ 562.933845][ T9789] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 562.944474][ T9789] EXT4-fs (loop0): 1 truncate cleaned up [ 562.951758][ T9789] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9791] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9791] close(3) = 0 [pid 9791] close(4) = 0 [pid 9791] mkdir("./file0", 0777) = 0 [pid 9791] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9791] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9791] chdir("./file0") = 0 [pid 9791] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9791] ioctl(4, LOOP_CLR_FD) = 0 [pid 9791] close(4) = 0 [pid 9791] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9791] truncate("./file2", 0) = 0 [pid 9791] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9791] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9791] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9791, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4446", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4446", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4446/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4446/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4446/binderfs") = 0 umount2("./4446/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4446/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4446/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4446/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4446/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4446/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4446") = 0 mkdir("./4447", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9793 ./strace-static-x86_64: Process 9793 attached [pid 9793] set_robust_list(0x55558abad660, 24) = 0 [pid 9793] chdir("./4447") = 0 [pid 9793] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9793] setpgid(0, 0) = 0 [pid 9793] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9793] write(3, "1000", 4) = 4 [pid 9793] close(3) = 0 [pid 9793] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9793] write(1, "executing program\n", 18) = 18 [pid 9793] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9793] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9793] memfd_create("syzkaller", 0) = 3 [pid 9793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9793] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9793] munmap(0x7ff698483000, 138412032) = 0 [ 562.991713][ T9791] loop0: detected capacity change from 0 to 512 [ 562.999460][ T9791] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 563.010129][ T9791] EXT4-fs (loop0): 1 truncate cleaned up [ 563.017297][ T9791] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9793] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9793] close(3) = 0 [pid 9793] close(4) = 0 [pid 9793] mkdir("./file0", 0777) = 0 [pid 9793] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9793] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9793] chdir("./file0") = 0 [pid 9793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9793] ioctl(4, LOOP_CLR_FD) = 0 [pid 9793] close(4) = 0 [pid 9793] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9793] truncate("./file2", 0) = 0 [pid 9793] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9793] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9793] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9793, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4447", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4447", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4447/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4447/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4447/binderfs") = 0 umount2("./4447/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4447/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4447/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4447/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4447/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4447/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4447") = 0 mkdir("./4448", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9795 ./strace-static-x86_64: Process 9795 attached [pid 9795] set_robust_list(0x55558abad660, 24) = 0 [pid 9795] chdir("./4448") = 0 [pid 9795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9795] setpgid(0, 0) = 0 [pid 9795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9795] write(3, "1000", 4) = 4 [pid 9795] close(3) = 0 [pid 9795] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9795] write(1, "executing program\n", 18) = 18 [pid 9795] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9795] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9795] memfd_create("syzkaller", 0) = 3 [pid 9795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [ 563.055257][ T9793] loop0: detected capacity change from 0 to 512 [ 563.062865][ T9793] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 563.073448][ T9793] EXT4-fs (loop0): 1 truncate cleaned up [ 563.080690][ T9793] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9795] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9795] munmap(0x7ff698483000, 138412032) = 0 [pid 9795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9795] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9795] close(3) = 0 [pid 9795] close(4) = 0 [pid 9795] mkdir("./file0", 0777) = 0 [pid 9795] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9795] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9795] chdir("./file0") = 0 [pid 9795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9795] ioctl(4, LOOP_CLR_FD) = 0 [pid 9795] close(4) = 0 [pid 9795] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9795] truncate("./file2", 0) = 0 [pid 9795] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9795] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9795] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9795, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- umount2("./4448", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4448", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4448/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4448/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4448/binderfs") = 0 umount2("./4448/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4448/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4448/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4448/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4448/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4448/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4448") = 0 mkdir("./4449", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9798 ./strace-static-x86_64: Process 9798 attached [pid 9798] set_robust_list(0x55558abad660, 24) = 0 [pid 9798] chdir("./4449") = 0 [pid 9798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9798] setpgid(0, 0) = 0 [pid 9798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9798] write(3, "1000", 4) = 4 [pid 9798] close(3) = 0 [pid 9798] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9798] write(1, "executing program\n", 18) = 18 [pid 9798] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9798] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9798] memfd_create("syzkaller", 0) = 3 [pid 9798] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9798] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9798] munmap(0x7ff698483000, 138412032) = 0 [ 563.117772][ T9795] loop0: detected capacity change from 0 to 512 [ 563.125103][ T9795] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 563.135685][ T9795] EXT4-fs (loop0): 1 truncate cleaned up [ 563.142590][ T9795] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9798] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9798] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9798] close(3) = 0 [pid 9798] close(4) = 0 [pid 9798] mkdir("./file0", 0777) = 0 [pid 9798] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9798] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9798] chdir("./file0") = 0 [pid 9798] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9798] ioctl(4, LOOP_CLR_FD) = 0 [pid 9798] close(4) = 0 [pid 9798] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9798] truncate("./file2", 0) = 0 [pid 9798] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9798] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9798] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9798, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4449", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4449", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4449/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4449/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4449/binderfs") = 0 umount2("./4449/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4449/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4449/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4449/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4449/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4449/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4449") = 0 mkdir("./4450", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9800 ./strace-static-x86_64: Process 9800 attached [pid 9800] set_robust_list(0x55558abad660, 24) = 0 [pid 9800] chdir("./4450") = 0 [pid 9800] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9800] setpgid(0, 0) = 0 [pid 9800] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9800] write(3, "1000", 4) = 4 [pid 9800] close(3) = 0 [pid 9800] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9800] write(1, "executing program\n", 18) = 18 [pid 9800] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9800] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9800] memfd_create("syzkaller", 0) = 3 [pid 9800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9800] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9800] munmap(0x7ff698483000, 138412032) = 0 [pid 9800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 563.174256][ T9798] loop0: detected capacity change from 0 to 512 [ 563.182186][ T9798] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 563.192633][ T9798] EXT4-fs (loop0): 1 truncate cleaned up [ 563.200282][ T9798] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9800] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9800] close(3) = 0 [pid 9800] close(4) = 0 [pid 9800] mkdir("./file0", 0777) = 0 [pid 9800] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9800] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9800] chdir("./file0") = 0 [pid 9800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9800] ioctl(4, LOOP_CLR_FD) = 0 [pid 9800] close(4) = 0 [pid 9800] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9800] truncate("./file2", 0) = 0 [pid 9800] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9800] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9800] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9800, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4450", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4450", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4450/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4450/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4450/binderfs") = 0 umount2("./4450/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4450/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4450/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4450/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4450/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4450/file0"executing program ) = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4450") = 0 mkdir("./4451", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9803 ./strace-static-x86_64: Process 9803 attached [pid 9803] set_robust_list(0x55558abad660, 24) = 0 [pid 9803] chdir("./4451") = 0 [pid 9803] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9803] setpgid(0, 0) = 0 [pid 9803] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9803] write(3, "1000", 4) = 4 [pid 9803] close(3) = 0 [pid 9803] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9803] write(1, "executing program\n", 18) = 18 [pid 9803] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9803] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9803] memfd_create("syzkaller", 0) = 3 [pid 9803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9803] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9803] munmap(0x7ff698483000, 138412032) = 0 [pid 9803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 563.231791][ T9800] loop0: detected capacity change from 0 to 512 [ 563.238991][ T9800] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 563.249624][ T9800] EXT4-fs (loop0): 1 truncate cleaned up [ 563.257115][ T9800] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9803] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9803] close(3) = 0 [pid 9803] close(4) = 0 [pid 9803] mkdir("./file0", 0777) = 0 [pid 9803] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9803] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9803] chdir("./file0") = 0 [pid 9803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9803] ioctl(4, LOOP_CLR_FD) = 0 [pid 9803] close(4) = 0 [pid 9803] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9803] truncate("./file2", 0) = 0 [pid 9803] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9803] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9803] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9803, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4451", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4451", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4451/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4451/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4451/binderfs") = 0 umount2("./4451/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4451/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4451/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4451/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4451/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4451/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4451") = 0 mkdir("./4452", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9805 ./strace-static-x86_64: Process 9805 attached [pid 9805] set_robust_list(0x55558abad660, 24) = 0 [pid 9805] chdir("./4452") = 0 [pid 9805] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9805] setpgid(0, 0) = 0 [pid 9805] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9805] write(3, "1000", 4) = 4 [pid 9805] close(3) = 0 [pid 9805] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9805] write(1, "executing program\n", 18executing program ) = 18 [pid 9805] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9805] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9805] memfd_create("syzkaller", 0) = 3 [pid 9805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9805] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9805] munmap(0x7ff698483000, 138412032) = 0 [pid 9805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 563.293590][ T9803] loop0: detected capacity change from 0 to 512 [ 563.300881][ T9803] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 563.311382][ T9803] EXT4-fs (loop0): 1 truncate cleaned up [ 563.318353][ T9803] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9805] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9805] close(3) = 0 [pid 9805] close(4) = 0 [pid 9805] mkdir("./file0", 0777) = 0 [pid 9805] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9805] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9805] chdir("./file0") = 0 [pid 9805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9805] ioctl(4, LOOP_CLR_FD) = 0 [pid 9805] close(4) = 0 [pid 9805] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9805] truncate("./file2", 0) = 0 [pid 9805] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9805] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9805] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9805, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4452", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4452", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4452/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4452/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4452/binderfs") = 0 umount2("./4452/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4452/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4452/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4452/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4452/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4452/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4452") = 0 mkdir("./4453", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9807 ./strace-static-x86_64: Process 9807 attached [pid 9807] set_robust_list(0x55558abad660, 24) = 0 [pid 9807] chdir("./4453") = 0 [pid 9807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9807] setpgid(0, 0) = 0 [pid 9807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9807] write(3, "1000", 4) = 4 [pid 9807] close(3) = 0 [pid 9807] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9807] write(1, "executing program\n", 18) = 18 [pid 9807] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9807] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9807] memfd_create("syzkaller", 0) = 3 [pid 9807] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9807] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9807] munmap(0x7ff698483000, 138412032) = 0 [pid 9807] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 563.355639][ T9805] loop0: detected capacity change from 0 to 512 [ 563.362856][ T9805] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 563.373464][ T9805] EXT4-fs (loop0): 1 truncate cleaned up [ 563.380388][ T9805] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9807] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9807] close(3) = 0 [pid 9807] close(4) = 0 [pid 9807] mkdir("./file0", 0777) = 0 [pid 9807] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9807] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9807] chdir("./file0") = 0 [pid 9807] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9807] ioctl(4, LOOP_CLR_FD) = 0 [pid 9807] close(4) = 0 [pid 9807] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9807] truncate("./file2", 0) = 0 [pid 9807] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9807] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9807] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9807, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4453", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4453", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4453/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4453/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4453/binderfs") = 0 umount2("./4453/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4453/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4453/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4453/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4453/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4453/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4453") = 0 mkdir("./4454", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9809 ./strace-static-x86_64: Process 9809 attached [pid 9809] set_robust_list(0x55558abad660, 24) = 0 [pid 9809] chdir("./4454") = 0 [pid 9809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9809] setpgid(0, 0) = 0 [pid 9809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9809] write(3, "1000", 4) = 4 [pid 9809] close(3) = 0 [pid 9809] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9809] write(1, "executing program\n", 18) = 18 [pid 9809] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9809] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9809] memfd_create("syzkaller", 0) = 3 [pid 9809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9809] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9809] munmap(0x7ff698483000, 138412032) = 0 [pid 9809] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 563.415414][ T9807] loop0: detected capacity change from 0 to 512 [ 563.422622][ T9807] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 563.433346][ T9807] EXT4-fs (loop0): 1 truncate cleaned up [ 563.440460][ T9807] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9809] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9809] close(3) = 0 [pid 9809] close(4) = 0 [pid 9809] mkdir("./file0", 0777) = 0 [pid 9809] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9809] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9809] chdir("./file0") = 0 [pid 9809] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9809] ioctl(4, LOOP_CLR_FD) = 0 [pid 9809] close(4) = 0 [pid 9809] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9809] truncate("./file2", 0) = 0 [pid 9809] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9809] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9809] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9809, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4454", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4454", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4454/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4454/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4454/binderfs") = 0 umount2("./4454/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4454/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4454/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4454/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4454/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4454/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4454") = 0 mkdir("./4455", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9811 ./strace-static-x86_64: Process 9811 attached [pid 9811] set_robust_list(0x55558abad660, 24) = 0 [pid 9811] chdir("./4455") = 0 [pid 9811] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9811] setpgid(0, 0) = 0 [pid 9811] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9811] write(3, "1000", 4) = 4 [pid 9811] close(3) = 0 [pid 9811] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9811] write(1, "executing program\n", 18) = 18 [pid 9811] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9811] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9811] memfd_create("syzkaller", 0) = 3 [pid 9811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9811] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9811] munmap(0x7ff698483000, 138412032) = 0 [ 563.467613][ T9809] loop0: detected capacity change from 0 to 512 [ 563.474794][ T9809] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 563.485359][ T9809] EXT4-fs (loop0): 1 truncate cleaned up [ 563.492256][ T9809] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9811] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9811] close(3) = 0 [pid 9811] close(4) = 0 [pid 9811] mkdir("./file0", 0777) = 0 [pid 9811] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9811] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9811] chdir("./file0") = 0 [pid 9811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9811] ioctl(4, LOOP_CLR_FD) = 0 [pid 9811] close(4) = 0 [pid 9811] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9811] truncate("./file2", 0) = 0 [pid 9811] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9811] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9811] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9811, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4455", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4455", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4455/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4455/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4455/binderfs") = 0 umount2("./4455/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4455/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4455/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4455/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4455/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4455/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4455") = 0 mkdir("./4456", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9813 ./strace-static-x86_64: Process 9813 attached [pid 9813] set_robust_list(0x55558abad660, 24) = 0 [pid 9813] chdir("./4456") = 0 [pid 9813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9813] setpgid(0, 0) = 0 [pid 9813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9813] write(3, "1000", 4) = 4 [pid 9813] close(3) = 0 [pid 9813] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9813] write(1, "executing program\n", 18) = 18 [pid 9813] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9813] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9813] memfd_create("syzkaller", 0) = 3 [pid 9813] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9813] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9813] munmap(0x7ff698483000, 138412032) = 0 [pid 9813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 563.522079][ T9811] loop0: detected capacity change from 0 to 512 [ 563.529166][ T9811] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 563.539790][ T9811] EXT4-fs (loop0): 1 truncate cleaned up [ 563.548125][ T9811] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9813] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9813] close(3) = 0 [pid 9813] close(4) = 0 [pid 9813] mkdir("./file0", 0777) = 0 [pid 9813] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9813] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9813] chdir("./file0") = 0 [pid 9813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9813] ioctl(4, LOOP_CLR_FD) = 0 [pid 9813] close(4) = 0 [pid 9813] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9813] truncate("./file2", 0) = 0 [pid 9813] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9813] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9813] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9813, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4456", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4456", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4456/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4456/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4456/binderfs") = 0 umount2("./4456/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4456/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4456/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4456/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4456/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4456/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4456") = 0 mkdir("./4457", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9815 ./strace-static-x86_64: Process 9815 attached [pid 9815] set_robust_list(0x55558abad660, 24) = 0 [pid 9815] chdir("./4457") = 0 [pid 9815] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9815] setpgid(0, 0) = 0 [pid 9815] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9815] write(3, "1000", 4) = 4 [pid 9815] close(3) = 0 [pid 9815] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9815] write(1, "executing program\n", 18executing program ) = 18 [pid 9815] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9815] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9815] memfd_create("syzkaller", 0) = 3 [pid 9815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9815] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9815] munmap(0x7ff698483000, 138412032) = 0 [pid 9815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 563.588078][ T9813] loop0: detected capacity change from 0 to 512 [ 563.595512][ T9813] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 563.606379][ T9813] EXT4-fs (loop0): 1 truncate cleaned up [ 563.613356][ T9813] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9815] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9815] close(3) = 0 [pid 9815] close(4) = 0 [pid 9815] mkdir("./file0", 0777) = 0 [pid 9815] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9815] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9815] chdir("./file0") = 0 [pid 9815] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9815] ioctl(4, LOOP_CLR_FD) = 0 [pid 9815] close(4) = 0 [pid 9815] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9815] truncate("./file2", 0) = 0 [pid 9815] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9815] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9815] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9815, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4457", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4457", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4457/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4457/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4457/binderfs") = 0 umount2("./4457/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4457/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4457/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4457/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4457/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, executing program 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4457/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4457") = 0 mkdir("./4458", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9817 ./strace-static-x86_64: Process 9817 attached [pid 9817] set_robust_list(0x55558abad660, 24) = 0 [pid 9817] chdir("./4458") = 0 [pid 9817] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9817] setpgid(0, 0) = 0 [pid 9817] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9817] write(3, "1000", 4) = 4 [pid 9817] close(3) = 0 [pid 9817] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9817] write(1, "executing program\n", 18) = 18 [pid 9817] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9817] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9817] memfd_create("syzkaller", 0) = 3 [pid 9817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9817] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9817] munmap(0x7ff698483000, 138412032) = 0 [ 563.641273][ T9815] loop0: detected capacity change from 0 to 512 [ 563.648726][ T9815] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 563.659583][ T9815] EXT4-fs (loop0): 1 truncate cleaned up [ 563.666448][ T9815] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9817] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9817] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9817] close(3) = 0 [pid 9817] close(4) = 0 [pid 9817] mkdir("./file0", 0777) = 0 [pid 9817] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9817] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9817] chdir("./file0") = 0 [pid 9817] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9817] ioctl(4, LOOP_CLR_FD) = 0 [pid 9817] close(4) = 0 [pid 9817] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9817] truncate("./file2", 0) = 0 [pid 9817] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9817] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9817] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9817, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4458", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4458", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4458/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4458/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4458/binderfs") = 0 umount2("./4458/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4458/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4458/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4458/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4458/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4458/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4458") = 0 mkdir("./4459", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9819 ./strace-static-x86_64: Process 9819 attached [pid 9819] set_robust_list(0x55558abad660, 24) = 0 [pid 9819] chdir("./4459") = 0 [pid 9819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9819] setpgid(0, 0) = 0 [pid 9819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9819] write(3, "1000", 4) = 4 [pid 9819] close(3) = 0 [pid 9819] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9819] write(1, "executing program\n", 18) = 18 [pid 9819] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9819] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9819] memfd_create("syzkaller", 0) = 3 [pid 9819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9819] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9819] munmap(0x7ff698483000, 138412032) = 0 [pid 9819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 563.703615][ T9817] loop0: detected capacity change from 0 to 512 [ 563.711171][ T9817] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 563.721744][ T9817] EXT4-fs (loop0): 1 truncate cleaned up [ 563.728672][ T9817] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9819] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9819] close(3) = 0 [pid 9819] close(4) = 0 [pid 9819] mkdir("./file0", 0777) = 0 [pid 9819] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9819] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9819] chdir("./file0") = 0 [pid 9819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9819] ioctl(4, LOOP_CLR_FD) = 0 [pid 9819] close(4) = 0 [pid 9819] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9819] truncate("./file2", 0) = 0 [pid 9819] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9819] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9819] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9819, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4459", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4459", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4459/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4459/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4459/binderfs") = 0 umount2("./4459/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4459/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4459/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4459/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4459/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4459/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4459") = 0 mkdir("./4460", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9821 ./strace-static-x86_64: Process 9821 attached [pid 9821] set_robust_list(0x55558abad660, 24) = 0 [pid 9821] chdir("./4460") = 0 [pid 9821] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9821] setpgid(0, 0) = 0 [pid 9821] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9821] write(3, "1000", 4) = 4 [pid 9821] close(3) = 0 [pid 9821] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9821] write(1, "executing program\n", 18) = 18 [pid 9821] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9821] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9821] memfd_create("syzkaller", 0) = 3 [pid 9821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [ 563.767594][ T9819] loop0: detected capacity change from 0 to 512 [ 563.785019][ T9819] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 563.795636][ T9819] EXT4-fs (loop0): 1 truncate cleaned up [ 563.802497][ T9819] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9821] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9821] munmap(0x7ff698483000, 138412032) = 0 [pid 9821] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9821] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9821] close(3) = 0 [pid 9821] close(4) = 0 [pid 9821] mkdir("./file0", 0777) = 0 [pid 9821] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9821] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9821] chdir("./file0") = 0 [pid 9821] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9821] ioctl(4, LOOP_CLR_FD) = 0 [pid 9821] close(4) = 0 [pid 9821] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9821] truncate("./file2", 0) = 0 [pid 9821] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9821] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9821] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9821, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4460", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4460", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4460/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4460/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4460/binderfs") = 0 umount2("./4460/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4460/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4460/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4460/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4460/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4460/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4460") = 0 mkdir("./4461", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9823 ./strace-static-x86_64: Process 9823 attached executing program [pid 9823] set_robust_list(0x55558abad660, 24) = 0 [pid 9823] chdir("./4461") = 0 [pid 9823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9823] setpgid(0, 0) = 0 [pid 9823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9823] write(3, "1000", 4) = 4 [pid 9823] close(3) = 0 [pid 9823] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9823] write(1, "executing program\n", 18) = 18 [pid 9823] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9823] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9823] memfd_create("syzkaller", 0) = 3 [pid 9823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9823] munmap(0x7ff698483000, 138412032) = 0 [ 563.831721][ T9821] loop0: detected capacity change from 0 to 512 [ 563.839089][ T9821] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 563.849725][ T9821] EXT4-fs (loop0): 1 truncate cleaned up [ 563.856795][ T9821] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9823] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9823] close(3) = 0 [pid 9823] close(4) = 0 [pid 9823] mkdir("./file0", 0777) = 0 [pid 9823] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9823] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9823] chdir("./file0") = 0 [pid 9823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9823] ioctl(4, LOOP_CLR_FD) = 0 [pid 9823] close(4) = 0 [pid 9823] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9823] truncate("./file2", 0) = 0 [pid 9823] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9823] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9823] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9823, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4461", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4461", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4461/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4461/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4461/binderfs") = 0 umount2("./4461/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4461/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4461/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4461/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4461/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4461/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4461") = 0 mkdir("./4462", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9825 ./strace-static-x86_64: Process 9825 attached [pid 9825] set_robust_list(0x55558abad660, 24) = 0 [pid 9825] chdir("./4462") = 0 [pid 9825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9825] setpgid(0, 0) = 0 [pid 9825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9825] write(3, "1000", 4) = 4 executing program [pid 9825] close(3) = 0 [pid 9825] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9825] write(1, "executing program\n", 18) = 18 [pid 9825] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9825] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9825] memfd_create("syzkaller", 0) = 3 [pid 9825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9825] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9825] munmap(0x7ff698483000, 138412032) = 0 [pid 9825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 563.885433][ T9823] loop0: detected capacity change from 0 to 512 [ 563.892984][ T9823] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 563.903620][ T9823] EXT4-fs (loop0): 1 truncate cleaned up [ 563.910532][ T9823] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9825] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9825] close(3) = 0 [pid 9825] close(4) = 0 [pid 9825] mkdir("./file0", 0777) = 0 [pid 9825] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9825] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9825] chdir("./file0") = 0 [pid 9825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9825] ioctl(4, LOOP_CLR_FD) = 0 [pid 9825] close(4) = 0 [pid 9825] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9825] truncate("./file2", 0) = 0 [pid 9825] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9825] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9825] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9825, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4462", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4462", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4462/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4462/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4462/binderfs") = 0 umount2("./4462/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4462/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4462/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4462/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4462/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4462/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4462") = 0 mkdir("./4463", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9827 ./strace-static-x86_64: Process 9827 attached [pid 9827] set_robust_list(0x55558abad660, 24executing program ) = 0 [pid 9827] chdir("./4463") = 0 [pid 9827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9827] setpgid(0, 0) = 0 [pid 9827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9827] write(3, "1000", 4) = 4 [pid 9827] close(3) = 0 [pid 9827] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9827] write(1, "executing program\n", 18) = 18 [pid 9827] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9827] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9827] memfd_create("syzkaller", 0) = 3 [pid 9827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9827] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9827] munmap(0x7ff698483000, 138412032) = 0 [pid 9827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 563.951611][ T9825] loop0: detected capacity change from 0 to 512 [ 563.958944][ T9825] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 563.969586][ T9825] EXT4-fs (loop0): 1 truncate cleaned up [ 563.977008][ T9825] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9827] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9827] close(3) = 0 [pid 9827] close(4) = 0 [pid 9827] mkdir("./file0", 0777) = 0 [pid 9827] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9827] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9827] chdir("./file0") = 0 [pid 9827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9827] ioctl(4, LOOP_CLR_FD) = 0 [pid 9827] close(4) = 0 [pid 9827] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9827] truncate("./file2", 0) = 0 [pid 9827] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9827] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9827] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9827, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4463", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4463", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4463/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4463/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4463/binderfs") = 0 umount2("./4463/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4463/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4463/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4463/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4463/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4463/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4463") = 0 mkdir("./4464", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9829 ./strace-static-x86_64: Process 9829 attached [pid 9829] set_robust_list(0x55558abad660, 24) = 0 [pid 9829] chdir("./4464") = 0 [pid 9829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9829] setpgid(0, 0) = 0 [pid 9829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9829] write(3, "1000", 4) = 4 [pid 9829] close(3) = 0 [pid 9829] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9829] write(1, "executing program\n", 18) = 18 [pid 9829] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9829] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9829] memfd_create("syzkaller", 0) = 3 [pid 9829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9829] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9829] munmap(0x7ff698483000, 138412032) = 0 [ 564.013829][ T9827] loop0: detected capacity change from 0 to 512 [ 564.021045][ T9827] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 564.031496][ T9827] EXT4-fs (loop0): 1 truncate cleaned up [ 564.038694][ T9827] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9829] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9829] close(3) = 0 [pid 9829] close(4) = 0 [pid 9829] mkdir("./file0", 0777) = 0 [pid 9829] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9829] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9829] chdir("./file0") = 0 [pid 9829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9829] ioctl(4, LOOP_CLR_FD) = 0 [pid 9829] close(4) = 0 [pid 9829] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9829] truncate("./file2", 0) = 0 [pid 9829] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9829] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9829] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9829, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4464", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4464", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4464/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4464/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4464/binderfs") = 0 umount2("./4464/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4464/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4464/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4464/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4464/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4464/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4464") = 0 mkdir("./4465", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9831 ./strace-static-x86_64: Process 9831 attached [pid 9831] set_robust_list(0x55558abad660, 24) = 0 [pid 9831] chdir("./4465") = 0 [pid 9831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9831] setpgid(0, 0) = 0 [pid 9831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9831] write(3, "1000", 4) = 4 [pid 9831] close(3) = 0 [pid 9831] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9831] write(1, "executing program\n", 18executing program ) = 18 [pid 9831] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9831] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9831] memfd_create("syzkaller", 0) = 3 [pid 9831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9831] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9831] munmap(0x7ff698483000, 138412032) = 0 [pid 9831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 564.090187][ T9829] loop0: detected capacity change from 0 to 512 [ 564.097618][ T9829] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 564.108261][ T9829] EXT4-fs (loop0): 1 truncate cleaned up [ 564.114824][ T9829] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9831] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9831] close(3) = 0 [pid 9831] close(4) = 0 [pid 9831] mkdir("./file0", 0777) = 0 [pid 9831] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9831] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9831] chdir("./file0") = 0 [pid 9831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9831] ioctl(4, LOOP_CLR_FD) = 0 [pid 9831] close(4) = 0 [pid 9831] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9831] truncate("./file2", 0) = 0 [pid 9831] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9831] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9831] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9831, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4465", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4465", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4465/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4465/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4465/binderfs") = 0 umount2("./4465/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4465/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4465/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4465/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4465/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4465/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4465") = 0 mkdir("./4466", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9834 ./strace-static-x86_64: Process 9834 attached [pid 9834] set_robust_list(0x55558abad660, 24) = 0 [pid 9834] chdir("./4466") = 0 [pid 9834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9834] setpgid(0, 0) = 0 [pid 9834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9834] write(3, "1000", 4) = 4 [pid 9834] close(3) = 0 [pid 9834] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9834] write(1, "executing program\n", 18) = 18 [pid 9834] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9834] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9834] memfd_create("syzkaller", 0) = 3 [pid 9834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9834] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9834] munmap(0x7ff698483000, 138412032) = 0 [pid 9834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 564.146301][ T9831] loop0: detected capacity change from 0 to 512 [ 564.153656][ T9831] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 564.164275][ T9831] EXT4-fs (loop0): 1 truncate cleaned up [ 564.171264][ T9831] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9834] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9834] close(3) = 0 [pid 9834] close(4) = 0 [pid 9834] mkdir("./file0", 0777) = 0 [pid 9834] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9834] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9834] chdir("./file0") = 0 [pid 9834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9834] ioctl(4, LOOP_CLR_FD) = 0 [pid 9834] close(4) = 0 [pid 9834] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9834] truncate("./file2", 0) = 0 [pid 9834] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9834] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9834] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9834, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4466", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4466", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4466/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4466/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4466/binderfs") = 0 umount2("./4466/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4466/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4466/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4466/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4466/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4466/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4466") = 0 mkdir("./4467", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9836 ./strace-static-x86_64: Process 9836 attached [pid 9836] set_robust_list(0x55558abad660, 24) = 0 [pid 9836] chdir("./4467") = 0 [pid 9836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9836] setpgid(0, 0) = 0 [pid 9836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9836] write(3, "1000", 4) = 4 [pid 9836] close(3) = 0 [pid 9836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9836] write(1, "executing program\n", 18) = 18 [pid 9836] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9836] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9836] memfd_create("syzkaller", 0) = 3 [pid 9836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9836] munmap(0x7ff698483000, 138412032) = 0 [pid 9836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 564.199818][ T9834] loop0: detected capacity change from 0 to 512 [ 564.207859][ T9834] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 564.218426][ T9834] EXT4-fs (loop0): 1 truncate cleaned up [ 564.225400][ T9834] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9836] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9836] close(3) = 0 [pid 9836] close(4) = 0 [pid 9836] mkdir("./file0", 0777) = 0 [pid 9836] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9836] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9836] chdir("./file0") = 0 [pid 9836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9836] ioctl(4, LOOP_CLR_FD) = 0 [pid 9836] close(4) = 0 [pid 9836] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9836] truncate("./file2", 0) = 0 [pid 9836] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9836] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9836] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9836, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4467", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4467", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4467/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4467/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4467/binderfs") = 0 umount2("./4467/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4467/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4467/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4467/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4467/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4467/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4467") = 0 mkdir("./4468", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9838 ./strace-static-x86_64: Process 9838 attached [pid 9838] set_robust_list(0x55558abad660, 24) = 0 [pid 9838] chdir("./4468") = 0 [pid 9838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9838] setpgid(0, 0) = 0 [pid 9838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9838] write(3, "1000", 4) = 4 [pid 9838] close(3) = 0 [pid 9838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9838] write(1, "executing program\n", 18) = 18 executing program [pid 9838] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9838] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9838] memfd_create("syzkaller", 0) = 3 [pid 9838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9838] munmap(0x7ff698483000, 138412032) = 0 [pid 9838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 564.258693][ T9836] loop0: detected capacity change from 0 to 512 [ 564.266042][ T9836] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 564.276961][ T9836] EXT4-fs (loop0): 1 truncate cleaned up [ 564.283703][ T9836] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9838] close(3) = 0 [pid 9838] close(4) = 0 [pid 9838] mkdir("./file0", 0777) = 0 [pid 9838] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9838] chdir("./file0") = 0 [pid 9838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9838] ioctl(4, LOOP_CLR_FD) = 0 [pid 9838] close(4) = 0 [pid 9838] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9838] truncate("./file2", 0) = 0 [pid 9838] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9838] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9838] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9838, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4468", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4468", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4468/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4468/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4468/binderfs") = 0 umount2("./4468/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4468/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4468/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4468/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4468/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4468/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4468") = 0 mkdir("./4469", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 9840 attached , child_tidptr=0x55558abad650) = 9840 [pid 9840] set_robust_list(0x55558abad660, 24) = 0 [pid 9840] chdir("./4469") = 0 [pid 9840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9840] setpgid(0, 0) = 0 [pid 9840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9840] write(3, "1000", 4) = 4 [pid 9840] close(3) = 0 [pid 9840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9840] write(1, "executing program\n", 18) = 18 [pid 9840] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9840] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9840] memfd_create("syzkaller", 0) = 3 [pid 9840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9840] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9840] munmap(0x7ff698483000, 138412032) = 0 [pid 9840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 564.323345][ T9838] loop0: detected capacity change from 0 to 512 [ 564.330666][ T9838] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 564.341392][ T9838] EXT4-fs (loop0): 1 truncate cleaned up [ 564.348428][ T9838] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9840] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9840] close(3) = 0 [pid 9840] close(4) = 0 [pid 9840] mkdir("./file0", 0777) = 0 [pid 9840] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9840] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9840] chdir("./file0") = 0 [pid 9840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9840] ioctl(4, LOOP_CLR_FD) = 0 [pid 9840] close(4) = 0 [pid 9840] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9840] truncate("./file2", 0) = 0 [pid 9840] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9840] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9840] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9840, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4469", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4469", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4469/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4469/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4469/binderfs") = 0 umount2("./4469/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4469/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4469/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4469/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4469/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4469/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4469") = 0 mkdir("./4470", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9842 [ 564.383085][ T9840] loop0: detected capacity change from 0 to 512 [ 564.390647][ T9840] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 564.402007][ T9840] EXT4-fs (loop0): 1 truncate cleaned up [ 564.409076][ T9840] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. executing program ./strace-static-x86_64: Process 9842 attached [pid 9842] set_robust_list(0x55558abad660, 24) = 0 [pid 9842] chdir("./4470") = 0 [pid 9842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9842] setpgid(0, 0) = 0 [pid 9842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9842] write(3, "1000", 4) = 4 [pid 9842] close(3) = 0 [pid 9842] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9842] write(1, "executing program\n", 18) = 18 [pid 9842] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9842] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9842] memfd_create("syzkaller", 0) = 3 [pid 9842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9842] munmap(0x7ff698483000, 138412032) = 0 [pid 9842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9842] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9842] close(3) = 0 [pid 9842] close(4) = 0 [pid 9842] mkdir("./file0", 0777) = 0 [pid 9842] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9842] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9842] chdir("./file0") = 0 [pid 9842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9842] ioctl(4, LOOP_CLR_FD) = 0 [pid 9842] close(4) = 0 [pid 9842] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9842] truncate("./file2", 0) = 0 [pid 9842] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9842] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9842] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9842, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4470", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4470", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4470/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4470/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4470/binderfs") = 0 umount2("./4470/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4470/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4470/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4470/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4470/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4470/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4470") = 0 mkdir("./4471", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9844 ./strace-static-x86_64: Process 9844 attached [pid 9844] set_robust_list(0x55558abad660, 24) = 0 [pid 9844] chdir("./4471") = 0 [pid 9844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9844] setpgid(0, 0) = 0 [pid 9844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9844] write(3, "1000", 4) = 4 [pid 9844] close(3) = 0 [pid 9844] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9844] write(1, "executing program\n", 18) = 18 [pid 9844] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9844] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9844] memfd_create("syzkaller", 0) = 3 [pid 9844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9844] munmap(0x7ff698483000, 138412032) = 0 [ 564.439506][ T9842] loop0: detected capacity change from 0 to 512 [ 564.447389][ T9842] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 564.457955][ T9842] EXT4-fs (loop0): 1 truncate cleaned up [ 564.465075][ T9842] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9844] close(3) = 0 [pid 9844] close(4) = 0 [pid 9844] mkdir("./file0", 0777) = 0 [pid 9844] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9844] chdir("./file0") = 0 [pid 9844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9844] ioctl(4, LOOP_CLR_FD) = 0 [pid 9844] close(4) = 0 [pid 9844] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9844] truncate("./file2", 0) = 0 [pid 9844] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9844] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9844] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9844, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4471", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4471", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4471/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4471/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4471/binderfs") = 0 umount2("./4471/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4471/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4471/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4471/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4471/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4471/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4471") = 0 mkdir("./4472", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9846 ./strace-static-x86_64: Process 9846 attached [pid 9846] set_robust_list(0x55558abad660, 24) = 0 [pid 9846] chdir("./4472") = 0 [pid 9846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9846] setpgid(0, 0) = 0 [pid 9846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9846] write(3, "1000", 4) = 4 [pid 9846] close(3) = 0 [pid 9846] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9846] write(1, "executing program\n", 18) = 18 [pid 9846] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9846] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9846] memfd_create("syzkaller", 0) = 3 [pid 9846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9846] munmap(0x7ff698483000, 138412032) = 0 [pid 9846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 564.504444][ T9844] loop0: detected capacity change from 0 to 512 [ 564.512067][ T9844] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 564.522558][ T9844] EXT4-fs (loop0): 1 truncate cleaned up [ 564.530123][ T9844] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9846] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9846] close(3) = 0 [pid 9846] close(4) = 0 [pid 9846] mkdir("./file0", 0777) = 0 [pid 9846] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9846] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9846] chdir("./file0") = 0 [pid 9846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9846] ioctl(4, LOOP_CLR_FD) = 0 [pid 9846] close(4) = 0 [pid 9846] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9846] truncate("./file2", 0) = 0 [pid 9846] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9846] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9846] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9846, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4472", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4472", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4472/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4472/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4472/binderfs") = 0 umount2("./4472/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4472/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4472/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4472/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4472/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4472/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4472") = 0 mkdir("./4473", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9848 ./strace-static-x86_64: Process 9848 attached [pid 9848] set_robust_list(0x55558abad660, 24) = 0 [pid 9848] chdir("./4473") = 0 [pid 9848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9848] setpgid(0, 0) = 0 [pid 9848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9848] write(3, "1000", 4) = 4 [pid 9848] close(3) = 0 [pid 9848] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9848] write(1, "executing program\n", 18) = 18 [pid 9848] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9848] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9848] memfd_create("syzkaller", 0) = 3 [pid 9848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9848] munmap(0x7ff698483000, 138412032) = 0 [pid 9848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 564.566415][ T9846] loop0: detected capacity change from 0 to 512 [ 564.573912][ T9846] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 564.584561][ T9846] EXT4-fs (loop0): 1 truncate cleaned up [ 564.591550][ T9846] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9848] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9848] close(3) = 0 [pid 9848] close(4) = 0 [pid 9848] mkdir("./file0", 0777) = 0 [pid 9848] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9848] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9848] chdir("./file0") = 0 [pid 9848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9848] ioctl(4, LOOP_CLR_FD) = 0 [pid 9848] close(4) = 0 [pid 9848] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9848] truncate("./file2", 0) = 0 [pid 9848] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9848] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9848] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9848, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4473", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4473", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4473/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4473/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4473/binderfs") = 0 umount2("./4473/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4473/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4473/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4473/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4473/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4473/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4473") = 0 mkdir("./4474", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9850 ./strace-static-x86_64: Process 9850 attached [pid 9850] set_robust_list(0x55558abad660, 24) = 0 [pid 9850] chdir("./4474") = 0 [pid 9850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9850] setpgid(0, 0) = 0 [pid 9850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9850] write(3, "1000", 4) = 4 [pid 9850] close(3) = 0 [pid 9850] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9850] write(1, "executing program\n", 18) = 18 [pid 9850] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9850] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9850] memfd_create("syzkaller", 0) = 3 [pid 9850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9850] munmap(0x7ff698483000, 138412032) = 0 [pid 9850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 564.630641][ T9848] loop0: detected capacity change from 0 to 512 [ 564.638369][ T9848] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 564.648922][ T9848] EXT4-fs (loop0): 1 truncate cleaned up [ 564.655902][ T9848] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9850] close(3) = 0 [pid 9850] close(4) = 0 [pid 9850] mkdir("./file0", 0777) = 0 [pid 9850] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9850] chdir("./file0") = 0 [pid 9850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9850] ioctl(4, LOOP_CLR_FD) = 0 [pid 9850] close(4) = 0 [pid 9850] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9850] truncate("./file2", 0) = 0 [pid 9850] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9850] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9850] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9850, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4474", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4474", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4474/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4474/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4474/binderfs") = 0 umount2("./4474/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4474/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4474/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4474/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4474/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4474/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4474") = 0 mkdir("./4475", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9852 ./strace-static-x86_64: Process 9852 attached [pid 9852] set_robust_list(0x55558abad660, 24) = 0 [pid 9852] chdir("./4475") = 0 [pid 9852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9852] setpgid(0, 0) = 0 [pid 9852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9852] write(3, "1000", 4) = 4 [pid 9852] close(3) = 0 [pid 9852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9852] write(1, "executing program\n", 18executing program ) = 18 [pid 9852] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9852] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9852] memfd_create("syzkaller", 0) = 3 [pid 9852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9852] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9852] munmap(0x7ff698483000, 138412032) = 0 [pid 9852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 564.692240][ T9850] loop0: detected capacity change from 0 to 512 [ 564.699801][ T9850] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 564.710455][ T9850] EXT4-fs (loop0): 1 truncate cleaned up [ 564.717446][ T9850] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9852] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9852] close(3) = 0 [pid 9852] close(4) = 0 [pid 9852] mkdir("./file0", 0777) = 0 [pid 9852] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9852] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9852] chdir("./file0") = 0 [pid 9852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9852] ioctl(4, LOOP_CLR_FD) = 0 [pid 9852] close(4) = 0 [pid 9852] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9852] truncate("./file2", 0) = 0 [pid 9852] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9852] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9852] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9852, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4475", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4475", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4475/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4475/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4475/binderfs") = 0 umount2("./4475/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4475/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4475/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4475/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4475/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4475/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4475") = 0 mkdir("./4476", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9854 ./strace-static-x86_64: Process 9854 attached [pid 9854] set_robust_list(0x55558abad660, 24) = 0 [pid 9854] chdir("./4476") = 0 [pid 9854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9854] setpgid(0, 0) = 0 [pid 9854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9854] write(3, "1000", 4) = 4 [pid 9854] close(3) = 0 [pid 9854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9854] write(1, "executing program\n", 18executing program ) = 18 [pid 9854] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9854] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9854] memfd_create("syzkaller", 0) = 3 [pid 9854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9854] munmap(0x7ff698483000, 138412032) = 0 [pid 9854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 564.752656][ T9852] loop0: detected capacity change from 0 to 512 [ 564.763306][ T9852] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 564.774246][ T9852] EXT4-fs (loop0): 1 truncate cleaned up [ 564.781585][ T9852] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9854] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9854] close(3) = 0 [pid 9854] close(4) = 0 [pid 9854] mkdir("./file0", 0777) = 0 [pid 9854] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9854] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9854] chdir("./file0") = 0 [pid 9854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9854] ioctl(4, LOOP_CLR_FD) = 0 [pid 9854] close(4) = 0 [pid 9854] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9854] truncate("./file2", 0) = 0 [pid 9854] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9854] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9854] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9854, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- umount2("./4476", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4476", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4476/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4476/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4476/binderfs") = 0 umount2("./4476/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4476/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4476/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4476/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4476/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4476/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4476") = 0 mkdir("./4477", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9856 ./strace-static-x86_64: Process 9856 attached [pid 9856] set_robust_list(0x55558abad660, 24) = 0 [pid 9856] chdir("./4477") = 0 [pid 9856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9856] setpgid(0, 0) = 0 [pid 9856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9856] write(3, "1000", 4) = 4 [pid 9856] close(3) = 0 [pid 9856] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9856] write(1, "executing program\n", 18executing program ) = 18 [pid 9856] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9856] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9856] memfd_create("syzkaller", 0) = 3 [pid 9856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9856] munmap(0x7ff698483000, 138412032) = 0 [ 564.812647][ T9854] loop0: detected capacity change from 0 to 512 [ 564.820079][ T9854] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 564.830681][ T9854] EXT4-fs (loop0): 1 truncate cleaned up [ 564.837924][ T9854] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9856] close(3) = 0 [pid 9856] close(4) = 0 [pid 9856] mkdir("./file0", 0777) = 0 [pid 9856] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9856] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9856] chdir("./file0") = 0 [pid 9856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9856] ioctl(4, LOOP_CLR_FD) = 0 [pid 9856] close(4) = 0 [pid 9856] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9856] truncate("./file2", 0) = 0 [pid 9856] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9856] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9856] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9856, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4477", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4477", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4477/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4477/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4477/binderfs") = 0 umount2("./4477/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4477/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4477/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4477/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4477/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4477/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4477") = 0 mkdir("./4478", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9858 ./strace-static-x86_64: Process 9858 attached [pid 9858] set_robust_list(0x55558abad660, 24) = 0 [pid 9858] chdir("./4478") = 0 [pid 9858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9858] setpgid(0, 0) = 0 [pid 9858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9858] write(3, "1000", 4) = 4 [pid 9858] close(3) = 0 [pid 9858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9858] write(1, "executing program\n", 18executing program ) = 18 [pid 9858] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9858] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9858] memfd_create("syzkaller", 0) = 3 [pid 9858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9858] munmap(0x7ff698483000, 138412032) = 0 [pid 9858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 564.869609][ T9856] loop0: detected capacity change from 0 to 512 [ 564.877569][ T9856] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 564.888394][ T9856] EXT4-fs (loop0): 1 truncate cleaned up [ 564.894996][ T9856] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9858] close(3) = 0 [pid 9858] close(4) = 0 [pid 9858] mkdir("./file0", 0777) = 0 [pid 9858] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9858] chdir("./file0") = 0 [pid 9858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9858] ioctl(4, LOOP_CLR_FD) = 0 [pid 9858] close(4) = 0 [pid 9858] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9858] truncate("./file2", 0) = 0 [pid 9858] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9858] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9858] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9858, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4478", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4478", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4478/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4478/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4478/binderfs") = 0 umount2("./4478/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4478/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4478/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4478/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4478/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4478/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4478") = 0 mkdir("./4479", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9860 ./strace-static-x86_64: Process 9860 attached [pid 9860] set_robust_list(0x55558abad660, 24) = 0 [pid 9860] chdir("./4479") = 0 [pid 9860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9860] setpgid(0, 0) = 0 [pid 9860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9860] write(3, "1000", 4) = 4 [pid 9860] close(3) = 0 [pid 9860] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9860] write(1, "executing program\n", 18) = 18 [pid 9860] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9860] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9860] memfd_create("syzkaller", 0) = 3 [pid 9860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9860] munmap(0x7ff698483000, 138412032) = 0 [pid 9860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 564.926602][ T9858] loop0: detected capacity change from 0 to 512 [ 564.934341][ T9858] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 564.945198][ T9858] EXT4-fs (loop0): 1 truncate cleaned up [ 564.952580][ T9858] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9860] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9860] close(3) = 0 [pid 9860] close(4) = 0 [pid 9860] mkdir("./file0", 0777) = 0 [pid 9860] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9860] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9860] chdir("./file0") = 0 [pid 9860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9860] ioctl(4, LOOP_CLR_FD) = 0 [pid 9860] close(4) = 0 [pid 9860] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9860] truncate("./file2", 0) = 0 [pid 9860] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9860] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9860] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9860, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4479", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4479", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4479/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4479/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4479/binderfs") = 0 umount2("./4479/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4479/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4479/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4479/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4479/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4479/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4479") = 0 mkdir("./4480", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9862 ./strace-static-x86_64: Process 9862 attached [pid 9862] set_robust_list(0x55558abad660, 24) = 0 [pid 9862] chdir("./4480") = 0 [pid 9862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9862] setpgid(0, 0) = 0 [pid 9862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9862] write(3, "1000", 4) = 4 [pid 9862] close(3) = 0 [pid 9862] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9862] write(1, "executing program\n", 18) = 18 [pid 9862] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9862] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9862] memfd_create("syzkaller", 0) = 3 [pid 9862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [ 564.991309][ T9860] loop0: detected capacity change from 0 to 512 [ 564.998964][ T9860] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 565.009572][ T9860] EXT4-fs (loop0): 1 truncate cleaned up [ 565.016849][ T9860] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9862] munmap(0x7ff698483000, 138412032) = 0 [pid 9862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9862] close(3) = 0 [pid 9862] close(4) = 0 [pid 9862] mkdir("./file0", 0777) = 0 [pid 9862] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9862] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9862] chdir("./file0") = 0 [pid 9862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9862] ioctl(4, LOOP_CLR_FD) = 0 [pid 9862] close(4) = 0 [pid 9862] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9862] truncate("./file2", 0) = 0 [pid 9862] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9862] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9862] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9862, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4480", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4480", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4480/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4480/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4480/binderfs") = 0 umount2("./4480/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4480/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4480/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4480/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4480/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4480/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4480") = 0 mkdir("./4481", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9864 ./strace-static-x86_64: Process 9864 attached [pid 9864] set_robust_list(0x55558abad660, 24) = 0 [pid 9864] chdir("./4481") = 0 [pid 9864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9864] setpgid(0, 0) = 0 [pid 9864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 9864] write(3, "1000", 4) = 4 [pid 9864] close(3) = 0 [pid 9864] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9864] write(1, "executing program\n", 18) = 18 [pid 9864] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9864] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9864] memfd_create("syzkaller", 0) = 3 [pid 9864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9864] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9864] munmap(0x7ff698483000, 138412032) = 0 [pid 9864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 565.047963][ T9862] loop0: detected capacity change from 0 to 512 [ 565.055660][ T9862] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 565.066313][ T9862] EXT4-fs (loop0): 1 truncate cleaned up [ 565.072949][ T9862] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9864] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9864] close(3) = 0 [pid 9864] close(4) = 0 [pid 9864] mkdir("./file0", 0777) = 0 [pid 9864] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9864] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9864] chdir("./file0") = 0 [pid 9864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9864] ioctl(4, LOOP_CLR_FD) = 0 [pid 9864] close(4) = 0 [pid 9864] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9864] truncate("./file2", 0) = 0 [pid 9864] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9864] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9864] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9864, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4481", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4481", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4481/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4481/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4481/binderfs") = 0 umount2("./4481/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4481/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4481/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4481/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4481/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4481/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4481") = 0 mkdir("./4482", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9866 ./strace-static-x86_64: Process 9866 attached [pid 9866] set_robust_list(0x55558abad660, 24) = 0 [pid 9866] chdir("./4482") = 0 [pid 9866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9866] setpgid(0, 0) = 0 [pid 9866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9866] write(3, "1000", 4) = 4 [pid 9866] close(3) = 0 [pid 9866] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9866] write(1, "executing program\n", 18) = 18 [pid 9866] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9866] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9866] memfd_create("syzkaller", 0) = 3 [pid 9866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9866] munmap(0x7ff698483000, 138412032) = 0 [pid 9866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 565.102351][ T9864] loop0: detected capacity change from 0 to 512 [ 565.110100][ T9864] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 565.121007][ T9864] EXT4-fs (loop0): 1 truncate cleaned up [ 565.128098][ T9864] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9866] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9866] close(3) = 0 [pid 9866] close(4) = 0 [pid 9866] mkdir("./file0", 0777) = 0 [pid 9866] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9866] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9866] chdir("./file0") = 0 [pid 9866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9866] ioctl(4, LOOP_CLR_FD) = 0 [pid 9866] close(4) = 0 [pid 9866] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9866] truncate("./file2", 0) = 0 [pid 9866] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9866] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9866] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9866, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4482", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4482", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4482/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4482/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4482/binderfs") = 0 umount2("./4482/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4482/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4482/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4482/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4482/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4482/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4482") = 0 mkdir("./4483", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9869 ./strace-static-x86_64: Process 9869 attached [pid 9869] set_robust_list(0x55558abad660, 24) = 0 [pid 9869] chdir("./4483") = 0 [pid 9869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9869] setpgid(0, 0) = 0 [pid 9869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9869] write(3, "1000", 4) = 4 [pid 9869] close(3) = 0 [pid 9869] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9869] write(1, "executing program\n", 18) = 18 [pid 9869] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9869] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9869] memfd_create("syzkaller", 0) = 3 [pid 9869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9869] munmap(0x7ff698483000, 138412032) = 0 [pid 9869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 565.164531][ T9866] loop0: detected capacity change from 0 to 512 [ 565.171911][ T9866] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 565.182829][ T9866] EXT4-fs (loop0): 1 truncate cleaned up [ 565.189494][ T9866] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9869] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9869] close(3) = 0 [pid 9869] close(4) = 0 [pid 9869] mkdir("./file0", 0777) = 0 [pid 9869] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9869] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9869] chdir("./file0") = 0 [pid 9869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9869] ioctl(4, LOOP_CLR_FD) = 0 [pid 9869] close(4) = 0 [pid 9869] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9869] truncate("./file2", 0) = 0 [pid 9869] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9869] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9869] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9869, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4483", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4483", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4483/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4483/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4483/binderfs") = 0 umount2("./4483/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4483/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4483/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4483/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4483/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4483/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4483") = 0 mkdir("./4484", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 9871 attached , child_tidptr=0x55558abad650) = 9871 [pid 9871] set_robust_list(0x55558abad660, 24) = 0 [pid 9871] chdir("./4484") = 0 [pid 9871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9871] setpgid(0, 0) = 0 [pid 9871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9871] write(3, "1000", 4) = 4 [pid 9871] close(3) = 0 [pid 9871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9871] write(1, "executing program\n", 18executing program ) = 18 [pid 9871] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9871] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9871] memfd_create("syzkaller", 0) = 3 [pid 9871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9871] munmap(0x7ff698483000, 138412032) = 0 [ 565.228918][ T9869] loop0: detected capacity change from 0 to 512 [ 565.236304][ T9869] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 565.247117][ T9869] EXT4-fs (loop0): 1 truncate cleaned up [ 565.254148][ T9869] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9871] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9871] close(3) = 0 [pid 9871] close(4) = 0 [pid 9871] mkdir("./file0", 0777) = 0 [pid 9871] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9871] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9871] chdir("./file0") = 0 [pid 9871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9871] ioctl(4, LOOP_CLR_FD) = 0 [pid 9871] close(4) = 0 [pid 9871] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9871] truncate("./file2", 0) = 0 [pid 9871] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9871] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9871] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9871, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- umount2("./4484", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4484", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4484/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4484/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4484/binderfs") = 0 umount2("./4484/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4484/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4484/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4484/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4484/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4484/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4484") = 0 mkdir("./4485", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9873 ./strace-static-x86_64: Process 9873 attached [pid 9873] set_robust_list(0x55558abad660, 24) = 0 [pid 9873] chdir("./4485") = 0 [pid 9873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9873] setpgid(0, 0) = 0 [pid 9873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9873] write(3, "1000", 4) = 4 [pid 9873] close(3) = 0 [pid 9873] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9873] write(1, "executing program\n", 18executing program ) = 18 [pid 9873] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9873] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9873] memfd_create("syzkaller", 0) = 3 [pid 9873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9873] munmap(0x7ff698483000, 138412032) = 0 [pid 9873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 565.293492][ T9871] loop0: detected capacity change from 0 to 512 [ 565.301381][ T9871] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 565.312375][ T9871] EXT4-fs (loop0): 1 truncate cleaned up [ 565.319023][ T9871] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9873] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9873] close(3) = 0 [pid 9873] close(4) = 0 [pid 9873] mkdir("./file0", 0777) = 0 [pid 9873] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9873] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9873] chdir("./file0") = 0 [pid 9873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9873] ioctl(4, LOOP_CLR_FD) = 0 [pid 9873] close(4) = 0 [pid 9873] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9873] truncate("./file2", 0) = 0 [pid 9873] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9873] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9873] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9873, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4485", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4485", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4485/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4485/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4485/binderfs") = 0 umount2("./4485/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4485/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4485/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4485/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4485/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4485/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4485") = 0 mkdir("./4486", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9875 ./strace-static-x86_64: Process 9875 attached [pid 9875] set_robust_list(0x55558abad660, 24) = 0 [pid 9875] chdir("./4486") = 0 [pid 9875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9875] setpgid(0, 0) = 0 [pid 9875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9875] write(3, "1000", 4) = 4 [pid 9875] close(3) = 0 executing program [pid 9875] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9875] write(1, "executing program\n", 18) = 18 [pid 9875] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9875] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9875] memfd_create("syzkaller", 0) = 3 [pid 9875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9875] munmap(0x7ff698483000, 138412032) = 0 [pid 9875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9875] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9875] close(3) = 0 [pid 9875] close(4) = 0 [pid 9875] mkdir("./file0", 0777) = 0 [ 565.350063][ T9873] loop0: detected capacity change from 0 to 512 [ 565.358051][ T9873] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 565.368801][ T9873] EXT4-fs (loop0): 1 truncate cleaned up [ 565.375977][ T9873] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9875] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9875] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9875] chdir("./file0") = 0 [pid 9875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9875] ioctl(4, LOOP_CLR_FD) = 0 [pid 9875] close(4) = 0 [pid 9875] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9875] truncate("./file2", 0) = 0 [pid 9875] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9875] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9875] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9875, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4486", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4486", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4486/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4486/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4486/binderfs") = 0 umount2("./4486/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4486/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4486/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4486/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4486/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4486/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4486") = 0 mkdir("./4487", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9877 ./strace-static-x86_64: Process 9877 attached [pid 9877] set_robust_list(0x55558abad660, 24) = 0 [pid 9877] chdir("./4487") = 0 [pid 9877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9877] setpgid(0, 0) = 0 [pid 9877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9877] write(3, "1000", 4) = 4 [pid 9877] close(3) = 0 [pid 9877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9877] write(1, "executing program\n", 18) = 18 [pid 9877] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9877] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9877] memfd_create("syzkaller", 0) = 3 [pid 9877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9877] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9877] munmap(0x7ff698483000, 138412032) = 0 [pid 9877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 565.404069][ T9875] loop0: detected capacity change from 0 to 512 [ 565.411542][ T9875] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 565.422279][ T9875] EXT4-fs (loop0): 1 truncate cleaned up [ 565.429591][ T9875] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9877] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9877] close(3) = 0 [pid 9877] close(4) = 0 [pid 9877] mkdir("./file0", 0777) = 0 [pid 9877] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9877] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9877] chdir("./file0") = 0 [pid 9877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9877] ioctl(4, LOOP_CLR_FD) = 0 [pid 9877] close(4) = 0 [pid 9877] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9877] truncate("./file2", 0) = 0 [pid 9877] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9877] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9877] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9877, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4487", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4487", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4487/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4487/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4487/binderfs") = 0 umount2("./4487/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4487/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4487/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4487/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4487/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4487/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4487") = 0 mkdir("./4488", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9879 ./strace-static-x86_64: Process 9879 attached [pid 9879] set_robust_list(0x55558abad660, 24) = 0 [pid 9879] chdir("./4488") = 0 [pid 9879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9879] setpgid(0, 0) = 0 [pid 9879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9879] write(3, "1000", 4) = 4 [pid 9879] close(3) = 0 [pid 9879] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9879] write(1, "executing program\n", 18executing program ) = 18 [pid 9879] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9879] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9879] memfd_create("syzkaller", 0) = 3 [pid 9879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9879] munmap(0x7ff698483000, 138412032) = 0 [pid 9879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 565.466182][ T9877] loop0: detected capacity change from 0 to 512 [ 565.473865][ T9877] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 565.484571][ T9877] EXT4-fs (loop0): 1 truncate cleaned up [ 565.491310][ T9877] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9879] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9879] close(3) = 0 [pid 9879] close(4) = 0 [pid 9879] mkdir("./file0", 0777) = 0 [pid 9879] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9879] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9879] chdir("./file0") = 0 [pid 9879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9879] ioctl(4, LOOP_CLR_FD) = 0 [pid 9879] close(4) = 0 [pid 9879] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9879] truncate("./file2", 0) = 0 [pid 9879] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9879] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9879] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9879, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4488", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4488", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4488/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4488/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4488/binderfs") = 0 umount2("./4488/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4488/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4488/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4488/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4488/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4488/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4488") = 0 mkdir("./4489", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9881 ./strace-static-x86_64: Process 9881 attached [pid 9881] set_robust_list(0x55558abad660, 24) = 0 [pid 9881] chdir("./4489") = 0 [pid 9881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9881] setpgid(0, 0) = 0 [pid 9881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9881] write(3, "1000", 4) = 4 [pid 9881] close(3) = 0 [pid 9881] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9881] write(1, "executing program\n", 18) = 18 [pid 9881] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9881] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9881] memfd_create("syzkaller", 0) = 3 [pid 9881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9881] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9881] munmap(0x7ff698483000, 138412032) = 0 [pid 9881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 565.528700][ T9879] loop0: detected capacity change from 0 to 512 [ 565.536022][ T9879] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 565.546820][ T9879] EXT4-fs (loop0): 1 truncate cleaned up [ 565.553458][ T9879] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9881] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9881] close(3) = 0 [pid 9881] close(4) = 0 [pid 9881] mkdir("./file0", 0777) = 0 [pid 9881] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9881] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9881] chdir("./file0") = 0 [pid 9881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9881] ioctl(4, LOOP_CLR_FD) = 0 [pid 9881] close(4) = 0 [pid 9881] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9881] truncate("./file2", 0) = 0 [pid 9881] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9881] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9881] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9881, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4489", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4489", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4489/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4489/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4489/binderfs") = 0 umount2("./4489/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4489/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4489/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4489/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4489/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4489/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4489") = 0 mkdir("./4490", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9883 ./strace-static-x86_64: Process 9883 attached [pid 9883] set_robust_list(0x55558abad660, 24) = 0 [pid 9883] chdir("./4490") = 0 [pid 9883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9883] setpgid(0, 0) = 0 [pid 9883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9883] write(3, "1000", 4) = 4 [pid 9883] close(3) = 0 [pid 9883] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9883] write(1, "executing program\n", 18executing program ) = 18 [pid 9883] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9883] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9883] memfd_create("syzkaller", 0) = 3 [pid 9883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9883] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9883] munmap(0x7ff698483000, 138412032) = 0 [ 565.590918][ T9881] loop0: detected capacity change from 0 to 512 [ 565.598292][ T9881] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 565.609244][ T9881] EXT4-fs (loop0): 1 truncate cleaned up [ 565.616371][ T9881] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9883] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9883] close(3) = 0 [pid 9883] close(4) = 0 [pid 9883] mkdir("./file0", 0777) = 0 [pid 9883] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9883] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9883] chdir("./file0") = 0 [pid 9883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9883] ioctl(4, LOOP_CLR_FD) = 0 [pid 9883] close(4) = 0 [pid 9883] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9883] truncate("./file2", 0) = 0 [pid 9883] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9883] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9883] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9883, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4490", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4490", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4490/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4490/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4490/binderfs") = 0 umount2("./4490/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4490/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4490/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4490/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4490/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4490/file0"executing program ) = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4490") = 0 mkdir("./4491", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9885 ./strace-static-x86_64: Process 9885 attached [pid 9885] set_robust_list(0x55558abad660, 24) = 0 [pid 9885] chdir("./4491") = 0 [pid 9885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9885] setpgid(0, 0) = 0 [pid 9885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9885] write(3, "1000", 4) = 4 [pid 9885] close(3) = 0 [pid 9885] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9885] write(1, "executing program\n", 18) = 18 [pid 9885] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9885] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9885] memfd_create("syzkaller", 0) = 3 [pid 9885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9885] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9885] munmap(0x7ff698483000, 138412032) = 0 [pid 9885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 565.650744][ T9883] loop0: detected capacity change from 0 to 512 [ 565.658199][ T9883] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 565.668799][ T9883] EXT4-fs (loop0): 1 truncate cleaned up [ 565.675579][ T9883] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9885] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9885] close(3) = 0 [pid 9885] close(4) = 0 [pid 9885] mkdir("./file0", 0777) = 0 [pid 9885] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9885] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9885] chdir("./file0") = 0 [pid 9885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9885] ioctl(4, LOOP_CLR_FD) = 0 [pid 9885] close(4) = 0 [pid 9885] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9885] truncate("./file2", 0) = 0 [pid 9885] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9885] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9885] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9885, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4491", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4491", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4491/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4491/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4491/binderfs") = 0 umount2("./4491/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4491/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4491/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4491/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4491/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4491/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4491") = 0 mkdir("./4492", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9887 ./strace-static-x86_64: Process 9887 attached [pid 9887] set_robust_list(0x55558abad660, 24) = 0 [pid 9887] chdir("./4492") = 0 [pid 9887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9887] setpgid(0, 0) = 0 [pid 9887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9887] write(3, "1000", 4) = 4 [pid 9887] close(3) = 0 [pid 9887] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9887] write(1, "executing program\n", 18) = 18 [pid 9887] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9887] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9887] memfd_create("syzkaller", 0) = 3 [pid 9887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9887] munmap(0x7ff698483000, 138412032) = 0 [pid 9887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 565.712294][ T9885] loop0: detected capacity change from 0 to 512 [ 565.720056][ T9885] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 565.730752][ T9885] EXT4-fs (loop0): 1 truncate cleaned up [ 565.737859][ T9885] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9887] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9887] close(3) = 0 [pid 9887] close(4) = 0 [pid 9887] mkdir("./file0", 0777) = 0 [pid 9887] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9887] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9887] chdir("./file0") = 0 [pid 9887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9887] ioctl(4, LOOP_CLR_FD) = 0 [pid 9887] close(4) = 0 [pid 9887] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9887] truncate("./file2", 0) = 0 [pid 9887] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9887] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9887] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9887, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4492", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4492", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4492/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4492/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4492/binderfs") = 0 umount2("./4492/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4492/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4492/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4492/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4492/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4492/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4492") = 0 mkdir("./4493", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9889 ./strace-static-x86_64: Process 9889 attached [pid 9889] set_robust_list(0x55558abad660, 24) = 0 [pid 9889] chdir("./4493") = 0 [pid 9889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9889] setpgid(0, 0) = 0 [pid 9889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9889] write(3, "1000", 4) = 4 [pid 9889] close(3) = 0 [pid 9889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9889] write(1, "executing program\n", 18) = 18 [pid 9889] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9889] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9889] memfd_create("syzkaller", 0) = 3 [pid 9889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9889] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9889] munmap(0x7ff698483000, 138412032) = 0 [pid 9889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 565.774327][ T9887] loop0: detected capacity change from 0 to 512 [ 565.781706][ T9887] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 565.792507][ T9887] EXT4-fs (loop0): 1 truncate cleaned up [ 565.800022][ T9887] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9889] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9889] close(3) = 0 [pid 9889] close(4) = 0 [pid 9889] mkdir("./file0", 0777) = 0 [pid 9889] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9889] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9889] chdir("./file0") = 0 [pid 9889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9889] ioctl(4, LOOP_CLR_FD) = 0 [pid 9889] close(4) = 0 [pid 9889] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9889] truncate("./file2", 0) = 0 [pid 9889] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9889] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9889] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9889, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4493", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4493", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4493/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4493/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4493/binderfs") = 0 umount2("./4493/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4493/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4493/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4493/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4493/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4493/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4493") = 0 mkdir("./4494", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9891 ./strace-static-x86_64: Process 9891 attached [pid 9891] set_robust_list(0x55558abad660, 24) = 0 [pid 9891] chdir("./4494") = 0 [pid 9891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9891] setpgid(0, 0) = 0 [pid 9891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9891] write(3, "1000", 4) = 4 [pid 9891] close(3) = 0 [pid 9891] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9891] write(1, "executing program\n", 18) = 18 [pid 9891] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9891] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9891] memfd_create("syzkaller", 0) = 3 [pid 9891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9891] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9891] munmap(0x7ff698483000, 138412032) = 0 [pid 9891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 565.836616][ T9889] loop0: detected capacity change from 0 to 512 [ 565.844030][ T9889] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 565.854706][ T9889] EXT4-fs (loop0): 1 truncate cleaned up [ 565.862022][ T9889] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9891] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9891] close(3) = 0 [pid 9891] close(4) = 0 [pid 9891] mkdir("./file0", 0777) = 0 [pid 9891] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9891] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9891] chdir("./file0") = 0 [pid 9891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9891] ioctl(4, LOOP_CLR_FD) = 0 [pid 9891] close(4) = 0 [pid 9891] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9891] truncate("./file2", 0) = 0 [pid 9891] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9891] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9891] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9891, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4494", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4494", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4494/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4494/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4494/binderfs") = 0 umount2("./4494/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4494/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4494/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4494/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4494/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4494/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4494") = 0 mkdir("./4495", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9893 ./strace-static-x86_64: Process 9893 attached [pid 9893] set_robust_list(0x55558abad660, 24) = 0 [pid 9893] chdir("./4495") = 0 [pid 9893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9893] setpgid(0, 0) = 0 [pid 9893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9893] write(3, "1000", 4) = 4 [pid 9893] close(3) = 0 [pid 9893] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9893] write(1, "executing program\n", 18) = 18 [pid 9893] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9893] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9893] memfd_create("syzkaller", 0) = 3 [pid 9893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9893] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9893] munmap(0x7ff698483000, 138412032) = 0 [pid 9893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 565.898744][ T9891] loop0: detected capacity change from 0 to 512 [ 565.906084][ T9891] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 565.916921][ T9891] EXT4-fs (loop0): 1 truncate cleaned up [ 565.924090][ T9891] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9893] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9893] close(3) = 0 [pid 9893] close(4) = 0 [pid 9893] mkdir("./file0", 0777) = 0 [pid 9893] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9893] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9893] chdir("./file0") = 0 [pid 9893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9893] ioctl(4, LOOP_CLR_FD) = 0 [pid 9893] close(4) = 0 [pid 9893] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9893] truncate("./file2", 0) = 0 [pid 9893] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9893] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9893] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9893, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4495", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4495", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4495/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4495/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4495/binderfs") = 0 umount2("./4495/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4495/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4495/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4495/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4495/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4495/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4495") = 0 mkdir("./4496", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9895 ./strace-static-x86_64: Process 9895 attached [pid 9895] set_robust_list(0x55558abad660, 24) = 0 [pid 9895] chdir("./4496") = 0 [pid 9895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9895] setpgid(0, 0) = 0 [pid 9895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9895] write(3, "1000", 4) = 4 [pid 9895] close(3) = 0 [pid 9895] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9895] write(1, "executing program\n", 18executing program ) = 18 [pid 9895] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9895] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9895] memfd_create("syzkaller", 0) = 3 [pid 9895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9895] munmap(0x7ff698483000, 138412032) = 0 [pid 9895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 565.961306][ T9893] loop0: detected capacity change from 0 to 512 [ 565.968710][ T9893] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 565.979442][ T9893] EXT4-fs (loop0): 1 truncate cleaned up [ 565.986632][ T9893] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9895] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9895] close(3) = 0 [pid 9895] close(4) = 0 [pid 9895] mkdir("./file0", 0777) = 0 [pid 9895] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9895] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9895] chdir("./file0") = 0 [pid 9895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9895] ioctl(4, LOOP_CLR_FD) = 0 [pid 9895] close(4) = 0 [pid 9895] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9895] truncate("./file2", 0) = 0 [pid 9895] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9895] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9895] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9895, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4496", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4496", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4496/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4496/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4496/binderfs") = 0 umount2("./4496/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4496/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4496/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4496/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4496/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 [ 566.027065][ T9895] loop0: detected capacity change from 0 to 512 [ 566.034739][ T9895] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 566.045511][ T9895] EXT4-fs (loop0): 1 truncate cleaned up [ 566.052580][ T9895] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. executing program getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4496/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4496") = 0 mkdir("./4497", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9897 ./strace-static-x86_64: Process 9897 attached [pid 9897] set_robust_list(0x55558abad660, 24) = 0 [pid 9897] chdir("./4497") = 0 [pid 9897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9897] setpgid(0, 0) = 0 [pid 9897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9897] write(3, "1000", 4) = 4 [pid 9897] close(3) = 0 [pid 9897] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9897] write(1, "executing program\n", 18) = 18 [pid 9897] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9897] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9897] memfd_create("syzkaller", 0) = 3 [pid 9897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9897] munmap(0x7ff698483000, 138412032) = 0 [pid 9897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9897] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9897] close(3) = 0 [pid 9897] close(4) = 0 [pid 9897] mkdir("./file0", 0777) = 0 [pid 9897] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9897] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9897] chdir("./file0") = 0 [pid 9897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9897] ioctl(4, LOOP_CLR_FD) = 0 [pid 9897] close(4) = 0 [pid 9897] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9897] truncate("./file2", 0) = 0 [pid 9897] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9897] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9897] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9897, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4497", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4497", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4497/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4497/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4497/binderfs") = 0 umount2("./4497/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4497/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4497/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4497/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4497/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4497/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4497") = 0 mkdir("./4498", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9899 ./strace-static-x86_64: Process 9899 attached [pid 9899] set_robust_list(0x55558abad660, 24) = 0 [pid 9899] chdir("./4498") = 0 [pid 9899] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9899] setpgid(0, 0) = 0 [pid 9899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9899] write(3, "1000", 4) = 4 [pid 9899] close(3) = 0 [pid 9899] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9899] write(1, "executing program\n", 18) = 18 [pid 9899] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9899] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9899] memfd_create("syzkaller", 0) = 3 [pid 9899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9899] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9899] munmap(0x7ff698483000, 138412032) = 0 [pid 9899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 566.090600][ T9897] loop0: detected capacity change from 0 to 512 [ 566.098164][ T9897] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 566.109740][ T9897] EXT4-fs (loop0): 1 truncate cleaned up [ 566.116704][ T9897] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9899] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9899] close(3) = 0 [pid 9899] close(4) = 0 [pid 9899] mkdir("./file0", 0777) = 0 [pid 9899] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9899] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9899] chdir("./file0") = 0 [pid 9899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9899] ioctl(4, LOOP_CLR_FD) = 0 [pid 9899] close(4) = 0 [pid 9899] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9899] truncate("./file2", 0) = 0 [pid 9899] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9899] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9899] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9899, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4498", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4498", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4498/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4498/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4498/binderfs") = 0 umount2("./4498/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4498/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4498/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4498/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4498/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4498/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4498") = 0 mkdir("./4499", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9902 ./strace-static-x86_64: Process 9902 attached [pid 9902] set_robust_list(0x55558abad660, 24) = 0 [pid 9902] chdir("./4499") = 0 [pid 9902] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9902] setpgid(0, 0) = 0 [pid 9902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 9902] write(3, "1000", 4) = 4 [pid 9902] close(3) = 0 [pid 9902] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9902] write(1, "executing program\n", 18) = 18 [pid 9902] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9902] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9902] memfd_create("syzkaller", 0) = 3 [pid 9902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9902] munmap(0x7ff698483000, 138412032) = 0 [pid 9902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 566.145868][ T9899] loop0: detected capacity change from 0 to 512 [ 566.153803][ T9899] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 566.164476][ T9899] EXT4-fs (loop0): 1 truncate cleaned up [ 566.171696][ T9899] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9902] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9902] close(3) = 0 [pid 9902] close(4) = 0 [pid 9902] mkdir("./file0", 0777) = 0 [pid 9902] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9902] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9902] chdir("./file0") = 0 [pid 9902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9902] ioctl(4, LOOP_CLR_FD) = 0 [pid 9902] close(4) = 0 [pid 9902] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9902] truncate("./file2", 0) = 0 [pid 9902] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9902] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9902] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9902, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4499", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4499", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4499/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4499/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4499/binderfs") = 0 umount2("./4499/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4499/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4499/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4499/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4499/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4499/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4499") = 0 mkdir("./4500", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9904 ./strace-static-x86_64: Process 9904 attached [pid 9904] set_robust_list(0x55558abad660, 24) = 0 [pid 9904] chdir("./4500") = 0 [pid 9904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9904] setpgid(0, 0) = 0 [pid 9904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9904] write(3, "1000", 4) = 4 [pid 9904] close(3) = 0 [pid 9904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9904] write(1, "executing program\n", 18executing program ) = 18 [pid 9904] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9904] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9904] memfd_create("syzkaller", 0) = 3 [pid 9904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9904] munmap(0x7ff698483000, 138412032) = 0 [ 566.209692][ T9902] loop0: detected capacity change from 0 to 512 [ 566.217345][ T9902] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 566.227912][ T9902] EXT4-fs (loop0): 1 truncate cleaned up [ 566.234574][ T9902] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9904] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9904] close(3) = 0 [pid 9904] close(4) = 0 [pid 9904] mkdir("./file0", 0777) = 0 [pid 9904] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9904] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9904] chdir("./file0") = 0 [pid 9904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9904] ioctl(4, LOOP_CLR_FD) = 0 [pid 9904] close(4) = 0 [pid 9904] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9904] truncate("./file2", 0) = 0 [pid 9904] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9904] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9904] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9904, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4500", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4500", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4500/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4500/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4500/binderfs") = 0 umount2("./4500/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4500/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4500/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4500/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4500/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4500/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4500") = 0 mkdir("./4501", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9906 ./strace-static-x86_64: Process 9906 attached [pid 9906] set_robust_list(0x55558abad660, 24) = 0 [pid 9906] chdir("./4501") = 0 [pid 9906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9906] setpgid(0, 0) = 0 [pid 9906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9906] write(3, "1000", 4) = 4 [pid 9906] close(3) = 0 [pid 9906] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9906] write(1, "executing program\n", 18) = 18 [pid 9906] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9906] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9906] memfd_create("syzkaller", 0) = 3 [pid 9906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9906] munmap(0x7ff698483000, 138412032) = 0 [pid 9906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 566.272477][ T9904] loop0: detected capacity change from 0 to 512 [ 566.280116][ T9904] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 566.290734][ T9904] EXT4-fs (loop0): 1 truncate cleaned up [ 566.297747][ T9904] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9906] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9906] close(3) = 0 [pid 9906] close(4) = 0 [pid 9906] mkdir("./file0", 0777) = 0 [pid 9906] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9906] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9906] chdir("./file0") = 0 [pid 9906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9906] ioctl(4, LOOP_CLR_FD) = 0 [pid 9906] close(4) = 0 [pid 9906] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9906] truncate("./file2", 0) = 0 [pid 9906] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9906] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9906] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9906, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4501", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4501", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4501/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4501/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4501/binderfs") = 0 umount2("./4501/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4501/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4501/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4501/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4501/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4501/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4501") = 0 mkdir("./4502", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9908 ./strace-static-x86_64: Process 9908 attached [pid 9908] set_robust_list(0x55558abad660, 24) = 0 [pid 9908] chdir("./4502") = 0 [pid 9908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9908] setpgid(0, 0) = 0 [pid 9908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9908] write(3, "1000", 4) = 4 [pid 9908] close(3) = 0 [pid 9908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9908] write(1, "executing program\n", 18executing program ) = 18 [pid 9908] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9908] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9908] memfd_create("syzkaller", 0) = 3 [pid 9908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9908] munmap(0x7ff698483000, 138412032) = 0 [pid 9908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 566.326198][ T9906] loop0: detected capacity change from 0 to 512 [ 566.333736][ T9906] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 566.344441][ T9906] EXT4-fs (loop0): 1 truncate cleaned up [ 566.351745][ T9906] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9908] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9908] close(3) = 0 [pid 9908] close(4) = 0 [pid 9908] mkdir("./file0", 0777) = 0 [pid 9908] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9908] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9908] chdir("./file0") = 0 [pid 9908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9908] ioctl(4, LOOP_CLR_FD) = 0 [pid 9908] close(4) = 0 [pid 9908] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9908] truncate("./file2", 0) = 0 [pid 9908] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9908] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9908] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9908, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4502", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4502", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4502/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4502/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4502/binderfs") = 0 umount2("./4502/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4502/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4502/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4502/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4502/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4502/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4502") = 0 mkdir("./4503", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9910 ./strace-static-x86_64: Process 9910 attached [pid 9910] set_robust_list(0x55558abad660, 24) = 0 [pid 9910] chdir("./4503") = 0 [pid 9910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9910] setpgid(0, 0) = 0 [pid 9910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9910] write(3, "1000", 4) = 4 [pid 9910] close(3) = 0 [pid 9910] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9910] write(1, "executing program\n", 18executing program ) = 18 [pid 9910] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9910] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9910] memfd_create("syzkaller", 0) = 3 [pid 9910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9910] munmap(0x7ff698483000, 138412032) = 0 [pid 9910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 566.386607][ T9908] loop0: detected capacity change from 0 to 512 [ 566.394081][ T9908] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 566.404679][ T9908] EXT4-fs (loop0): 1 truncate cleaned up [ 566.411604][ T9908] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9910] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9910] close(3) = 0 [pid 9910] close(4) = 0 [pid 9910] mkdir("./file0", 0777) = 0 [pid 9910] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9910] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9910] chdir("./file0") = 0 [pid 9910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9910] ioctl(4, LOOP_CLR_FD) = 0 [pid 9910] close(4) = 0 [pid 9910] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9910] truncate("./file2", 0) = 0 [pid 9910] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9910] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9910] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9910, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4503", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4503", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4503/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4503/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4503/binderfs") = 0 umount2("./4503/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4503/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4503/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4503/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4503/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4503/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4503") = 0 mkdir("./4504", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9912 ./strace-static-x86_64: Process 9912 attached [pid 9912] set_robust_list(0x55558abad660, 24) = 0 [pid 9912] chdir("./4504") = 0 [pid 9912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9912] setpgid(0, 0) = 0 [pid 9912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9912] write(3, "1000", 4) = 4 [pid 9912] close(3) = 0 [pid 9912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9912] write(1, "executing program\n", 18executing program ) = 18 [pid 9912] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9912] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9912] memfd_create("syzkaller", 0) = 3 [pid 9912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9912] munmap(0x7ff698483000, 138412032) = 0 [pid 9912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 566.442933][ T9910] loop0: detected capacity change from 0 to 512 [ 566.450623][ T9910] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 566.461343][ T9910] EXT4-fs (loop0): 1 truncate cleaned up [ 566.468658][ T9910] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9912] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9912] close(3) = 0 [pid 9912] close(4) = 0 [pid 9912] mkdir("./file0", 0777) = 0 [pid 9912] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9912] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9912] chdir("./file0") = 0 [pid 9912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9912] ioctl(4, LOOP_CLR_FD) = 0 [pid 9912] close(4) = 0 [pid 9912] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9912] truncate("./file2", 0) = 0 [pid 9912] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9912] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9912] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9912, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4504", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4504", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4504/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4504/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4504/binderfs") = 0 umount2("./4504/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4504/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4504/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4504/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4504/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4504/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4504") = 0 mkdir("./4505", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9914 ./strace-static-x86_64: Process 9914 attached [pid 9914] set_robust_list(0x55558abad660, 24) = 0 [pid 9914] chdir("./4505") = 0 [pid 9914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9914] setpgid(0, 0) = 0 [pid 9914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9914] write(3, "1000", 4) = 4 [pid 9914] close(3) = 0 [pid 9914] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9914] write(1, "executing program\n", 18) = 18 [pid 9914] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9914] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9914] memfd_create("syzkaller", 0) = 3 [pid 9914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9914] munmap(0x7ff698483000, 138412032) = 0 [pid 9914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 566.513359][ T9912] loop0: detected capacity change from 0 to 512 [ 566.521088][ T9912] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 566.531654][ T9912] EXT4-fs (loop0): 1 truncate cleaned up [ 566.539357][ T9912] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9914] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9914] close(3) = 0 [pid 9914] close(4) = 0 [pid 9914] mkdir("./file0", 0777) = 0 [pid 9914] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9914] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9914] chdir("./file0") = 0 [pid 9914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9914] ioctl(4, LOOP_CLR_FD) = 0 [pid 9914] close(4) = 0 [pid 9914] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9914] truncate("./file2", 0) = 0 [pid 9914] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9914] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9914] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9914, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4505", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4505", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4505/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4505/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4505/binderfs") = 0 umount2("./4505/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4505/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4505/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4505/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4505/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4505/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4505") = 0 mkdir("./4506", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9916 ./strace-static-x86_64: Process 9916 attached [pid 9916] set_robust_list(0x55558abad660, 24) = 0 [pid 9916] chdir("./4506") = 0 [pid 9916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9916] setpgid(0, 0) = 0 [pid 9916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9916] write(3, "1000", 4) = 4 [pid 9916] close(3) = 0 [pid 9916] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9916] write(1, "executing program\n", 18executing program ) = 18 [pid 9916] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9916] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9916] memfd_create("syzkaller", 0) = 3 [pid 9916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9916] munmap(0x7ff698483000, 138412032) = 0 [pid 9916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 566.575892][ T9914] loop0: detected capacity change from 0 to 512 [ 566.583212][ T9914] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 566.593770][ T9914] EXT4-fs (loop0): 1 truncate cleaned up [ 566.600604][ T9914] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9916] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9916] close(3) = 0 [pid 9916] close(4) = 0 [pid 9916] mkdir("./file0", 0777) = 0 [pid 9916] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9916] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9916] chdir("./file0") = 0 [pid 9916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9916] ioctl(4, LOOP_CLR_FD) = 0 [pid 9916] close(4) = 0 [pid 9916] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9916] truncate("./file2", 0) = 0 [pid 9916] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9916] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9916] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9916, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4506", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4506", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4506/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4506/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4506/binderfs") = 0 umount2("./4506/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4506/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4506/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4506/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4506/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4506/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4506") = 0 mkdir("./4507", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9918 ./strace-static-x86_64: Process 9918 attached [pid 9918] set_robust_list(0x55558abad660, 24) = 0 [pid 9918] chdir("./4507") = 0 [pid 9918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9918] setpgid(0, 0) = 0 [pid 9918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9918] write(3, "1000", 4) = 4 [pid 9918] close(3) = 0 [pid 9918] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9918] write(1, "executing program\n", 18executing program ) = 18 [pid 9918] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9918] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9918] memfd_create("syzkaller", 0) = 3 [pid 9918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9918] munmap(0x7ff698483000, 138412032) = 0 [pid 9918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 566.631326][ T9916] loop0: detected capacity change from 0 to 512 [ 566.638912][ T9916] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 566.649588][ T9916] EXT4-fs (loop0): 1 truncate cleaned up [ 566.656538][ T9916] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9918] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9918] close(3) = 0 [pid 9918] close(4) = 0 [pid 9918] mkdir("./file0", 0777) = 0 [pid 9918] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9918] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9918] chdir("./file0") = 0 [pid 9918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9918] ioctl(4, LOOP_CLR_FD) = 0 [pid 9918] close(4) = 0 [pid 9918] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9918] truncate("./file2", 0) = 0 [pid 9918] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9918] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9918] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9918, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4507", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4507", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4507/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4507/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4507/binderfs") = 0 umount2("./4507/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4507/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4507/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4507/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4507/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4507/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4507") = 0 mkdir("./4508", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9920 ./strace-static-x86_64: Process 9920 attached [pid 9920] set_robust_list(0x55558abad660, 24) = 0 [pid 9920] chdir("./4508") = 0 [pid 9920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9920] setpgid(0, 0) = 0 [pid 9920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9920] write(3, "1000", 4) = 4 [pid 9920] close(3) = 0 executing program [pid 9920] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9920] write(1, "executing program\n", 18) = 18 [pid 9920] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9920] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9920] memfd_create("syzkaller", 0) = 3 [pid 9920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9920] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9920] munmap(0x7ff698483000, 138412032) = 0 [pid 9920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 566.697179][ T9918] loop0: detected capacity change from 0 to 512 [ 566.704545][ T9918] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 566.715155][ T9918] EXT4-fs (loop0): 1 truncate cleaned up [ 566.722014][ T9918] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9920] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9920] close(3) = 0 [pid 9920] close(4) = 0 [pid 9920] mkdir("./file0", 0777) = 0 [pid 9920] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9920] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9920] chdir("./file0") = 0 [pid 9920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9920] ioctl(4, LOOP_CLR_FD) = 0 [pid 9920] close(4) = 0 [pid 9920] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9920] truncate("./file2", 0) = 0 [pid 9920] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9920] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9920] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9920, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4508", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4508", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4508/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4508/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4508/binderfs") = 0 umount2("./4508/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4508/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4508/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4508/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4508/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4508/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4508") = 0 mkdir("./4509", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9922 ./strace-static-x86_64: Process 9922 attached [pid 9922] set_robust_list(0x55558abad660, 24) = 0 [pid 9922] chdir("./4509") = 0 [pid 9922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9922] setpgid(0, 0) = 0 [pid 9922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9922] write(3, "1000", 4) = 4 [pid 9922] close(3) = 0 [pid 9922] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9922] write(1, "executing program\n", 18) = 18 [pid 9922] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9922] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9922] memfd_create("syzkaller", 0) = 3 [pid 9922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9922] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9922] munmap(0x7ff698483000, 138412032) = 0 [ 566.751617][ T9920] loop0: detected capacity change from 0 to 512 [ 566.759001][ T9920] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 566.769726][ T9920] EXT4-fs (loop0): 1 truncate cleaned up [ 566.777295][ T9920] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9922] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9922] close(3) = 0 [pid 9922] close(4) = 0 [pid 9922] mkdir("./file0", 0777) = 0 [pid 9922] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9922] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9922] chdir("./file0") = 0 [pid 9922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9922] ioctl(4, LOOP_CLR_FD) = 0 [pid 9922] close(4) = 0 [pid 9922] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9922] truncate("./file2", 0) = 0 [pid 9922] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9922] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9922] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9922, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4509", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4509", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4509/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4509/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4509/binderfs") = 0 umount2("./4509/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4509/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4509/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4509/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4509/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4509/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4509") = 0 mkdir("./4510", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9924 ./strace-static-x86_64: Process 9924 attached [pid 9924] set_robust_list(0x55558abad660, 24) = 0 [pid 9924] chdir("./4510") = 0 [pid 9924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9924] setpgid(0, 0) = 0 [pid 9924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9924] write(3, "1000", 4) = 4 [pid 9924] close(3) = 0 [pid 9924] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9924] write(1, "executing program\n", 18) = 18 [pid 9924] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9924] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9924] memfd_create("syzkaller", 0) = 3 [pid 9924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9924] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9924] munmap(0x7ff698483000, 138412032) = 0 [pid 9924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 566.817909][ T9922] loop0: detected capacity change from 0 to 512 [ 566.825341][ T9922] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 566.836071][ T9922] EXT4-fs (loop0): 1 truncate cleaned up [ 566.843354][ T9922] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9924] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9924] close(3) = 0 [pid 9924] close(4) = 0 [pid 9924] mkdir("./file0", 0777) = 0 [pid 9924] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9924] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9924] chdir("./file0") = 0 [pid 9924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9924] ioctl(4, LOOP_CLR_FD) = 0 [pid 9924] close(4) = 0 [pid 9924] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9924] truncate("./file2", 0) = 0 [pid 9924] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9924] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9924] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9924, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4510", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4510", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4510/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4510/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4510/binderfs") = 0 umount2("./4510/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4510/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4510/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4510/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4510/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4510/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4510") = 0 mkdir("./4511", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9926 ./strace-static-x86_64: Process 9926 attached [pid 9926] set_robust_list(0x55558abad660, 24) = 0 [pid 9926] chdir("./4511") = 0 [pid 9926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9926] setpgid(0, 0) = 0 [pid 9926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9926] write(3, "1000", 4) = 4 [pid 9926] close(3) = 0 [pid 9926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9926] write(1, "executing program\n", 18executing program ) = 18 [pid 9926] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9926] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9926] memfd_create("syzkaller", 0) = 3 [pid 9926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9926] munmap(0x7ff698483000, 138412032) = 0 [pid 9926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 566.874822][ T9924] loop0: detected capacity change from 0 to 512 [ 566.882519][ T9924] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 566.893263][ T9924] EXT4-fs (loop0): 1 truncate cleaned up [ 566.900289][ T9924] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9926] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9926] close(3) = 0 [pid 9926] close(4) = 0 [pid 9926] mkdir("./file0", 0777) = 0 [pid 9926] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9926] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9926] chdir("./file0") = 0 [pid 9926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9926] ioctl(4, LOOP_CLR_FD) = 0 [pid 9926] close(4) = 0 [pid 9926] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9926] truncate("./file2", 0) = 0 [pid 9926] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9926] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9926] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9926, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4511", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4511", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4511/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4511/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4511/binderfs") = 0 umount2("./4511/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4511/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4511/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4511/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4511/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4511/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4511") = 0 mkdir("./4512", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9928 ./strace-static-x86_64: Process 9928 attached [pid 9928] set_robust_list(0x55558abad660, 24) = 0 [pid 9928] chdir("./4512") = 0 [pid 9928] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9928] setpgid(0, 0) = 0 [pid 9928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9928] write(3, "1000", 4) = 4 [pid 9928] close(3) = 0 executing program [pid 9928] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9928] write(1, "executing program\n", 18) = 18 [pid 9928] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9928] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9928] memfd_create("syzkaller", 0) = 3 [pid 9928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9928] munmap(0x7ff698483000, 138412032) = 0 [pid 9928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 566.937440][ T9926] loop0: detected capacity change from 0 to 512 [ 566.944916][ T9926] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 566.955641][ T9926] EXT4-fs (loop0): 1 truncate cleaned up [ 566.962398][ T9926] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9928] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9928] close(3) = 0 [pid 9928] close(4) = 0 [pid 9928] mkdir("./file0", 0777) = 0 [pid 9928] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9928] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9928] chdir("./file0") = 0 [pid 9928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9928] ioctl(4, LOOP_CLR_FD) = 0 [pid 9928] close(4) = 0 [pid 9928] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9928] truncate("./file2", 0) = 0 [pid 9928] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9928] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9928] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9928, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4512", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4512", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4512/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4512/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4512/binderfs") = 0 umount2("./4512/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4512/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4512/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4512/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4512/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4512/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4512") = 0 mkdir("./4513", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9930 ./strace-static-x86_64: Process 9930 attached [pid 9930] set_robust_list(0x55558abad660, 24) = 0 [pid 9930] chdir("./4513") = 0 [pid 9930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 executing program [pid 9930] setpgid(0, 0) = 0 [pid 9930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9930] write(3, "1000", 4) = 4 [pid 9930] close(3) = 0 [pid 9930] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9930] write(1, "executing program\n", 18) = 18 [pid 9930] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9930] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9930] memfd_create("syzkaller", 0) = 3 [pid 9930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9930] munmap(0x7ff698483000, 138412032) = 0 [pid 9930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 566.998847][ T9928] loop0: detected capacity change from 0 to 512 [ 567.006645][ T9928] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 567.017213][ T9928] EXT4-fs (loop0): 1 truncate cleaned up [ 567.023906][ T9928] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9930] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9930] close(3) = 0 [pid 9930] close(4) = 0 [pid 9930] mkdir("./file0", 0777) = 0 [pid 9930] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9930] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9930] chdir("./file0") = 0 [pid 9930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9930] ioctl(4, LOOP_CLR_FD) = 0 [pid 9930] close(4) = 0 [pid 9930] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9930] truncate("./file2", 0) = 0 [pid 9930] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9930] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9930] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9930, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4513", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4513", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4513/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4513/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4513/binderfs") = 0 umount2("./4513/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4513/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4513/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4513/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4513/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4513/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4513") = 0 mkdir("./4514", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9932 ./strace-static-x86_64: Process 9932 attached [pid 9932] set_robust_list(0x55558abad660, 24) = 0 [pid 9932] chdir("./4514") = 0 [pid 9932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9932] setpgid(0, 0) = 0 [pid 9932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9932] write(3, "1000", 4) = 4 [pid 9932] close(3) = 0 [pid 9932] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9932] write(1, "executing program\n", 18) = 18 [pid 9932] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9932] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9932] memfd_create("syzkaller", 0) = 3 [pid 9932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9932] munmap(0x7ff698483000, 138412032) = 0 [pid 9932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 567.061249][ T9930] loop0: detected capacity change from 0 to 512 [ 567.068447][ T9930] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 567.079429][ T9930] EXT4-fs (loop0): 1 truncate cleaned up [ 567.086513][ T9930] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9932] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9932] close(3) = 0 [pid 9932] close(4) = 0 [pid 9932] mkdir("./file0", 0777) = 0 [pid 9932] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9932] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9932] chdir("./file0") = 0 [pid 9932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9932] ioctl(4, LOOP_CLR_FD) = 0 [pid 9932] close(4) = 0 [pid 9932] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9932] truncate("./file2", 0) = 0 [pid 9932] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9932] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9932] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9932, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4514", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4514", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4514/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4514/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4514/binderfs") = 0 umount2("./4514/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4514/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4514/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4514/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4514/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4514/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4514") = 0 mkdir("./4515", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9934 ./strace-static-x86_64: Process 9934 attached [pid 9934] set_robust_list(0x55558abad660, 24) = 0 [pid 9934] chdir("./4515") = 0 [pid 9934] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9934] setpgid(0, 0) = 0 [pid 9934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9934] write(3, "1000", 4) = 4 [pid 9934] close(3) = 0 [pid 9934] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9934] write(1, "executing program\n", 18) = 18 [pid 9934] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9934] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9934] memfd_create("syzkaller", 0) = 3 [pid 9934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9934] munmap(0x7ff698483000, 138412032) = 0 [ 567.118008][ T9932] loop0: detected capacity change from 0 to 512 [ 567.126025][ T9932] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 567.136948][ T9932] EXT4-fs (loop0): 1 truncate cleaned up [ 567.143992][ T9932] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9934] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9934] close(3) = 0 [pid 9934] close(4) = 0 [pid 9934] mkdir("./file0", 0777) = 0 [pid 9934] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9934] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9934] chdir("./file0") = 0 [pid 9934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9934] ioctl(4, LOOP_CLR_FD) = 0 [pid 9934] close(4) = 0 [pid 9934] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9934] truncate("./file2", 0) = 0 [pid 9934] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9934] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9934] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9934, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4515", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4515", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4515/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4515/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4515/binderfs") = 0 umount2("./4515/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4515/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4515/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4515/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4515/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4515/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4515") = 0 mkdir("./4516", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9937 ./strace-static-x86_64: Process 9937 attached [pid 9937] set_robust_list(0x55558abad660, 24) = 0 [pid 9937] chdir("./4516") = 0 [pid 9937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9937] setpgid(0, 0) = 0 [pid 9937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9937] write(3, "1000", 4) = 4 [pid 9937] close(3) = 0 [pid 9937] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9937] write(1, "executing program\n", 18) = 18 [pid 9937] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9937] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9937] memfd_create("syzkaller", 0) = 3 [pid 9937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9937] munmap(0x7ff698483000, 138412032) = 0 [pid 9937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 567.185061][ T9934] loop0: detected capacity change from 0 to 512 [ 567.192367][ T9934] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 567.202994][ T9934] EXT4-fs (loop0): 1 truncate cleaned up [ 567.209924][ T9934] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9937] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9937] close(3) = 0 [pid 9937] close(4) = 0 [pid 9937] mkdir("./file0", 0777) = 0 [pid 9937] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9937] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9937] chdir("./file0") = 0 [pid 9937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9937] ioctl(4, LOOP_CLR_FD) = 0 [pid 9937] close(4) = 0 [pid 9937] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9937] truncate("./file2", 0) = 0 [pid 9937] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9937] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9937] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9937, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4516", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4516", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4516/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4516/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4516/binderfs") = 0 umount2("./4516/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4516/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4516/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4516/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4516/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4516/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4516") = 0 mkdir("./4517", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9939 ./strace-static-x86_64: Process 9939 attached [pid 9939] set_robust_list(0x55558abad660, 24) = 0 [pid 9939] chdir("./4517") = 0 [pid 9939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9939] setpgid(0, 0) = 0 [pid 9939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 9939] write(3, "1000", 4) = 4 [pid 9939] close(3) = 0 [pid 9939] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9939] write(1, "executing program\n", 18) = 18 [pid 9939] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9939] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9939] memfd_create("syzkaller", 0) = 3 [pid 9939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9939] munmap(0x7ff698483000, 138412032) = 0 [ 567.246913][ T9937] loop0: detected capacity change from 0 to 512 [ 567.254098][ T9937] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 567.264911][ T9937] EXT4-fs (loop0): 1 truncate cleaned up [ 567.271736][ T9937] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9939] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9939] close(3) = 0 [pid 9939] close(4) = 0 [pid 9939] mkdir("./file0", 0777) = 0 [pid 9939] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9939] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9939] chdir("./file0") = 0 [pid 9939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9939] ioctl(4, LOOP_CLR_FD) = 0 [pid 9939] close(4) = 0 [pid 9939] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9939] truncate("./file2", 0) = 0 [pid 9939] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9939] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9939] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9939, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4517", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4517", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4517/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4517/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4517/binderfs") = 0 umount2("./4517/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4517/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4517/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4517/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4517/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4517/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4517") = 0 mkdir("./4518", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9941 ./strace-static-x86_64: Process 9941 attached [pid 9941] set_robust_list(0x55558abad660, 24) = 0 [pid 9941] chdir("./4518") = 0 [pid 9941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9941] setpgid(0, 0) = 0 [pid 9941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9941] write(3, "1000", 4) = 4 [pid 9941] close(3) = 0 [pid 9941] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9941] write(1, "executing program\n", 18) = 18 [pid 9941] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9941] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9941] memfd_create("syzkaller", 0) = 3 [pid 9941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9941] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9941] munmap(0x7ff698483000, 138412032) = 0 [pid 9941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 567.310324][ T9939] loop0: detected capacity change from 0 to 512 [ 567.318363][ T9939] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 567.328926][ T9939] EXT4-fs (loop0): 1 truncate cleaned up [ 567.335641][ T9939] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9941] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9941] close(3) = 0 [pid 9941] close(4) = 0 [pid 9941] mkdir("./file0", 0777) = 0 [pid 9941] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9941] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9941] chdir("./file0") = 0 [pid 9941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9941] ioctl(4, LOOP_CLR_FD) = 0 [pid 9941] close(4) = 0 [pid 9941] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9941] truncate("./file2", 0) = 0 [pid 9941] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9941] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9941] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9941, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4518", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4518", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4518/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4518/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4518/binderfs") = 0 umount2("./4518/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4518/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4518/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4518/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4518/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4518/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4518") = 0 mkdir("./4519", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9943 ./strace-static-x86_64: Process 9943 attached [pid 9943] set_robust_list(0x55558abad660, 24) = 0 [pid 9943] chdir("./4519") = 0 [pid 9943] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9943] setpgid(0, 0) = 0 [pid 9943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9943] write(3, "1000", 4) = 4 [pid 9943] close(3) = 0 [pid 9943] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9943] write(1, "executing program\n", 18) = 18 [pid 9943] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9943] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9943] memfd_create("syzkaller", 0) = 3 [pid 9943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9943] munmap(0x7ff698483000, 138412032) = 0 [pid 9943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 567.363659][ T9941] loop0: detected capacity change from 0 to 512 [ 567.370978][ T9941] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 567.382099][ T9941] EXT4-fs (loop0): 1 truncate cleaned up [ 567.389048][ T9941] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9943] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9943] close(3) = 0 [pid 9943] close(4) = 0 [pid 9943] mkdir("./file0", 0777) = 0 [pid 9943] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9943] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9943] chdir("./file0") = 0 [pid 9943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9943] ioctl(4, LOOP_CLR_FD) = 0 [pid 9943] close(4) = 0 [pid 9943] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9943] truncate("./file2", 0) = 0 [pid 9943] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9943] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9943] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9943, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4519", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4519", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4519/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4519/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4519/binderfs") = 0 umount2("./4519/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4519/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4519/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4519/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4519/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4519/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4519") = 0 mkdir("./4520", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9945 ./strace-static-x86_64: Process 9945 attached [pid 9945] set_robust_list(0x55558abad660, 24) = 0 [pid 9945] chdir("./4520") = 0 [pid 9945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9945] setpgid(0, 0) = 0 [pid 9945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9945] write(3, "1000", 4) = 4 [pid 9945] close(3) = 0 [pid 9945] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9945] write(1, "executing program\n", 18executing program ) = 18 [pid 9945] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9945] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9945] memfd_create("syzkaller", 0) = 3 [pid 9945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9945] munmap(0x7ff698483000, 138412032) = 0 [pid 9945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 567.429711][ T9943] loop0: detected capacity change from 0 to 512 [ 567.437554][ T9943] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 567.448227][ T9943] EXT4-fs (loop0): 1 truncate cleaned up [ 567.454939][ T9943] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9945] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9945] close(3) = 0 [pid 9945] close(4) = 0 [pid 9945] mkdir("./file0", 0777) = 0 [pid 9945] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9945] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9945] chdir("./file0") = 0 [pid 9945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9945] ioctl(4, LOOP_CLR_FD) = 0 [pid 9945] close(4) = 0 [pid 9945] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9945] truncate("./file2", 0) = 0 [pid 9945] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9945] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9945] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9945, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4520", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4520", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4520/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4520/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4520/binderfs") = 0 umount2("./4520/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4520/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4520/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4520/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4520/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4520/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4520") = 0 mkdir("./4521", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9947 ./strace-static-x86_64: Process 9947 attached [pid 9947] set_robust_list(0x55558abad660, 24) = 0 [pid 9947] chdir("./4521") = 0 [pid 9947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9947] setpgid(0, 0) = 0 [pid 9947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 9947] write(3, "1000", 4) = 4 [pid 9947] close(3) = 0 [pid 9947] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9947] write(1, "executing program\n", 18) = 18 [pid 9947] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9947] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9947] memfd_create("syzkaller", 0) = 3 [pid 9947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9947] munmap(0x7ff698483000, 138412032) = 0 [pid 9947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 567.492742][ T9945] loop0: detected capacity change from 0 to 512 [ 567.500069][ T9945] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 567.510724][ T9945] EXT4-fs (loop0): 1 truncate cleaned up [ 567.517578][ T9945] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9947] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9947] close(3) = 0 [pid 9947] close(4) = 0 [pid 9947] mkdir("./file0", 0777) = 0 [pid 9947] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9947] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9947] chdir("./file0") = 0 [pid 9947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9947] ioctl(4, LOOP_CLR_FD) = 0 [pid 9947] close(4) = 0 [pid 9947] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9947] truncate("./file2", 0) = 0 [pid 9947] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9947] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9947] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9947, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4521", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4521", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4521/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4521/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4521/binderfs") = 0 umount2("./4521/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4521/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4521/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4521/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4521/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4521/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4521") = 0 mkdir("./4522", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9949 ./strace-static-x86_64: Process 9949 attached [pid 9949] set_robust_list(0x55558abad660, 24) = 0 [pid 9949] chdir("./4522") = 0 [pid 9949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9949] setpgid(0, 0) = 0 [pid 9949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9949] write(3, "1000", 4) = 4 [pid 9949] close(3) = 0 [pid 9949] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9949] write(1, "executing program\n", 18) = 18 [pid 9949] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9949] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9949] memfd_create("syzkaller", 0) = 3 [pid 9949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9949] munmap(0x7ff698483000, 138412032) = 0 [pid 9949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 567.551637][ T9947] loop0: detected capacity change from 0 to 512 [ 567.558982][ T9947] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 567.569723][ T9947] EXT4-fs (loop0): 1 truncate cleaned up [ 567.577230][ T9947] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9949] close(3) = 0 [pid 9949] close(4) = 0 [pid 9949] mkdir("./file0", 0777) = 0 [pid 9949] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9949] chdir("./file0") = 0 [pid 9949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9949] ioctl(4, LOOP_CLR_FD) = 0 [pid 9949] close(4) = 0 [pid 9949] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9949] truncate("./file2", 0) = 0 [pid 9949] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9949] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9949] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9949, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4522", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4522", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4522/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4522/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4522/binderfs") = 0 umount2("./4522/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4522/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4522/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4522/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4522/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4522/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4522") = 0 mkdir("./4523", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9951 ./strace-static-x86_64: Process 9951 attached [pid 9951] set_robust_list(0x55558abad660, 24) = 0 [pid 9951] chdir("./4523") = 0 [pid 9951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9951] setpgid(0, 0) = 0 executing program [pid 9951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9951] write(3, "1000", 4) = 4 [pid 9951] close(3) = 0 [pid 9951] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9951] write(1, "executing program\n", 18) = 18 [pid 9951] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9951] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9951] memfd_create("syzkaller", 0) = 3 [pid 9951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9951] munmap(0x7ff698483000, 138412032) = 0 [pid 9951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 567.612079][ T9949] loop0: detected capacity change from 0 to 512 [ 567.619438][ T9949] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 567.630144][ T9949] EXT4-fs (loop0): 1 truncate cleaned up [ 567.637130][ T9949] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9951] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9951] close(3) = 0 [pid 9951] close(4) = 0 [pid 9951] mkdir("./file0", 0777) = 0 [pid 9951] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9951] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9951] chdir("./file0") = 0 [pid 9951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9951] ioctl(4, LOOP_CLR_FD) = 0 [pid 9951] close(4) = 0 [pid 9951] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9951] truncate("./file2", 0) = 0 [pid 9951] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9951] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9951] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9951, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4523", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4523", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4523/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4523/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4523/binderfs") = 0 umount2("./4523/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4523/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4523/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4523/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4523/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4523/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4523") = 0 mkdir("./4524", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9953 ./strace-static-x86_64: Process 9953 attached [pid 9953] set_robust_list(0x55558abad660, 24) = 0 [pid 9953] chdir("./4524") = 0 [pid 9953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9953] setpgid(0, 0) = 0 [pid 9953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9953] write(3, "1000", 4) = 4 [pid 9953] close(3) = 0 [pid 9953] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9953] write(1, "executing program\n", 18) = 18 [pid 9953] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9953] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9953] memfd_create("syzkaller", 0) = 3 [pid 9953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9953] munmap(0x7ff698483000, 138412032) = 0 [pid 9953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 567.671934][ T9951] loop0: detected capacity change from 0 to 512 [ 567.679270][ T9951] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 567.690244][ T9951] EXT4-fs (loop0): 1 truncate cleaned up [ 567.697239][ T9951] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9953] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9953] close(3) = 0 [pid 9953] close(4) = 0 [pid 9953] mkdir("./file0", 0777) = 0 [pid 9953] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9953] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9953] chdir("./file0") = 0 [pid 9953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9953] ioctl(4, LOOP_CLR_FD) = 0 [pid 9953] close(4) = 0 [pid 9953] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9953] truncate("./file2", 0) = 0 [pid 9953] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9953] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9953] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9953, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4524", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4524", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4524/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4524/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4524/binderfs") = 0 umount2("./4524/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4524/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4524/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4524/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4524/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4524/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4524") = 0 mkdir("./4525", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9955 ./strace-static-x86_64: Process 9955 attached [pid 9955] set_robust_list(0x55558abad660, 24) = 0 [pid 9955] chdir("./4525") = 0 [pid 9955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9955] setpgid(0, 0) = 0 [pid 9955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9955] write(3, "1000", 4) = 4 [pid 9955] close(3) = 0 [pid 9955] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9955] write(1, "executing program\n", 18executing program ) = 18 [pid 9955] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9955] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9955] memfd_create("syzkaller", 0) = 3 [pid 9955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9955] munmap(0x7ff698483000, 138412032) = 0 [ 567.724157][ T9953] loop0: detected capacity change from 0 to 512 [ 567.731603][ T9953] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 567.742352][ T9953] EXT4-fs (loop0): 1 truncate cleaned up [ 567.749930][ T9953] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9955] close(3) = 0 [pid 9955] close(4) = 0 [pid 9955] mkdir("./file0", 0777) = 0 [pid 9955] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9955] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9955] chdir("./file0") = 0 [pid 9955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9955] ioctl(4, LOOP_CLR_FD) = 0 [pid 9955] close(4) = 0 [pid 9955] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9955] truncate("./file2", 0) = 0 [pid 9955] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9955] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9955] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9955, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4525", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4525", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4525/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4525/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4525/binderfs") = 0 umount2("./4525/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4525/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4525/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4525/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4525/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4525/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4525") = 0 mkdir("./4526", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9957 ./strace-static-x86_64: Process 9957 attached [pid 9957] set_robust_list(0x55558abad660, 24) = 0 [pid 9957] chdir("./4526") = 0 [pid 9957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9957] setpgid(0, 0) = 0 [pid 9957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9957] write(3, "1000", 4) = 4 [pid 9957] close(3) = 0 [pid 9957] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9957] write(1, "executing program\n", 18) = 18 [pid 9957] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9957] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9957] memfd_create("syzkaller", 0) = 3 [pid 9957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9957] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9957] munmap(0x7ff698483000, 138412032) = 0 [pid 9957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 567.790351][ T9955] loop0: detected capacity change from 0 to 512 [ 567.797662][ T9955] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 567.808625][ T9955] EXT4-fs (loop0): 1 truncate cleaned up [ 567.815657][ T9955] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9957] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9957] close(3) = 0 [pid 9957] close(4) = 0 [pid 9957] mkdir("./file0", 0777) = 0 [pid 9957] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9957] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9957] chdir("./file0") = 0 [pid 9957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9957] ioctl(4, LOOP_CLR_FD) = 0 [pid 9957] close(4) = 0 [pid 9957] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9957] truncate("./file2", 0) = 0 [pid 9957] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9957] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9957] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9957, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4526", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4526", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4526/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4526/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4526/binderfs") = 0 umount2("./4526/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4526/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4526/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4526/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4526/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4526/file0"executing program ) = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4526") = 0 mkdir("./4527", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9959 ./strace-static-x86_64: Process 9959 attached [pid 9959] set_robust_list(0x55558abad660, 24) = 0 [pid 9959] chdir("./4527") = 0 [pid 9959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9959] setpgid(0, 0) = 0 [pid 9959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9959] write(3, "1000", 4) = 4 [pid 9959] close(3) = 0 [pid 9959] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9959] write(1, "executing program\n", 18) = 18 [pid 9959] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9959] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9959] memfd_create("syzkaller", 0) = 3 [pid 9959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9959] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9959] munmap(0x7ff698483000, 138412032) = 0 [pid 9959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 567.851878][ T9957] loop0: detected capacity change from 0 to 512 [ 567.860324][ T9957] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 567.871432][ T9957] EXT4-fs (loop0): 1 truncate cleaned up [ 567.879270][ T9957] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9959] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9959] close(3) = 0 [pid 9959] close(4) = 0 [pid 9959] mkdir("./file0", 0777) = 0 [pid 9959] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9959] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9959] chdir("./file0") = 0 [pid 9959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9959] ioctl(4, LOOP_CLR_FD) = 0 [pid 9959] close(4) = 0 [pid 9959] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9959] truncate("./file2", 0) = 0 [pid 9959] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9959] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9959] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9959, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4527", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4527", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4527/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4527/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4527/binderfs") = 0 umount2("./4527/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4527/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4527/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4527/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4527/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4527/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4527") = 0 mkdir("./4528", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9961 ./strace-static-x86_64: Process 9961 attached [pid 9961] set_robust_list(0x55558abad660, 24) = 0 [pid 9961] chdir("./4528") = 0 [pid 9961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9961] setpgid(0, 0) = 0 [pid 9961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9961] write(3, "1000", 4) = 4 [pid 9961] close(3) = 0 [pid 9961] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9961] write(1, "executing program\n", 18) = 18 [pid 9961] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9961] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9961] memfd_create("syzkaller", 0) = 3 [pid 9961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9961] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9961] munmap(0x7ff698483000, 138412032) = 0 [pid 9961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 567.915647][ T9959] loop0: detected capacity change from 0 to 512 [ 567.923016][ T9959] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 567.933535][ T9959] EXT4-fs (loop0): 1 truncate cleaned up [ 567.941008][ T9959] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9961] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9961] close(3) = 0 [pid 9961] close(4) = 0 [pid 9961] mkdir("./file0", 0777) = 0 [pid 9961] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9961] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9961] chdir("./file0") = 0 [pid 9961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9961] ioctl(4, LOOP_CLR_FD) = 0 [pid 9961] close(4) = 0 [pid 9961] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9961] truncate("./file2", 0) = 0 [pid 9961] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9961] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9961] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9961, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4528", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4528", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4528/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4528/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4528/binderfs") = 0 umount2("./4528/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4528/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4528/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4528/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4528/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4528/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4528") = 0 mkdir("./4529", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9963 ./strace-static-x86_64: Process 9963 attached [pid 9963] set_robust_list(0x55558abad660, 24) = 0 [pid 9963] chdir("./4529") = 0 [pid 9963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9963] setpgid(0, 0) = 0 [pid 9963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9963] write(3, "1000", 4) = 4 [pid 9963] close(3) = 0 [pid 9963] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9963] write(1, "executing program\n", 18) = 18 [pid 9963] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9963] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9963] memfd_create("syzkaller", 0) = 3 [pid 9963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9963] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9963] munmap(0x7ff698483000, 138412032) = 0 [pid 9963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 567.977049][ T9961] loop0: detected capacity change from 0 to 512 [ 567.985550][ T9961] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 567.996725][ T9961] EXT4-fs (loop0): 1 truncate cleaned up [ 568.003721][ T9961] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9963] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9963] close(3) = 0 [pid 9963] close(4) = 0 [pid 9963] mkdir("./file0", 0777) = 0 [pid 9963] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9963] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9963] chdir("./file0") = 0 [pid 9963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9963] ioctl(4, LOOP_CLR_FD) = 0 [pid 9963] close(4) = 0 [pid 9963] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9963] truncate("./file2", 0) = 0 [pid 9963] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9963] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9963] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9963, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4529", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4529", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4529/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4529/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4529/binderfs") = 0 umount2("./4529/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4529/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4529/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4529/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4529/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4529/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4529") = 0 mkdir("./4530", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9965 ./strace-static-x86_64: Process 9965 attached [pid 9965] set_robust_list(0x55558abad660, 24) = 0 [pid 9965] chdir("./4530") = 0 [pid 9965] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9965] setpgid(0, 0) = 0 [pid 9965] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9965] write(3, "1000", 4) = 4 [pid 9965] close(3) = 0 [pid 9965] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9965] write(1, "executing program\n", 18) = 18 [pid 9965] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9965] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9965] memfd_create("syzkaller", 0) = 3 [pid 9965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9965] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9965] munmap(0x7ff698483000, 138412032) = 0 [pid 9965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 568.037732][ T9963] loop0: detected capacity change from 0 to 512 [ 568.045218][ T9963] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 568.056133][ T9963] EXT4-fs (loop0): 1 truncate cleaned up [ 568.063523][ T9963] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9965] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9965] close(3) = 0 [pid 9965] close(4) = 0 [pid 9965] mkdir("./file0", 0777) = 0 [pid 9965] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9965] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9965] chdir("./file0") = 0 [pid 9965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9965] ioctl(4, LOOP_CLR_FD) = 0 [pid 9965] close(4) = 0 [pid 9965] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9965] truncate("./file2", 0) = 0 [pid 9965] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9965] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9965] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9965, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4530", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4530", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4530/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4530/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4530/binderfs") = 0 umount2("./4530/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4530/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4530/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4530/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4530/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4530/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4530") = 0 mkdir("./4531", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9967 ./strace-static-x86_64: Process 9967 attached [pid 9967] set_robust_list(0x55558abad660, 24) = 0 [pid 9967] chdir("./4531") = 0 [pid 9967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9967] setpgid(0, 0) = 0 [pid 9967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9967] write(3, "1000", 4) = 4 [pid 9967] close(3) = 0 [pid 9967] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9967] write(1, "executing program\n", 18executing program ) = 18 [pid 9967] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9967] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9967] memfd_create("syzkaller", 0) = 3 [pid 9967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9967] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9967] munmap(0x7ff698483000, 138412032) = 0 [ 568.097076][ T9965] loop0: detected capacity change from 0 to 512 [ 568.104395][ T9965] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 568.114971][ T9965] EXT4-fs (loop0): 1 truncate cleaned up [ 568.121952][ T9965] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9967] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9967] close(3) = 0 [pid 9967] close(4) = 0 [pid 9967] mkdir("./file0", 0777) = 0 [pid 9967] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9967] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9967] chdir("./file0") = 0 [pid 9967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9967] ioctl(4, LOOP_CLR_FD) = 0 [pid 9967] close(4) = 0 [pid 9967] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9967] truncate("./file2", 0) = 0 [pid 9967] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9967] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9967] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9967, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4531", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4531", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4531/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4531/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4531/binderfs") = 0 umount2("./4531/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4531/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4531/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4531/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4531/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4531/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4531") = 0 mkdir("./4532", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9970 ./strace-static-x86_64: Process 9970 attached [pid 9970] set_robust_list(0x55558abad660, 24) = 0 [pid 9970] chdir("./4532") = 0 [pid 9970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9970] setpgid(0, 0) = 0 [pid 9970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9970] write(3, "1000", 4) = 4 [pid 9970] close(3) = 0 [pid 9970] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9970] write(1, "executing program\n", 18executing program ) = 18 [pid 9970] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9970] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9970] memfd_create("syzkaller", 0) = 3 [pid 9970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9970] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9970] munmap(0x7ff698483000, 138412032) = 0 [pid 9970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 568.163074][ T9967] loop0: detected capacity change from 0 to 512 [ 568.170458][ T9967] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 568.181100][ T9967] EXT4-fs (loop0): 1 truncate cleaned up [ 568.188550][ T9967] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9970] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9970] close(3) = 0 [pid 9970] close(4) = 0 [pid 9970] mkdir("./file0", 0777) = 0 [pid 9970] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9970] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9970] chdir("./file0") = 0 [pid 9970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9970] ioctl(4, LOOP_CLR_FD) = 0 [pid 9970] close(4) = 0 [pid 9970] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9970] truncate("./file2", 0) = 0 [pid 9970] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9970] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9970] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9970, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4532", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4532", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4532/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4532/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4532/binderfs") = 0 umount2("./4532/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4532/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4532/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4532/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4532/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4532/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4532") = 0 mkdir("./4533", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9972 ./strace-static-x86_64: Process 9972 attached [pid 9972] set_robust_list(0x55558abad660, 24) = 0 [pid 9972] chdir("./4533") = 0 [pid 9972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9972] setpgid(0, 0) = 0 [pid 9972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9972] write(3, "1000", 4) = 4 [pid 9972] close(3) = 0 [pid 9972] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9972] write(1, "executing program\n", 18) = 18 [pid 9972] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9972] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9972] memfd_create("syzkaller", 0) = 3 [pid 9972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9972] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9972] munmap(0x7ff698483000, 138412032) = 0 [pid 9972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 568.226991][ T9970] loop0: detected capacity change from 0 to 512 [ 568.234349][ T9970] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 568.244896][ T9970] EXT4-fs (loop0): 1 truncate cleaned up [ 568.251950][ T9970] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9972] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9972] close(3) = 0 [pid 9972] close(4) = 0 [pid 9972] mkdir("./file0", 0777) = 0 [pid 9972] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9972] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9972] chdir("./file0") = 0 [pid 9972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9972] ioctl(4, LOOP_CLR_FD) = 0 [pid 9972] close(4) = 0 [pid 9972] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9972] truncate("./file2", 0) = 0 [pid 9972] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9972] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9972] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9972, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4533", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4533", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4533/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4533/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4533/binderfs") = 0 umount2("./4533/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4533/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4533/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4533/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4533/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4533/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4533") = 0 mkdir("./4534", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9974 ./strace-static-x86_64: Process 9974 attached [pid 9974] set_robust_list(0x55558abad660, 24) = 0 [pid 9974] chdir("./4534") = 0 [pid 9974] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9974] setpgid(0, 0) = 0 [pid 9974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9974] write(3, "1000", 4) = 4 [pid 9974] close(3) = 0 [pid 9974] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9974] write(1, "executing program\n", 18) = 18 [pid 9974] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9974] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9974] memfd_create("syzkaller", 0) = 3 [pid 9974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9974] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9974] munmap(0x7ff698483000, 138412032) = 0 [pid 9974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 568.288682][ T9972] loop0: detected capacity change from 0 to 512 [ 568.296077][ T9972] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 568.306802][ T9972] EXT4-fs (loop0): 1 truncate cleaned up [ 568.313544][ T9972] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9974] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9974] close(3) = 0 [pid 9974] close(4) = 0 [pid 9974] mkdir("./file0", 0777) = 0 [pid 9974] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9974] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9974] chdir("./file0") = 0 [pid 9974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9974] ioctl(4, LOOP_CLR_FD) = 0 [pid 9974] close(4) = 0 [pid 9974] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9974] truncate("./file2", 0) = 0 [pid 9974] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9974] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9974] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9974, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4534", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4534", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4534/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4534/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4534/binderfs") = 0 umount2("./4534/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4534/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4534/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4534/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4534/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4534/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4534") = 0 mkdir("./4535", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9976 ./strace-static-x86_64: Process 9976 attached [pid 9976] set_robust_list(0x55558abad660, 24) = 0 [pid 9976] chdir("./4535") = 0 [pid 9976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9976] setpgid(0, 0) = 0 [pid 9976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9976] write(3, "1000", 4) = 4 [pid 9976] close(3) = 0 [pid 9976] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9976] write(1, "executing program\n", 18) = 18 [pid 9976] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9976] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9976] memfd_create("syzkaller", 0) = 3 [pid 9976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9976] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9976] munmap(0x7ff698483000, 138412032) = 0 [pid 9976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 568.342134][ T9974] loop0: detected capacity change from 0 to 512 [ 568.349728][ T9974] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 568.360667][ T9974] EXT4-fs (loop0): 1 truncate cleaned up [ 568.368665][ T9974] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9976] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9976] close(3) = 0 [pid 9976] close(4) = 0 [pid 9976] mkdir("./file0", 0777) = 0 [pid 9976] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9976] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9976] chdir("./file0") = 0 [pid 9976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9976] ioctl(4, LOOP_CLR_FD) = 0 [pid 9976] close(4) = 0 [pid 9976] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9976] truncate("./file2", 0) = 0 [pid 9976] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9976] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9976] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9976, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4535", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4535", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4535/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4535/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4535/binderfs") = 0 umount2("./4535/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4535/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4535/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4535/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4535/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4535/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4535") = 0 mkdir("./4536", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9978 ./strace-static-x86_64: Process 9978 attached [pid 9978] set_robust_list(0x55558abad660, 24) = 0 [pid 9978] chdir("./4536") = 0 [pid 9978] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9978] setpgid(0, 0) = 0 [pid 9978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9978] write(3, "1000", 4) = 4 [pid 9978] close(3) = 0 [pid 9978] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9978] write(1, "executing program\n", 18) = 18 [pid 9978] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9978] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9978] memfd_create("syzkaller", 0) = 3 [pid 9978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9978] munmap(0x7ff698483000, 138412032) = 0 [pid 9978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 568.405912][ T9976] loop0: detected capacity change from 0 to 512 [ 568.413398][ T9976] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 568.424065][ T9976] EXT4-fs (loop0): 1 truncate cleaned up [ 568.430888][ T9976] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9978] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9978] close(3) = 0 [pid 9978] close(4) = 0 [pid 9978] mkdir("./file0", 0777) = 0 [pid 9978] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9978] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9978] chdir("./file0") = 0 [pid 9978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9978] ioctl(4, LOOP_CLR_FD) = 0 [pid 9978] close(4) = 0 [pid 9978] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9978] truncate("./file2", 0) = 0 [pid 9978] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9978] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9978] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9978, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4536", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4536", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4536/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4536/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4536/binderfs") = 0 umount2("./4536/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4536/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4536/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4536/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4536/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4536/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4536") = 0 mkdir("./4537", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9980 ./strace-static-x86_64: Process 9980 attached [pid 9980] set_robust_list(0x55558abad660, 24) = 0 [pid 9980] chdir("./4537") = 0 [pid 9980] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9980] setpgid(0, 0) = 0 [pid 9980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9980] write(3, "1000", 4) = 4 [pid 9980] close(3) = 0 [pid 9980] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9980] write(1, "executing program\n", 18) = 18 [pid 9980] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9980] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9980] memfd_create("syzkaller", 0) = 3 [pid 9980] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9980] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9980] munmap(0x7ff698483000, 138412032) = 0 [pid 9980] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 568.468756][ T9978] loop0: detected capacity change from 0 to 512 [ 568.476280][ T9978] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 568.487067][ T9978] EXT4-fs (loop0): 1 truncate cleaned up [ 568.493939][ T9978] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9980] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9980] close(3) = 0 [pid 9980] close(4) = 0 [pid 9980] mkdir("./file0", 0777) = 0 [pid 9980] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9980] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9980] chdir("./file0") = 0 [pid 9980] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9980] ioctl(4, LOOP_CLR_FD) = 0 [pid 9980] close(4) = 0 [pid 9980] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9980] truncate("./file2", 0) = 0 [pid 9980] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9980] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9980] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9980, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4537", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4537", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4537/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4537/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4537/binderfs") = 0 umount2("./4537/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4537/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4537/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4537/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4537/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4537/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4537") = 0 mkdir("./4538", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9982 ./strace-static-x86_64: Process 9982 attached [pid 9982] set_robust_list(0x55558abad660, 24) = 0 [pid 9982] chdir("./4538") = 0 [pid 9982] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9982] setpgid(0, 0) = 0 [pid 9982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9982] write(3, "1000", 4) = 4 [pid 9982] close(3) = 0 [pid 9982] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9982] write(1, "executing program\n", 18executing program ) = 18 [pid 9982] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9982] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9982] memfd_create("syzkaller", 0) = 3 [pid 9982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9982] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9982] munmap(0x7ff698483000, 138412032) = 0 [pid 9982] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 568.521658][ T9980] loop0: detected capacity change from 0 to 512 [ 568.529406][ T9980] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 568.540038][ T9980] EXT4-fs (loop0): 1 truncate cleaned up [ 568.547154][ T9980] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9982] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9982] close(3) = 0 [pid 9982] close(4) = 0 [pid 9982] mkdir("./file0", 0777) = 0 [pid 9982] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9982] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9982] chdir("./file0") = 0 [pid 9982] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9982] ioctl(4, LOOP_CLR_FD) = 0 [pid 9982] close(4) = 0 [pid 9982] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9982] truncate("./file2", 0) = 0 [pid 9982] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9982] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9982] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9982, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4538", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4538", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4538/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4538/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4538/binderfs") = 0 umount2("./4538/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4538/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4538/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4538/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4538/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4538/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4538") = 0 mkdir("./4539", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 9984 ./strace-static-x86_64: Process 9984 attached [pid 9984] set_robust_list(0x55558abad660, 24) = 0 [pid 9984] chdir("./4539") = 0 [pid 9984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9984] setpgid(0, 0) = 0 [pid 9984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9984] write(3, "1000", 4) = 4 [pid 9984] close(3) = 0 [pid 9984] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9984] write(1, "executing program\n", 18) = 18 [pid 9984] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9984] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9984] memfd_create("syzkaller", 0) = 3 [pid 9984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9984] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9984] munmap(0x7ff698483000, 138412032) = 0 [pid 9984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 568.585279][ T9982] loop0: detected capacity change from 0 to 512 [ 568.592835][ T9982] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 568.603606][ T9982] EXT4-fs (loop0): 1 truncate cleaned up [ 568.610466][ T9982] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9984] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9984] close(3) = 0 [pid 9984] close(4) = 0 [pid 9984] mkdir("./file0", 0777) = 0 [pid 9984] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9984] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9984] chdir("./file0") = 0 [pid 9984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9984] ioctl(4, LOOP_CLR_FD) = 0 [pid 9984] close(4) = 0 [pid 9984] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9984] truncate("./file2", 0) = 0 [pid 9984] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9984] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9984] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9984, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4539", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4539", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4539/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4539/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4539/binderfs") = 0 umount2("./4539/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4539/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4539/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4539/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4539/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4539/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4539") = 0 mkdir("./4540", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9986 ./strace-static-x86_64: Process 9986 attached [pid 9986] set_robust_list(0x55558abad660, 24) = 0 [pid 9986] chdir("./4540") = 0 [pid 9986] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9986] setpgid(0, 0) = 0 [pid 9986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 9986] write(3, "1000", 4) = 4 [pid 9986] close(3) = 0 [pid 9986] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9986] write(1, "executing program\n", 18) = 18 [pid 9986] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9986] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9986] memfd_create("syzkaller", 0) = 3 [pid 9986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9986] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9986] munmap(0x7ff698483000, 138412032) = 0 [pid 9986] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 568.648043][ T9984] loop0: detected capacity change from 0 to 512 [ 568.655466][ T9984] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 568.666235][ T9984] EXT4-fs (loop0): 1 truncate cleaned up [ 568.673581][ T9984] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9986] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9986] close(3) = 0 [pid 9986] close(4) = 0 [pid 9986] mkdir("./file0", 0777) = 0 [pid 9986] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9986] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9986] chdir("./file0") = 0 [pid 9986] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9986] ioctl(4, LOOP_CLR_FD) = 0 [pid 9986] close(4) = 0 [pid 9986] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9986] truncate("./file2", 0) = 0 [pid 9986] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9986] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9986] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9986, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4540", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4540", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4540/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4540/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4540/binderfs") = 0 umount2("./4540/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4540/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4540/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4540/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4540/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4540/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4540") = 0 mkdir("./4541", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9988 ./strace-static-x86_64: Process 9988 attached [pid 9988] set_robust_list(0x55558abad660, 24) = 0 [pid 9988] chdir("./4541") = 0 [pid 9988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9988] setpgid(0, 0) = 0 [pid 9988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9988] write(3, "1000", 4) = 4 [pid 9988] close(3) = 0 [pid 9988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9988] write(1, "executing program\n", 18executing program ) = 18 [pid 9988] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9988] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9988] memfd_create("syzkaller", 0) = 3 [pid 9988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9988] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9988] munmap(0x7ff698483000, 138412032) = 0 [pid 9988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 568.709163][ T9986] loop0: detected capacity change from 0 to 512 [ 568.716535][ T9986] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 568.727255][ T9986] EXT4-fs (loop0): 1 truncate cleaned up [ 568.734258][ T9986] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9988] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9988] close(3) = 0 [pid 9988] close(4) = 0 [pid 9988] mkdir("./file0", 0777) = 0 [pid 9988] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9988] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9988] chdir("./file0") = 0 [pid 9988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9988] ioctl(4, LOOP_CLR_FD) = 0 [pid 9988] close(4) = 0 [pid 9988] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9988] truncate("./file2", 0) = 0 [pid 9988] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9988] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9988] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9988, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4541", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4541", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4541/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4541/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4541/binderfs") = 0 umount2("./4541/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4541/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4541/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4541/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4541/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4541/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4541") = 0 mkdir("./4542", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9990 ./strace-static-x86_64: Process 9990 attached [pid 9990] set_robust_list(0x55558abad660, 24) = 0 [pid 9990] chdir("./4542") = 0 [pid 9990] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9990] setpgid(0, 0) = 0 [pid 9990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9990] write(3, "1000", 4) = 4 [pid 9990] close(3) = 0 [pid 9990] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9990] write(1, "executing program\n", 18executing program ) = 18 [pid 9990] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9990] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9990] memfd_create("syzkaller", 0) = 3 [pid 9990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9990] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9990] munmap(0x7ff698483000, 138412032) = 0 [pid 9990] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 568.769937][ T9988] loop0: detected capacity change from 0 to 512 [ 568.777267][ T9988] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 568.787884][ T9988] EXT4-fs (loop0): 1 truncate cleaned up [ 568.794393][ T9988] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9990] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9990] close(3) = 0 [pid 9990] close(4) = 0 [pid 9990] mkdir("./file0", 0777) = 0 [pid 9990] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9990] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9990] chdir("./file0") = 0 [pid 9990] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9990] ioctl(4, LOOP_CLR_FD) = 0 [pid 9990] close(4) = 0 [pid 9990] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9990] truncate("./file2", 0) = 0 [pid 9990] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9990] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9990] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9990, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4542", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4542", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4542/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4542/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4542/binderfs") = 0 umount2("./4542/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4542/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4542/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4542/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4542/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4542/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4542") = 0 mkdir("./4543", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9992 ./strace-static-x86_64: Process 9992 attached [pid 9992] set_robust_list(0x55558abad660, 24) = 0 [pid 9992] chdir("./4543") = 0 [pid 9992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9992] setpgid(0, 0) = 0 [pid 9992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9992] write(3, "1000", 4) = 4 [pid 9992] close(3) = 0 [pid 9992] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 9992] write(1, "executing program\n", 18) = 18 [pid 9992] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9992] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9992] memfd_create("syzkaller", 0) = 3 [pid 9992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9992] munmap(0x7ff698483000, 138412032) = 0 [pid 9992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 568.826240][ T9990] loop0: detected capacity change from 0 to 512 [ 568.833454][ T9990] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 568.844065][ T9990] EXT4-fs (loop0): 1 truncate cleaned up [ 568.851866][ T9990] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9992] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9992] close(3) = 0 [pid 9992] close(4) = 0 [pid 9992] mkdir("./file0", 0777) = 0 [pid 9992] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9992] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9992] chdir("./file0") = 0 [pid 9992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9992] ioctl(4, LOOP_CLR_FD) = 0 [pid 9992] close(4) = 0 [pid 9992] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9992] truncate("./file2", 0) = 0 [pid 9992] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9992] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9992] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9992, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4543", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4543", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4543/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4543/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4543/binderfs") = 0 umount2("./4543/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4543/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4543/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4543/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4543/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4543/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4543") = 0 mkdir("./4544", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9994 ./strace-static-x86_64: Process 9994 attached [pid 9994] set_robust_list(0x55558abad660, 24) = 0 [pid 9994] chdir("./4544") = 0 [pid 9994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9994] setpgid(0, 0) = 0 [pid 9994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9994] write(3, "1000", 4) = 4 [pid 9994] close(3) = 0 [pid 9994] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 9994] write(1, "executing program\n", 18) = 18 [pid 9994] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9994] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9994] memfd_create("syzkaller", 0) = 3 [pid 9994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9994] munmap(0x7ff698483000, 138412032) = 0 [pid 9994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 568.886350][ T9992] loop0: detected capacity change from 0 to 512 [ 568.893702][ T9992] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 568.904407][ T9992] EXT4-fs (loop0): 1 truncate cleaned up [ 568.911493][ T9992] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9994] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9994] close(3) = 0 [pid 9994] close(4) = 0 [pid 9994] mkdir("./file0", 0777) = 0 [pid 9994] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9994] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9994] chdir("./file0") = 0 [pid 9994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9994] ioctl(4, LOOP_CLR_FD) = 0 [pid 9994] close(4) = 0 [pid 9994] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9994] truncate("./file2", 0) = 0 [pid 9994] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9994] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9994] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9994, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4544", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4544", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4544/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4544/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4544/binderfs") = 0 umount2("./4544/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4544/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4544/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4544/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4544/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4544/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4544") = 0 mkdir("./4545", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9996 ./strace-static-x86_64: Process 9996 attached [pid 9996] set_robust_list(0x55558abad660, 24) = 0 [pid 9996] chdir("./4545") = 0 [pid 9996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9996] setpgid(0, 0) = 0 [pid 9996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9996] write(3, "1000", 4) = 4 [pid 9996] close(3) = 0 [pid 9996] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9996] write(1, "executing program\n", 18executing program ) = 18 [pid 9996] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9996] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9996] memfd_create("syzkaller", 0) = 3 [pid 9996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9996] munmap(0x7ff698483000, 138412032) = 0 [pid 9996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 568.949584][ T9994] loop0: detected capacity change from 0 to 512 [ 568.957185][ T9994] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 568.967826][ T9994] EXT4-fs (loop0): 1 truncate cleaned up [ 568.974867][ T9994] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9996] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9996] close(3) = 0 [pid 9996] close(4) = 0 [pid 9996] mkdir("./file0", 0777) = 0 [pid 9996] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9996] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9996] chdir("./file0") = 0 [pid 9996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9996] ioctl(4, LOOP_CLR_FD) = 0 [pid 9996] close(4) = 0 [pid 9996] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9996] truncate("./file2", 0) = 0 [pid 9996] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9996] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9996] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9996, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4545", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4545", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4545/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4545/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4545/binderfs") = 0 umount2("./4545/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4545/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4545/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4545/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4545/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4545/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4545") = 0 mkdir("./4546", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 9998 ./strace-static-x86_64: Process 9998 attached [pid 9998] set_robust_list(0x55558abad660, 24) = 0 [pid 9998] chdir("./4546") = 0 [pid 9998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 9998] setpgid(0, 0) = 0 [pid 9998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 9998] write(3, "1000", 4) = 4 [pid 9998] close(3) = 0 [pid 9998] symlink("/dev/binderfs", "./binderfs") = 0 [pid 9998] write(1, "executing program\n", 18executing program ) = 18 [pid 9998] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 9998] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 9998] memfd_create("syzkaller", 0) = 3 [pid 9998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 9998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 9998] munmap(0x7ff698483000, 138412032) = 0 [pid 9998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 569.006976][ T9996] loop0: detected capacity change from 0 to 512 [ 569.014528][ T9996] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 569.025498][ T9996] EXT4-fs (loop0): 1 truncate cleaned up [ 569.033449][ T9996] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 9998] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 9998] close(3) = 0 [pid 9998] close(4) = 0 [pid 9998] mkdir("./file0", 0777) = 0 [pid 9998] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 9998] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 9998] chdir("./file0") = 0 [pid 9998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 9998] ioctl(4, LOOP_CLR_FD) = 0 [pid 9998] close(4) = 0 [pid 9998] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 9998] truncate("./file2", 0) = 0 [pid 9998] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 9998] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 9998] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=9998, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4546", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4546", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4546/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4546/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4546/binderfs") = 0 umount2("./4546/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4546/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4546/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4546/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4546/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4546/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4546") = 0 mkdir("./4547", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10000 ./strace-static-x86_64: Process 10000 attached [pid 10000] set_robust_list(0x55558abad660, 24) = 0 [pid 10000] chdir("./4547") = 0 [pid 10000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10000] setpgid(0, 0) = 0 [pid 10000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10000] write(3, "1000", 4) = 4 [pid 10000] close(3) = 0 [pid 10000] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10000] write(1, "executing program\n", 18) = 18 [pid 10000] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10000] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10000] memfd_create("syzkaller", 0) = 3 [pid 10000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10000] munmap(0x7ff698483000, 138412032) = 0 [pid 10000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 569.072893][ T9998] loop0: detected capacity change from 0 to 512 [ 569.080717][ T9998] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 569.091308][ T9998] EXT4-fs (loop0): 1 truncate cleaned up [ 569.098853][ T9998] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10000] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10000] close(3) = 0 [pid 10000] close(4) = 0 [pid 10000] mkdir("./file0", 0777) = 0 [pid 10000] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10000] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10000] chdir("./file0") = 0 [pid 10000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10000] ioctl(4, LOOP_CLR_FD) = 0 [pid 10000] close(4) = 0 [pid 10000] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10000] truncate("./file2", 0) = 0 [pid 10000] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10000] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10000] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10000, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4547", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4547", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4547/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4547/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4547/binderfs") = 0 umount2("./4547/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4547/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4547/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4547/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4547/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4547/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4547") = 0 mkdir("./4548", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10002 ./strace-static-x86_64: Process 10002 attached [pid 10002] set_robust_list(0x55558abad660, 24) = 0 [pid 10002] chdir("./4548") = 0 [pid 10002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10002] setpgid(0, 0) = 0 [pid 10002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10002] write(3, "1000", 4) = 4 [pid 10002] close(3) = 0 [pid 10002] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10002] write(1, "executing program\n", 18executing program ) = 18 [pid 10002] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10002] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10002] memfd_create("syzkaller", 0) = 3 [pid 10002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10002] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10002] munmap(0x7ff698483000, 138412032) = 0 [pid 10002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 569.141285][T10000] loop0: detected capacity change from 0 to 512 [ 569.148775][T10000] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 569.159512][T10000] EXT4-fs (loop0): 1 truncate cleaned up [ 569.167198][T10000] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10002] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10002] close(3) = 0 [pid 10002] close(4) = 0 [pid 10002] mkdir("./file0", 0777) = 0 [pid 10002] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10002] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10002] chdir("./file0") = 0 [pid 10002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10002] ioctl(4, LOOP_CLR_FD) = 0 [pid 10002] close(4) = 0 [pid 10002] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10002] truncate("./file2", 0) = 0 [pid 10002] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10002] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10002] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10002, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4548", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4548", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4548/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4548/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4548/binderfs") = 0 umount2("./4548/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4548/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4548/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4548/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4548/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4548/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4548") = 0 mkdir("./4549", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10005 ./strace-static-x86_64: Process 10005 attached [pid 10005] set_robust_list(0x55558abad660, 24) = 0 [pid 10005] chdir("./4549") = 0 [pid 10005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10005] setpgid(0, 0) = 0 [pid 10005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10005] write(3, "1000", 4) = 4 [pid 10005] close(3) = 0 [pid 10005] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10005] write(1, "executing program\n", 18) = 18 [pid 10005] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10005] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10005] memfd_create("syzkaller", 0) = 3 [pid 10005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10005] munmap(0x7ff698483000, 138412032) = 0 [pid 10005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 569.212025][T10002] loop0: detected capacity change from 0 to 512 [ 569.219912][T10002] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 569.230872][T10002] EXT4-fs (loop0): 1 truncate cleaned up [ 569.238107][T10002] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10005] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10005] close(3) = 0 [pid 10005] close(4) = 0 [pid 10005] mkdir("./file0", 0777) = 0 [pid 10005] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10005] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10005] chdir("./file0") = 0 [pid 10005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10005] ioctl(4, LOOP_CLR_FD) = 0 [pid 10005] close(4) = 0 [pid 10005] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10005] truncate("./file2", 0) = 0 [pid 10005] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10005] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10005] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10005, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4549", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4549", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4549/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4549/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4549/binderfs") = 0 umount2("./4549/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4549/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4549/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4549/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4549/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4549/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4549") = 0 mkdir("./4550", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10007 ./strace-static-x86_64: Process 10007 attached [pid 10007] set_robust_list(0x55558abad660, 24) = 0 [pid 10007] chdir("./4550") = 0 [pid 10007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10007] setpgid(0, 0) = 0 [pid 10007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10007] write(3, "1000", 4) = 4 [pid 10007] close(3) = 0 [pid 10007] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10007] write(1, "executing program\n", 18) = 18 [pid 10007] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10007] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10007] memfd_create("syzkaller", 0) = 3 [pid 10007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10007] munmap(0x7ff698483000, 138412032) = 0 [pid 10007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 569.275047][T10005] loop0: detected capacity change from 0 to 512 [ 569.282459][T10005] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 569.293449][T10005] EXT4-fs (loop0): 1 truncate cleaned up [ 569.301190][T10005] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10007] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10007] close(3) = 0 [pid 10007] close(4) = 0 [pid 10007] mkdir("./file0", 0777) = 0 [pid 10007] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10007] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10007] chdir("./file0") = 0 [pid 10007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10007] ioctl(4, LOOP_CLR_FD) = 0 [pid 10007] close(4) = 0 [pid 10007] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10007] truncate("./file2", 0) = 0 [pid 10007] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10007] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10007] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10007, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4550", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4550", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4550/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4550/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4550/binderfs") = 0 umount2("./4550/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4550/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4550/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4550/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4550/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4550/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4550") = 0 mkdir("./4551", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10009 ./strace-static-x86_64: Process 10009 attached [pid 10009] set_robust_list(0x55558abad660, 24) = 0 [pid 10009] chdir("./4551") = 0 [pid 10009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10009] setpgid(0, 0) = 0 [pid 10009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10009] write(3, "1000", 4) = 4 [pid 10009] close(3) = 0 [pid 10009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10009] write(1, "executing program\n", 18executing program ) = 18 [pid 10009] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10009] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10009] memfd_create("syzkaller", 0) = 3 [pid 10009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10009] munmap(0x7ff698483000, 138412032) = 0 [pid 10009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 569.340952][T10007] loop0: detected capacity change from 0 to 512 [ 569.348257][T10007] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 569.358808][T10007] EXT4-fs (loop0): 1 truncate cleaned up [ 569.365491][T10007] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10009] close(3) = 0 [pid 10009] close(4) = 0 [pid 10009] mkdir("./file0", 0777) = 0 [pid 10009] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10009] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10009] chdir("./file0") = 0 [pid 10009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10009] ioctl(4, LOOP_CLR_FD) = 0 [pid 10009] close(4) = 0 [pid 10009] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10009] truncate("./file2", 0) = 0 [pid 10009] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10009] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10009] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10009, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4551", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4551", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4551/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4551/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4551/binderfs") = 0 umount2("./4551/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4551/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4551/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4551/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4551/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4551/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4551") = 0 mkdir("./4552", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10011 ./strace-static-x86_64: Process 10011 attached [pid 10011] set_robust_list(0x55558abad660, 24) = 0 [pid 10011] chdir("./4552") = 0 [pid 10011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10011] setpgid(0, 0) = 0 [pid 10011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10011] write(3, "1000", 4) = 4 [pid 10011] close(3) = 0 [pid 10011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10011] write(1, "executing program\n", 18) = 18 [pid 10011] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10011] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10011] memfd_create("syzkaller", 0) = 3 [pid 10011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10011] munmap(0x7ff698483000, 138412032) = 0 [pid 10011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 569.395925][T10009] loop0: detected capacity change from 0 to 512 [ 569.403473][T10009] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 569.414147][T10009] EXT4-fs (loop0): 1 truncate cleaned up [ 569.420944][T10009] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10011] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10011] close(3) = 0 [pid 10011] close(4) = 0 [pid 10011] mkdir("./file0", 0777) = 0 [pid 10011] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10011] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10011] chdir("./file0") = 0 [pid 10011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10011] ioctl(4, LOOP_CLR_FD) = 0 [pid 10011] close(4) = 0 [pid 10011] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10011] truncate("./file2", 0) = 0 [pid 10011] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10011] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10011] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10011, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4552", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4552", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4552/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4552/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4552/binderfs") = 0 umount2("./4552/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4552/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4552/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4552/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4552/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4552/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4552") = 0 mkdir("./4553", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10013 ./strace-static-x86_64: Process 10013 attached [pid 10013] set_robust_list(0x55558abad660, 24) = 0 [pid 10013] chdir("./4553") = 0 [pid 10013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10013] setpgid(0, 0) = 0 [pid 10013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 10013] write(3, "1000", 4) = 4 [pid 10013] close(3) = 0 [pid 10013] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10013] write(1, "executing program\n", 18) = 18 [pid 10013] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10013] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10013] memfd_create("syzkaller", 0) = 3 [pid 10013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10013] munmap(0x7ff698483000, 138412032) = 0 [pid 10013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 569.448944][T10011] loop0: detected capacity change from 0 to 512 [ 569.456610][T10011] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 569.467377][T10011] EXT4-fs (loop0): 1 truncate cleaned up [ 569.475032][T10011] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10013] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10013] close(3) = 0 [pid 10013] close(4) = 0 [pid 10013] mkdir("./file0", 0777) = 0 [pid 10013] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10013] chdir("./file0") = 0 [pid 10013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10013] ioctl(4, LOOP_CLR_FD) = 0 [pid 10013] close(4) = 0 [pid 10013] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10013] truncate("./file2", 0) = 0 [pid 10013] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10013] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10013] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10013, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4553", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4553", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4553/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4553/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4553/binderfs") = 0 umount2("./4553/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4553/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4553/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4553/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4553/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4553/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4553") = 0 mkdir("./4554", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10015 ./strace-static-x86_64: Process 10015 attached [pid 10015] set_robust_list(0x55558abad660, 24) = 0 [pid 10015] chdir("./4554") = 0 [pid 10015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10015] setpgid(0, 0) = 0 [pid 10015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10015] write(3, "1000", 4) = 4 [pid 10015] close(3) = 0 [pid 10015] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10015] write(1, "executing program\n", 18) = 18 [pid 10015] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10015] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10015] memfd_create("syzkaller", 0) = 3 [pid 10015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10015] munmap(0x7ff698483000, 138412032) = 0 [pid 10015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 569.516529][T10013] loop0: detected capacity change from 0 to 512 [ 569.524717][T10013] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 569.535762][T10013] EXT4-fs (loop0): 1 truncate cleaned up [ 569.542540][T10013] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10015] close(3) = 0 [pid 10015] close(4) = 0 [pid 10015] mkdir("./file0", 0777) = 0 [pid 10015] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10015] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10015] chdir("./file0") = 0 [pid 10015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10015] ioctl(4, LOOP_CLR_FD) = 0 [pid 10015] close(4) = 0 [pid 10015] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10015] truncate("./file2", 0) = 0 [pid 10015] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10015] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10015] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10015, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4554", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4554", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4554/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4554/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4554/binderfs") = 0 umount2("./4554/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4554/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4554/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4554/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4554/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4554/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4554") = 0 mkdir("./4555", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10017 ./strace-static-x86_64: Process 10017 attached [pid 10017] set_robust_list(0x55558abad660, 24) = 0 [pid 10017] chdir("./4555") = 0 [pid 10017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10017] setpgid(0, 0) = 0 [pid 10017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10017] write(3, "1000", 4) = 4 [pid 10017] close(3) = 0 [pid 10017] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10017] write(1, "executing program\n", 18) = 18 [pid 10017] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10017] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10017] memfd_create("syzkaller", 0) = 3 [pid 10017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10017] munmap(0x7ff698483000, 138412032) = 0 [pid 10017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 569.578572][T10015] loop0: detected capacity change from 0 to 512 [ 569.596110][T10015] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 569.607021][T10015] EXT4-fs (loop0): 1 truncate cleaned up [ 569.614030][T10015] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10017] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10017] close(3) = 0 [pid 10017] close(4) = 0 [pid 10017] mkdir("./file0", 0777) = 0 [pid 10017] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10017] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10017] chdir("./file0") = 0 [pid 10017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10017] ioctl(4, LOOP_CLR_FD) = 0 [pid 10017] close(4) = 0 [pid 10017] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10017] truncate("./file2", 0) = 0 [pid 10017] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10017] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10017] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10017, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4555", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4555", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4555/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4555/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4555/binderfs") = 0 umount2("./4555/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./4555/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4555/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4555/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4555/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4555/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4555") = 0 mkdir("./4556", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10019 ./strace-static-x86_64: Process 10019 attached [pid 10019] set_robust_list(0x55558abad660, 24) = 0 [pid 10019] chdir("./4556") = 0 [pid 10019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10019] setpgid(0, 0) = 0 [pid 10019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10019] write(3, "1000", 4) = 4 [pid 10019] close(3) = 0 [pid 10019] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10019] write(1, "executing program\n", 18) = 18 [pid 10019] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10019] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10019] memfd_create("syzkaller", 0) = 3 [pid 10019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10019] munmap(0x7ff698483000, 138412032) = 0 [pid 10019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 569.641431][T10017] loop0: detected capacity change from 0 to 512 [ 569.648823][T10017] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 569.659590][T10017] EXT4-fs (loop0): 1 truncate cleaned up [ 569.666278][T10017] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10019] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10019] close(3) = 0 [pid 10019] close(4) = 0 [pid 10019] mkdir("./file0", 0777) = 0 [pid 10019] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10019] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10019] chdir("./file0") = 0 [pid 10019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10019] ioctl(4, LOOP_CLR_FD) = 0 [pid 10019] close(4) = 0 [pid 10019] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10019] truncate("./file2", 0) = 0 [pid 10019] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10019] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10019] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10019, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4556", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4556", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4556/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4556/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4556/binderfs") = 0 umount2("./4556/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4556/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4556/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4556/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4556/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4556/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4556") = 0 mkdir("./4557", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10021 ./strace-static-x86_64: Process 10021 attached [pid 10021] set_robust_list(0x55558abad660, 24) = 0 [pid 10021] chdir("./4557") = 0 [pid 10021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10021] setpgid(0, 0) = 0 [pid 10021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10021] write(3, "1000", 4) = 4 [pid 10021] close(3) = 0 [pid 10021] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10021] write(1, "executing program\n", 18executing program ) = 18 [pid 10021] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10021] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10021] memfd_create("syzkaller", 0) = 3 [pid 10021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10021] munmap(0x7ff698483000, 138412032) = 0 [pid 10021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 569.702266][T10019] loop0: detected capacity change from 0 to 512 [ 569.709526][T10019] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 569.720201][T10019] EXT4-fs (loop0): 1 truncate cleaned up [ 569.727112][T10019] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10021] close(3) = 0 [pid 10021] close(4) = 0 [pid 10021] mkdir("./file0", 0777) = 0 [pid 10021] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10021] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10021] chdir("./file0") = 0 [pid 10021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10021] ioctl(4, LOOP_CLR_FD) = 0 [pid 10021] close(4) = 0 [pid 10021] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10021] truncate("./file2", 0) = 0 [pid 10021] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10021] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10021] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10021, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4557", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4557", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4557/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4557/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4557/binderfs") = 0 umount2("./4557/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./4557/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4557/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4557/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4557/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4557/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4557") = 0 mkdir("./4558", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10023 ./strace-static-x86_64: Process 10023 attached [pid 10023] set_robust_list(0x55558abad660, 24) = 0 [pid 10023] chdir("./4558") = 0 [pid 10023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10023] setpgid(0, 0) = 0 [pid 10023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10023] write(3, "1000", 4) = 4 [pid 10023] close(3) = 0 [pid 10023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10023] write(1, "executing program\n", 18) = 18 [pid 10023] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10023] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10023] memfd_create("syzkaller", 0) = 3 [pid 10023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10023] munmap(0x7ff698483000, 138412032) = 0 [pid 10023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 569.759158][T10021] loop0: detected capacity change from 0 to 512 [ 569.766849][T10021] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 569.777513][T10021] EXT4-fs (loop0): 1 truncate cleaned up [ 569.784789][T10021] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10023] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10023] close(3) = 0 [pid 10023] close(4) = 0 [pid 10023] mkdir("./file0", 0777) = 0 [pid 10023] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10023] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10023] chdir("./file0") = 0 [pid 10023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10023] ioctl(4, LOOP_CLR_FD) = 0 [pid 10023] close(4) = 0 [pid 10023] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10023] truncate("./file2", 0) = 0 [pid 10023] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10023] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10023] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10023, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4558", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4558", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4558/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4558/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4558/binderfs") = 0 umount2("./4558/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4558/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4558/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4558/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4558/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4558/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4558") = 0 mkdir("./4559", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10025 ./strace-static-x86_64: Process 10025 attached [pid 10025] set_robust_list(0x55558abad660, 24) = 0 [pid 10025] chdir("./4559") = 0 [pid 10025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10025] setpgid(0, 0) = 0 [pid 10025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10025] write(3, "1000", 4) = 4 [pid 10025] close(3) = 0 [pid 10025] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10025] write(1, "executing program\n", 18executing program ) = 18 [pid 10025] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10025] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10025] memfd_create("syzkaller", 0) = 3 [pid 10025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10025] munmap(0x7ff698483000, 138412032) = 0 [pid 10025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 569.821012][T10023] loop0: detected capacity change from 0 to 512 [ 569.828371][T10023] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 569.839367][T10023] EXT4-fs (loop0): 1 truncate cleaned up [ 569.846407][T10023] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10025] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10025] close(3) = 0 [pid 10025] close(4) = 0 [pid 10025] mkdir("./file0", 0777) = 0 [pid 10025] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10025] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10025] chdir("./file0") = 0 [pid 10025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10025] ioctl(4, LOOP_CLR_FD) = 0 [pid 10025] close(4) = 0 [pid 10025] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10025] truncate("./file2", 0) = 0 [pid 10025] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10025] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10025] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10025, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4559", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4559", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4559/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4559/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4559/binderfs") = 0 umount2("./4559/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4559/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4559/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4559/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4559/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4559/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4559") = 0 mkdir("./4560", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10027 ./strace-static-x86_64: Process 10027 attached [pid 10027] set_robust_list(0x55558abad660, 24) = 0 [pid 10027] chdir("./4560") = 0 [pid 10027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10027] setpgid(0, 0) = 0 [pid 10027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 10027] write(3, "1000", 4) = 4 [pid 10027] close(3) = 0 [pid 10027] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10027] write(1, "executing program\n", 18) = 18 [pid 10027] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10027] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10027] memfd_create("syzkaller", 0) = 3 [pid 10027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10027] munmap(0x7ff698483000, 138412032) = 0 [pid 10027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 569.878101][T10025] loop0: detected capacity change from 0 to 512 [ 569.885609][T10025] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 569.896639][T10025] EXT4-fs (loop0): 1 truncate cleaned up [ 569.904089][T10025] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10027] close(3) = 0 [pid 10027] close(4) = 0 [pid 10027] mkdir("./file0", 0777) = 0 [pid 10027] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10027] chdir("./file0") = 0 [pid 10027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10027] ioctl(4, LOOP_CLR_FD) = 0 [pid 10027] close(4) = 0 [pid 10027] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10027] truncate("./file2", 0) = 0 [pid 10027] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10027] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10027] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10027, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- umount2("./4560", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4560", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4560/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4560/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4560/binderfs") = 0 umount2("./4560/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4560/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4560/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4560/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4560/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4560/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4560") = 0 mkdir("./4561", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10029 ./strace-static-x86_64: Process 10029 attached [pid 10029] set_robust_list(0x55558abad660, 24) = 0 [pid 10029] chdir("./4561") = 0 [pid 10029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10029] setpgid(0, 0) = 0 [pid 10029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10029] write(3, "1000", 4) = 4 [pid 10029] close(3) = 0 [pid 10029] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10029] write(1, "executing program\n", 18) = 18 [pid 10029] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10029] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10029] memfd_create("syzkaller", 0) = 3 [pid 10029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10029] munmap(0x7ff698483000, 138412032) = 0 [pid 10029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 569.945047][T10027] loop0: detected capacity change from 0 to 512 [ 569.952774][T10027] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 569.963396][T10027] EXT4-fs (loop0): 1 truncate cleaned up [ 569.970659][T10027] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10029] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10029] close(3) = 0 [pid 10029] close(4) = 0 [pid 10029] mkdir("./file0", 0777) = 0 [pid 10029] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10029] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10029] chdir("./file0") = 0 [pid 10029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10029] ioctl(4, LOOP_CLR_FD) = 0 [pid 10029] close(4) = 0 [pid 10029] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10029] truncate("./file2", 0) = 0 [pid 10029] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10029] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10029] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10029, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4561", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4561", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4561/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4561/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4561/binderfs") = 0 umount2("./4561/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4561/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4561/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4561/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4561/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4561/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4561") = 0 mkdir("./4562", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10031 ./strace-static-x86_64: Process 10031 attached [pid 10031] set_robust_list(0x55558abad660, 24) = 0 [pid 10031] chdir("./4562") = 0 [pid 10031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10031] setpgid(0, 0) = 0 [pid 10031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10031] write(3, "1000", 4) = 4 [pid 10031] close(3) = 0 [pid 10031] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10031] write(1, "executing program\n", 18) = 18 [pid 10031] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10031] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10031] memfd_create("syzkaller", 0) = 3 [pid 10031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10031] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10031] munmap(0x7ff698483000, 138412032) = 0 [pid 10031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 569.998925][T10029] loop0: detected capacity change from 0 to 512 [ 570.007280][T10029] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 570.017900][T10029] EXT4-fs (loop0): 1 truncate cleaned up [ 570.024919][T10029] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10031] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10031] close(3) = 0 [pid 10031] close(4) = 0 [pid 10031] mkdir("./file0", 0777) = 0 [pid 10031] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10031] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10031] chdir("./file0") = 0 [pid 10031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10031] ioctl(4, LOOP_CLR_FD) = 0 [pid 10031] close(4) = 0 [pid 10031] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10031] truncate("./file2", 0) = 0 [pid 10031] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10031] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10031] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10031, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4562", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4562", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4562/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4562/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4562/binderfs") = 0 umount2("./4562/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4562/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4562/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4562/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4562/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4562/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4562") = 0 mkdir("./4563", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10033 ./strace-static-x86_64: Process 10033 attached [pid 10033] set_robust_list(0x55558abad660, 24) = 0 [pid 10033] chdir("./4563") = 0 [pid 10033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10033] setpgid(0, 0) = 0 [pid 10033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10033] write(3, "1000", 4) = 4 [pid 10033] close(3) = 0 [pid 10033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10033] write(1, "executing program\n", 18executing program ) = 18 [pid 10033] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10033] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10033] memfd_create("syzkaller", 0) = 3 [pid 10033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10033] munmap(0x7ff698483000, 138412032) = 0 [pid 10033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 570.057311][T10031] loop0: detected capacity change from 0 to 512 [ 570.064756][T10031] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 570.075584][T10031] EXT4-fs (loop0): 1 truncate cleaned up [ 570.082449][T10031] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10033] close(3) = 0 [pid 10033] close(4) = 0 [pid 10033] mkdir("./file0", 0777) = 0 [pid 10033] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10033] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10033] chdir("./file0") = 0 [pid 10033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10033] ioctl(4, LOOP_CLR_FD) = 0 [pid 10033] close(4) = 0 [pid 10033] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10033] truncate("./file2", 0) = 0 [pid 10033] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10033] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10033] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10033, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4563", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4563", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4563/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4563/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4563/binderfs") = 0 umount2("./4563/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4563/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4563/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4563/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4563/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4563/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4563") = 0 mkdir("./4564", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10035 ./strace-static-x86_64: Process 10035 attached [pid 10035] set_robust_list(0x55558abad660, 24) = 0 [pid 10035] chdir("./4564") = 0 [pid 10035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10035] setpgid(0, 0) = 0 [pid 10035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10035] write(3, "1000", 4) = 4 [pid 10035] close(3) = 0 [pid 10035] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10035] write(1, "executing program\n", 18) = 18 [pid 10035] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10035] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10035] memfd_create("syzkaller", 0) = 3 [pid 10035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10035] munmap(0x7ff698483000, 138412032) = 0 [pid 10035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 570.119033][T10033] loop0: detected capacity change from 0 to 512 [ 570.126399][T10033] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 570.137529][T10033] EXT4-fs (loop0): 1 truncate cleaned up [ 570.144360][T10033] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10035] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10035] close(3) = 0 [pid 10035] close(4) = 0 [pid 10035] mkdir("./file0", 0777) = 0 [pid 10035] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10035] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10035] chdir("./file0") = 0 [pid 10035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10035] ioctl(4, LOOP_CLR_FD) = 0 [pid 10035] close(4) = 0 [pid 10035] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10035] truncate("./file2", 0) = 0 [pid 10035] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10035] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10035] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10035, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4564", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4564", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4564/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4564/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4564/binderfs") = 0 umount2("./4564/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4564/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4564/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4564/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4564/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4564/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4564") = 0 mkdir("./4565", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10038 ./strace-static-x86_64: Process 10038 attached [pid 10038] set_robust_list(0x55558abad660, 24) = 0 [pid 10038] chdir("./4565") = 0 [pid 10038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10038] setpgid(0, 0) = 0 [pid 10038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10038] write(3, "1000", 4) = 4 [pid 10038] close(3) = 0 [pid 10038] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10038] write(1, "executing program\n", 18) = 18 [pid 10038] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10038] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10038] memfd_create("syzkaller", 0) = 3 [pid 10038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10038] munmap(0x7ff698483000, 138412032) = 0 [pid 10038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 570.177473][T10035] loop0: detected capacity change from 0 to 512 [ 570.184831][T10035] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 570.195536][T10035] EXT4-fs (loop0): 1 truncate cleaned up [ 570.202648][T10035] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10038] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10038] close(3) = 0 [pid 10038] close(4) = 0 [pid 10038] mkdir("./file0", 0777) = 0 [pid 10038] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10038] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10038] chdir("./file0") = 0 [pid 10038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10038] ioctl(4, LOOP_CLR_FD) = 0 [pid 10038] close(4) = 0 [pid 10038] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10038] truncate("./file2", 0) = 0 [pid 10038] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10038] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10038] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10038, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4565", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4565", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4565/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4565/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4565/binderfs") = 0 umount2("./4565/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4565/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4565/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4565/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4565/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4565/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4565") = 0 mkdir("./4566", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10040 ./strace-static-x86_64: Process 10040 attached [pid 10040] set_robust_list(0x55558abad660, 24) = 0 [pid 10040] chdir("./4566") = 0 [pid 10040] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10040] setpgid(0, 0) = 0 [pid 10040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10040] write(3, "1000", 4) = 4 [pid 10040] close(3) = 0 [pid 10040] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10040] write(1, "executing program\n", 18) = 18 [pid 10040] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10040] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10040] memfd_create("syzkaller", 0) = 3 [pid 10040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10040] munmap(0x7ff698483000, 138412032) = 0 [pid 10040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 570.238488][T10038] loop0: detected capacity change from 0 to 512 [ 570.245749][T10038] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 570.256921][T10038] EXT4-fs (loop0): 1 truncate cleaned up [ 570.263560][T10038] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10040] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10040] close(3) = 0 [pid 10040] close(4) = 0 [pid 10040] mkdir("./file0", 0777) = 0 [pid 10040] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10040] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10040] chdir("./file0") = 0 [pid 10040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10040] ioctl(4, LOOP_CLR_FD) = 0 [pid 10040] close(4) = 0 [pid 10040] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10040] truncate("./file2", 0) = 0 [pid 10040] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10040] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10040] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10040, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4566", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4566", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4566/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4566/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4566/binderfs") = 0 umount2("./4566/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4566/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4566/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4566/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4566/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4566/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4566") = 0 mkdir("./4567", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10042 ./strace-static-x86_64: Process 10042 attached [pid 10042] set_robust_list(0x55558abad660, 24) = 0 [pid 10042] chdir("./4567") = 0 [pid 10042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10042] setpgid(0, 0) = 0 [pid 10042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10042] write(3, "1000", 4) = 4 [pid 10042] close(3) = 0 [pid 10042] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10042] write(1, "executing program\n", 18) = 18 [pid 10042] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10042] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10042] memfd_create("syzkaller", 0) = 3 [pid 10042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10042] munmap(0x7ff698483000, 138412032) = 0 [pid 10042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 570.299835][T10040] loop0: detected capacity change from 0 to 512 [ 570.307348][T10040] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 570.318150][T10040] EXT4-fs (loop0): 1 truncate cleaned up [ 570.324816][T10040] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10042] close(3) = 0 [pid 10042] close(4) = 0 [pid 10042] mkdir("./file0", 0777) = 0 [pid 10042] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10042] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10042] chdir("./file0") = 0 [pid 10042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10042] ioctl(4, LOOP_CLR_FD) = 0 [pid 10042] close(4) = 0 [pid 10042] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10042] truncate("./file2", 0) = 0 [pid 10042] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10042] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10042] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10042, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4567", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4567", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4567/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4567/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4567/binderfs") = 0 umount2("./4567/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4567/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4567/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4567/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4567/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4567/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4567") = 0 mkdir("./4568", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10044 ./strace-static-x86_64: Process 10044 attached [pid 10044] set_robust_list(0x55558abad660, 24) = 0 [pid 10044] chdir("./4568") = 0 [pid 10044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10044] setpgid(0, 0) = 0 [pid 10044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10044] write(3, "1000", 4) = 4 [pid 10044] close(3) = 0 [pid 10044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10044] write(1, "executing program\n", 18executing program ) = 18 [pid 10044] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10044] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10044] memfd_create("syzkaller", 0) = 3 [pid 10044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10044] munmap(0x7ff698483000, 138412032) = 0 [pid 10044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 570.357935][T10042] loop0: detected capacity change from 0 to 512 [ 570.365215][T10042] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 570.375973][T10042] EXT4-fs (loop0): 1 truncate cleaned up [ 570.382953][T10042] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10044] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10044] close(3) = 0 [pid 10044] close(4) = 0 [pid 10044] mkdir("./file0", 0777) = 0 [pid 10044] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10044] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10044] chdir("./file0") = 0 [pid 10044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10044] ioctl(4, LOOP_CLR_FD) = 0 [pid 10044] close(4) = 0 [pid 10044] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10044] truncate("./file2", 0) = 0 [pid 10044] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10044] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10044] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10044, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4568", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4568", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4568/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4568/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4568/binderfs") = 0 umount2("./4568/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4568/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4568/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4568/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4568/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4568/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4568") = 0 mkdir("./4569", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10046 ./strace-static-x86_64: Process 10046 attached [pid 10046] set_robust_list(0x55558abad660, 24) = 0 [pid 10046] chdir("./4569") = 0 [pid 10046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10046] setpgid(0, 0) = 0 [pid 10046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10046] write(3, "1000", 4) = 4 [pid 10046] close(3) = 0 [pid 10046] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10046] write(1, "executing program\n", 18) = 18 [pid 10046] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10046] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10046] memfd_create("syzkaller", 0) = 3 [pid 10046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10046] munmap(0x7ff698483000, 138412032) = 0 [pid 10046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 570.419083][T10044] loop0: detected capacity change from 0 to 512 [ 570.426408][T10044] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 570.437151][T10044] EXT4-fs (loop0): 1 truncate cleaned up [ 570.443888][T10044] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10046] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10046] close(3) = 0 [pid 10046] close(4) = 0 [pid 10046] mkdir("./file0", 0777) = 0 [pid 10046] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10046] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10046] chdir("./file0") = 0 [pid 10046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10046] ioctl(4, LOOP_CLR_FD) = 0 [pid 10046] close(4) = 0 [pid 10046] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10046] truncate("./file2", 0) = 0 [pid 10046] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10046] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10046] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10046, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4569", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4569", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4569/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4569/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4569/binderfs") = 0 umount2("./4569/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4569/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4569/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4569/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4569/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4569/file0"executing program ) = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4569") = 0 mkdir("./4570", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10048 ./strace-static-x86_64: Process 10048 attached [pid 10048] set_robust_list(0x55558abad660, 24) = 0 [pid 10048] chdir("./4570") = 0 [pid 10048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10048] setpgid(0, 0) = 0 [pid 10048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10048] write(3, "1000", 4) = 4 [pid 10048] close(3) = 0 [pid 10048] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10048] write(1, "executing program\n", 18) = 18 [pid 10048] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10048] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10048] memfd_create("syzkaller", 0) = 3 [pid 10048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10048] munmap(0x7ff698483000, 138412032) = 0 [pid 10048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 570.480480][T10046] loop0: detected capacity change from 0 to 512 [ 570.487832][T10046] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 570.498579][T10046] EXT4-fs (loop0): 1 truncate cleaned up [ 570.505166][T10046] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10048] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10048] close(3) = 0 [pid 10048] close(4) = 0 [pid 10048] mkdir("./file0", 0777) = 0 [pid 10048] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10048] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10048] chdir("./file0") = 0 [pid 10048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10048] ioctl(4, LOOP_CLR_FD) = 0 [pid 10048] close(4) = 0 [pid 10048] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10048] truncate("./file2", 0) = 0 [pid 10048] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10048] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10048] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10048, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4570", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4570", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4570/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4570/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4570/binderfs") = 0 umount2("./4570/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4570/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4570/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4570/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4570/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4570/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4570") = 0 mkdir("./4571", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10050 ./strace-static-x86_64: Process 10050 attached [pid 10050] set_robust_list(0x55558abad660, 24) = 0 [pid 10050] chdir("./4571") = 0 [pid 10050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10050] setpgid(0, 0) = 0 [pid 10050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10050] write(3, "1000", 4) = 4 [pid 10050] close(3) = 0 [pid 10050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10050] write(1, "executing program\n", 18executing program ) = 18 [pid 10050] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10050] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10050] memfd_create("syzkaller", 0) = 3 [pid 10050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10050] munmap(0x7ff698483000, 138412032) = 0 [pid 10050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 570.541168][T10048] loop0: detected capacity change from 0 to 512 [ 570.548592][T10048] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 570.559312][T10048] EXT4-fs (loop0): 1 truncate cleaned up [ 570.566172][T10048] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10050] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10050] close(3) = 0 [pid 10050] close(4) = 0 [pid 10050] mkdir("./file0", 0777) = 0 [pid 10050] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10050] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10050] chdir("./file0") = 0 [pid 10050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10050] ioctl(4, LOOP_CLR_FD) = 0 [pid 10050] close(4) = 0 [pid 10050] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10050] truncate("./file2", 0) = 0 [pid 10050] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10050] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10050] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10050, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4571", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4571", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4571/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4571/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4571/binderfs") = 0 umount2("./4571/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4571/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4571/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4571/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4571/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4571/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4571") = 0 mkdir("./4572", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10052 ./strace-static-x86_64: Process 10052 attached [pid 10052] set_robust_list(0x55558abad660, 24) = 0 [pid 10052] chdir("./4572") = 0 [pid 10052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10052] setpgid(0, 0) = 0 [pid 10052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10052] write(3, "1000", 4) = 4 [pid 10052] close(3) = 0 [pid 10052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10052] write(1, "executing program\n", 18executing program ) = 18 [pid 10052] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10052] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10052] memfd_create("syzkaller", 0) = 3 [pid 10052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10052] munmap(0x7ff698483000, 138412032) = 0 [pid 10052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 570.602645][T10050] loop0: detected capacity change from 0 to 512 [ 570.610052][T10050] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 570.620777][T10050] EXT4-fs (loop0): 1 truncate cleaned up [ 570.627709][T10050] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10052] close(3) = 0 [pid 10052] close(4) = 0 [pid 10052] mkdir("./file0", 0777) = 0 [pid 10052] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10052] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10052] chdir("./file0") = 0 [pid 10052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10052] ioctl(4, LOOP_CLR_FD) = 0 [pid 10052] close(4) = 0 [pid 10052] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10052] truncate("./file2", 0) = 0 [pid 10052] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10052] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10052] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10052, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4572", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4572", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4572/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4572/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4572/binderfs") = 0 umount2("./4572/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4572/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4572/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4572/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4572/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4572/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4572") = 0 mkdir("./4573", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10054 ./strace-static-x86_64: Process 10054 attached [pid 10054] set_robust_list(0x55558abad660, 24) = 0 [pid 10054] chdir("./4573") = 0 [pid 10054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10054] setpgid(0, 0) = 0 [pid 10054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10054] write(3, "1000", 4) = 4 [pid 10054] close(3) = 0 [pid 10054] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10054] write(1, "executing program\n", 18) = 18 [pid 10054] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10054] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10054] memfd_create("syzkaller", 0) = 3 [pid 10054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10054] munmap(0x7ff698483000, 138412032) = 0 [pid 10054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 570.668645][T10052] loop0: detected capacity change from 0 to 512 [ 570.676513][T10052] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 570.687251][T10052] EXT4-fs (loop0): 1 truncate cleaned up [ 570.694378][T10052] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10054] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10054] close(3) = 0 [pid 10054] close(4) = 0 [pid 10054] mkdir("./file0", 0777) = 0 [pid 10054] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10054] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10054] chdir("./file0") = 0 [pid 10054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10054] ioctl(4, LOOP_CLR_FD) = 0 [pid 10054] close(4) = 0 [pid 10054] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10054] truncate("./file2", 0) = 0 [pid 10054] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10054] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10054] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10054, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4573", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4573", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4573/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4573/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4573/binderfs") = 0 umount2("./4573/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4573/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4573/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4573/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4573/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4573/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4573") = 0 mkdir("./4574", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10056 ./strace-static-x86_64: Process 10056 attached [pid 10056] set_robust_list(0x55558abad660, 24) = 0 [pid 10056] chdir("./4574") = 0 [pid 10056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10056] setpgid(0, 0) = 0 [pid 10056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10056] write(3, "1000", 4) = 4 [pid 10056] close(3) = 0 [pid 10056] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10056] write(1, "executing program\n", 18) = 18 [pid 10056] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10056] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10056] memfd_create("syzkaller", 0) = 3 [pid 10056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10056] munmap(0x7ff698483000, 138412032) = 0 [pid 10056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 570.730604][T10054] loop0: detected capacity change from 0 to 512 [ 570.737878][T10054] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 570.748609][T10054] EXT4-fs (loop0): 1 truncate cleaned up [ 570.755903][T10054] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10056] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10056] close(3) = 0 [pid 10056] close(4) = 0 [pid 10056] mkdir("./file0", 0777) = 0 [pid 10056] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10056] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10056] chdir("./file0") = 0 [pid 10056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10056] ioctl(4, LOOP_CLR_FD) = 0 [pid 10056] close(4) = 0 [pid 10056] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10056] truncate("./file2", 0) = 0 [pid 10056] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10056] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10056] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10056, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4574", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4574", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4574/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4574/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4574/binderfs") = 0 umount2("./4574/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4574/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4574/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4574/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4574/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4574/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4574") = 0 mkdir("./4575", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10058 ./strace-static-x86_64: Process 10058 attached [pid 10058] set_robust_list(0x55558abad660, 24) = 0 [pid 10058] chdir("./4575") = 0 [pid 10058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10058] setpgid(0, 0) = 0 [pid 10058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10058] write(3, "1000", 4) = 4 [pid 10058] close(3) = 0 [pid 10058] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10058] write(1, "executing program\n", 18) = 18 [pid 10058] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10058] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10058] memfd_create("syzkaller", 0) = 3 [pid 10058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10058] munmap(0x7ff698483000, 138412032) = 0 [pid 10058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 570.796307][T10056] loop0: detected capacity change from 0 to 512 [ 570.804019][T10056] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 570.814645][T10056] EXT4-fs (loop0): 1 truncate cleaned up [ 570.821952][T10056] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10058] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10058] close(3) = 0 [pid 10058] close(4) = 0 [pid 10058] mkdir("./file0", 0777) = 0 [pid 10058] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10058] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10058] chdir("./file0") = 0 [pid 10058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10058] ioctl(4, LOOP_CLR_FD) = 0 [pid 10058] close(4) = 0 [pid 10058] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10058] truncate("./file2", 0) = 0 [pid 10058] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10058] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10058] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10058, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4575", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4575", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4575/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4575/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4575/binderfs") = 0 umount2("./4575/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4575/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4575/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4575/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4575/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4575/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4575") = 0 mkdir("./4576", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10060 executing program ./strace-static-x86_64: Process 10060 attached [pid 10060] set_robust_list(0x55558abad660, 24) = 0 [pid 10060] chdir("./4576") = 0 [pid 10060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10060] setpgid(0, 0) = 0 [pid 10060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10060] write(3, "1000", 4) = 4 [pid 10060] close(3) = 0 [pid 10060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10060] write(1, "executing program\n", 18) = 18 [pid 10060] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10060] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10060] memfd_create("syzkaller", 0) = 3 [pid 10060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10060] munmap(0x7ff698483000, 138412032) = 0 [pid 10060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 570.852195][T10058] loop0: detected capacity change from 0 to 512 [ 570.859550][T10058] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 570.870295][T10058] EXT4-fs (loop0): 1 truncate cleaned up [ 570.878337][T10058] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10060] close(3) = 0 [pid 10060] close(4) = 0 [pid 10060] mkdir("./file0", 0777) = 0 [pid 10060] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10060] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10060] chdir("./file0") = 0 [pid 10060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10060] ioctl(4, LOOP_CLR_FD) = 0 [pid 10060] close(4) = 0 [pid 10060] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10060] truncate("./file2", 0) = 0 [pid 10060] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10060] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10060] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10060, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4576", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4576", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4576/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4576/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4576/binderfs") = 0 umount2("./4576/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4576/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4576/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4576/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4576/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4576/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4576") = 0 mkdir("./4577", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10062 ./strace-static-x86_64: Process 10062 attached [pid 10062] set_robust_list(0x55558abad660, 24) = 0 [pid 10062] chdir("./4577") = 0 [pid 10062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10062] setpgid(0, 0) = 0 [pid 10062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10062] write(3, "1000", 4) = 4 [pid 10062] close(3) = 0 [pid 10062] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10062] write(1, "executing program\n", 18) = 18 [pid 10062] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10062] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10062] memfd_create("syzkaller", 0) = 3 [pid 10062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10062] munmap(0x7ff698483000, 138412032) = 0 [pid 10062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 570.916979][T10060] loop0: detected capacity change from 0 to 512 [ 570.924261][T10060] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 570.934918][T10060] EXT4-fs (loop0): 1 truncate cleaned up [ 570.942138][T10060] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10062] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10062] close(3) = 0 [pid 10062] close(4) = 0 [pid 10062] mkdir("./file0", 0777) = 0 [pid 10062] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10062] chdir("./file0") = 0 [pid 10062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10062] ioctl(4, LOOP_CLR_FD) = 0 [pid 10062] close(4) = 0 [pid 10062] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10062] truncate("./file2", 0) = 0 [pid 10062] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10062] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10062] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10062, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4577", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4577", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4577/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4577/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4577/binderfs") = 0 umount2("./4577/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4577/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4577/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4577/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4577/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4577/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4577") = 0 mkdir("./4578", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10064 ./strace-static-x86_64: Process 10064 attached [pid 10064] set_robust_list(0x55558abad660, 24) = 0 [pid 10064] chdir("./4578") = 0 [pid 10064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10064] setpgid(0, 0) = 0 [pid 10064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10064] write(3, "1000", 4) = 4 [pid 10064] close(3) = 0 [pid 10064] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10064] write(1, "executing program\n", 18) = 18 [pid 10064] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10064] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10064] memfd_create("syzkaller", 0) = 3 [pid 10064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10064] munmap(0x7ff698483000, 138412032) = 0 [pid 10064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 570.984305][T10062] loop0: detected capacity change from 0 to 512 [ 570.992174][T10062] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 571.002767][T10062] EXT4-fs (loop0): 1 truncate cleaned up [ 571.010553][T10062] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10064] close(3) = 0 [pid 10064] close(4) = 0 [pid 10064] mkdir("./file0", 0777) = 0 [pid 10064] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10064] chdir("./file0") = 0 [pid 10064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10064] ioctl(4, LOOP_CLR_FD) = 0 [pid 10064] close(4) = 0 [pid 10064] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10064] truncate("./file2", 0) = 0 [pid 10064] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10064] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10064] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10064, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4578", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4578", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4578/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4578/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4578/binderfs") = 0 umount2("./4578/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4578/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4578/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4578/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4578/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4578/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4578") = 0 mkdir("./4579", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10066 ./strace-static-x86_64: Process 10066 attached [pid 10066] set_robust_list(0x55558abad660, 24) = 0 [pid 10066] chdir("./4579") = 0 [pid 10066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10066] setpgid(0, 0) = 0 [pid 10066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10066] write(3, "1000", 4) = 4 [pid 10066] close(3) = 0 [pid 10066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10066] write(1, "executing program\n", 18) = 18 [pid 10066] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10066] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10066] memfd_create("syzkaller", 0) = 3 [pid 10066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10066] munmap(0x7ff698483000, 138412032) = 0 [pid 10066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 571.050614][T10064] loop0: detected capacity change from 0 to 512 [ 571.058351][T10064] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 571.069211][T10064] EXT4-fs (loop0): 1 truncate cleaned up [ 571.076231][T10064] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10066] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10066] close(3) = 0 [pid 10066] close(4) = 0 [pid 10066] mkdir("./file0", 0777) = 0 [pid 10066] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10066] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10066] chdir("./file0") = 0 [pid 10066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10066] ioctl(4, LOOP_CLR_FD) = 0 [pid 10066] close(4) = 0 [pid 10066] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10066] truncate("./file2", 0) = 0 [pid 10066] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10066] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10066] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10066, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4579", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4579", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4579/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4579/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4579/binderfs") = 0 umount2("./4579/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4579/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4579/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4579/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4579/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4579/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4579") = 0 mkdir("./4580", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10068 ./strace-static-x86_64: Process 10068 attached [pid 10068] set_robust_list(0x55558abad660, 24) = 0 [pid 10068] chdir("./4580") = 0 [pid 10068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10068] setpgid(0, 0) = 0 [pid 10068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10068] write(3, "1000", 4) = 4 [pid 10068] close(3) = 0 [pid 10068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10068] write(1, "executing program\n", 18) = 18 [pid 10068] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10068] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10068] memfd_create("syzkaller", 0) = 3 [pid 10068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10068] munmap(0x7ff698483000, 138412032) = 0 [pid 10068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 571.115001][T10066] loop0: detected capacity change from 0 to 512 [ 571.122349][T10066] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 571.132913][T10066] EXT4-fs (loop0): 1 truncate cleaned up [ 571.139701][T10066] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10068] close(3) = 0 [pid 10068] close(4) = 0 [pid 10068] mkdir("./file0", 0777) = 0 [pid 10068] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10068] chdir("./file0") = 0 [pid 10068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10068] ioctl(4, LOOP_CLR_FD) = 0 [pid 10068] close(4) = 0 [pid 10068] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10068] truncate("./file2", 0) = 0 [pid 10068] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10068] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10068, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4580", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4580", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4580/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4580/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4580/binderfs") = 0 umount2("./4580/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4580/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4580/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4580/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4580/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4580/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4580") = 0 mkdir("./4581", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10071 ./strace-static-x86_64: Process 10071 attached [pid 10071] set_robust_list(0x55558abad660, 24) = 0 [pid 10071] chdir("./4581") = 0 [pid 10071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10071] setpgid(0, 0) = 0 [pid 10071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10071] write(3, "1000", 4) = 4 [pid 10071] close(3) = 0 [pid 10071] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10071] write(1, "executing program\n", 18) = 18 [pid 10071] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10071] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10071] memfd_create("syzkaller", 0) = 3 [pid 10071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10071] munmap(0x7ff698483000, 138412032) = 0 [pid 10071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 571.177310][T10068] loop0: detected capacity change from 0 to 512 [ 571.185056][T10068] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 571.195778][T10068] EXT4-fs (loop0): 1 truncate cleaned up [ 571.202762][T10068] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10071] close(3) = 0 [pid 10071] close(4) = 0 [pid 10071] mkdir("./file0", 0777) = 0 [pid 10071] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10071] chdir("./file0") = 0 [pid 10071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10071] ioctl(4, LOOP_CLR_FD) = 0 [pid 10071] close(4) = 0 [pid 10071] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10071] truncate("./file2", 0) = 0 [pid 10071] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10071] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10071] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10071, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4581", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4581", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4581/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4581/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4581/binderfs") = 0 umount2("./4581/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4581/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4581/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4581/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4581/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4581/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4581") = 0 mkdir("./4582", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10073 ./strace-static-x86_64: Process 10073 attached [pid 10073] set_robust_list(0x55558abad660, 24) = 0 [pid 10073] chdir("./4582") = 0 [pid 10073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10073] setpgid(0, 0) = 0 [pid 10073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10073] write(3, "1000", 4) = 4 [pid 10073] close(3) = 0 [pid 10073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10073] write(1, "executing program\n", 18executing program ) = 18 [pid 10073] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10073] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10073] memfd_create("syzkaller", 0) = 3 [pid 10073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10073] munmap(0x7ff698483000, 138412032) = 0 [pid 10073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 571.233179][T10071] loop0: detected capacity change from 0 to 512 [ 571.241244][T10071] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 571.252358][T10071] EXT4-fs (loop0): 1 truncate cleaned up [ 571.259762][T10071] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10073] close(3) = 0 [pid 10073] close(4) = 0 [pid 10073] mkdir("./file0", 0777) = 0 [pid 10073] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10073] chdir("./file0") = 0 [pid 10073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10073] ioctl(4, LOOP_CLR_FD) = 0 [pid 10073] close(4) = 0 [pid 10073] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10073] truncate("./file2", 0) = 0 [pid 10073] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10073] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10073] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10073, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4582", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4582", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4582/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4582/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4582/binderfs") = 0 umount2("./4582/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4582/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4582/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4582/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4582/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4582/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4582") = 0 mkdir("./4583", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10075 ./strace-static-x86_64: Process 10075 attached [pid 10075] set_robust_list(0x55558abad660, 24) = 0 [pid 10075] chdir("./4583") = 0 [pid 10075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10075] setpgid(0, 0) = 0 [pid 10075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10075] write(3, "1000", 4) = 4 [pid 10075] close(3) = 0 [pid 10075] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10075] write(1, "executing program\n", 18) = 18 [pid 10075] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10075] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10075] memfd_create("syzkaller", 0) = 3 [pid 10075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10075] munmap(0x7ff698483000, 138412032) = 0 [pid 10075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 571.298867][T10073] loop0: detected capacity change from 0 to 512 [ 571.306799][T10073] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 571.317467][T10073] EXT4-fs (loop0): 1 truncate cleaned up [ 571.324223][T10073] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10075] close(3) = 0 [pid 10075] close(4) = 0 [pid 10075] mkdir("./file0", 0777) = 0 [pid 10075] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10075] chdir("./file0") = 0 [pid 10075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10075] ioctl(4, LOOP_CLR_FD) = 0 [pid 10075] close(4) = 0 [pid 10075] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10075] truncate("./file2", 0) = 0 [pid 10075] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10075] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10075] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10075, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4583", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4583", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4583/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4583/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4583/binderfs") = 0 umount2("./4583/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4583/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4583/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4583/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4583/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4583/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4583") = 0 mkdir("./4584", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10077 ./strace-static-x86_64: Process 10077 attached [pid 10077] set_robust_list(0x55558abad660, 24) = 0 [pid 10077] chdir("./4584") = 0 [pid 10077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10077] setpgid(0, 0) = 0 [pid 10077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10077] write(3, "1000", 4) = 4 [pid 10077] close(3) = 0 [pid 10077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10077] write(1, "executing program\n", 18executing program ) = 18 [pid 10077] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10077] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10077] memfd_create("syzkaller", 0) = 3 [pid 10077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10077] munmap(0x7ff698483000, 138412032) = 0 [pid 10077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 571.356988][T10075] loop0: detected capacity change from 0 to 512 [ 571.364728][T10075] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 571.375649][T10075] EXT4-fs (loop0): 1 truncate cleaned up [ 571.383889][T10075] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10077] close(3) = 0 [pid 10077] close(4) = 0 [pid 10077] mkdir("./file0", 0777) = 0 [pid 10077] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10077] chdir("./file0") = 0 [pid 10077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10077] ioctl(4, LOOP_CLR_FD) = 0 [pid 10077] close(4) = 0 [pid 10077] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10077] truncate("./file2", 0) = 0 [pid 10077] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10077] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10077] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10077, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4584", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4584", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4584/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4584/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4584/binderfs") = 0 umount2("./4584/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4584/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4584/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4584/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4584/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4584/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4584") = 0 mkdir("./4585", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10079 ./strace-static-x86_64: Process 10079 attached [pid 10079] set_robust_list(0x55558abad660, 24) = 0 [pid 10079] chdir("./4585") = 0 [pid 10079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10079] setpgid(0, 0) = 0 [pid 10079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10079] write(3, "1000", 4) = 4 [pid 10079] close(3) = 0 [pid 10079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10079] write(1, "executing program\n", 18executing program ) = 18 [pid 10079] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10079] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10079] memfd_create("syzkaller", 0) = 3 [pid 10079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10079] munmap(0x7ff698483000, 138412032) = 0 [pid 10079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 571.426826][T10077] loop0: detected capacity change from 0 to 512 [ 571.434330][T10077] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 571.446012][T10077] EXT4-fs (loop0): 1 truncate cleaned up [ 571.453040][T10077] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10079] close(3) = 0 [pid 10079] close(4) = 0 [pid 10079] mkdir("./file0", 0777) = 0 [pid 10079] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10079] chdir("./file0") = 0 [pid 10079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10079] ioctl(4, LOOP_CLR_FD) = 0 [pid 10079] close(4) = 0 [pid 10079] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10079] truncate("./file2", 0) = 0 [pid 10079] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10079] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10079] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10079, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4585", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4585", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4585/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4585/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4585/binderfs") = 0 umount2("./4585/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4585/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4585/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4585/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4585/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4585/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4585") = 0 mkdir("./4586", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10081 ./strace-static-x86_64: Process 10081 attached [pid 10081] set_robust_list(0x55558abad660, 24) = 0 [pid 10081] chdir("./4586") = 0 [pid 10081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10081] setpgid(0, 0) = 0 [pid 10081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 10081] write(3, "1000", 4) = 4 [pid 10081] close(3) = 0 [pid 10081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10081] write(1, "executing program\n", 18) = 18 [pid 10081] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10081] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10081] memfd_create("syzkaller", 0) = 3 [pid 10081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10081] munmap(0x7ff698483000, 138412032) = 0 [pid 10081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10081] close(3) = 0 [pid 10081] close(4) = 0 [pid 10081] mkdir("./file0", 0777) = 0 [ 571.488592][T10079] loop0: detected capacity change from 0 to 512 [ 571.495908][T10079] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 571.506769][T10079] EXT4-fs (loop0): 1 truncate cleaned up [ 571.513736][T10079] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10081] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10081] chdir("./file0") = 0 [pid 10081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10081] ioctl(4, LOOP_CLR_FD) = 0 [pid 10081] close(4) = 0 [pid 10081] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10081] truncate("./file2", 0) = 0 [pid 10081] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10081] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10081] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10081, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4586", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4586", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4586/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4586/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4586/binderfs") = 0 umount2("./4586/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4586/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4586/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4586/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4586/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4586/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4586") = 0 mkdir("./4587", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10083 ./strace-static-x86_64: Process 10083 attached [pid 10083] set_robust_list(0x55558abad660, 24) = 0 [pid 10083] chdir("./4587") = 0 [pid 10083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10083] setpgid(0, 0) = 0 [pid 10083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10083] write(3, "1000", 4) = 4 [pid 10083] close(3) = 0 [pid 10083] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10083] write(1, "executing program\n", 18) = 18 [pid 10083] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10083] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10083] memfd_create("syzkaller", 0) = 3 [pid 10083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10083] munmap(0x7ff698483000, 138412032) = 0 [pid 10083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 571.549874][T10081] loop0: detected capacity change from 0 to 512 [ 571.557450][T10081] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 571.568424][T10081] EXT4-fs (loop0): 1 truncate cleaned up [ 571.575588][T10081] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10083] close(3) = 0 [pid 10083] close(4) = 0 [pid 10083] mkdir("./file0", 0777) = 0 [pid 10083] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10083] chdir("./file0") = 0 [pid 10083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10083] ioctl(4, LOOP_CLR_FD) = 0 [pid 10083] close(4) = 0 [pid 10083] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10083] truncate("./file2", 0) = 0 [pid 10083] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10083] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10083] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10083, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4587", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4587", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4587/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4587/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4587/binderfs") = 0 umount2("./4587/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4587/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4587/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4587/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4587/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4587/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4587") = 0 mkdir("./4588", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10085 ./strace-static-x86_64: Process 10085 attached [pid 10085] set_robust_list(0x55558abad660, 24) = 0 [pid 10085] chdir("./4588") = 0 [pid 10085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10085] setpgid(0, 0) = 0 [pid 10085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10085] write(3, "1000", 4) = 4 [pid 10085] close(3) = 0 [pid 10085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10085] write(1, "executing program\n", 18executing program ) = 18 [pid 10085] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10085] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10085] memfd_create("syzkaller", 0) = 3 [pid 10085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10085] munmap(0x7ff698483000, 138412032) = 0 [pid 10085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 571.611451][T10083] loop0: detected capacity change from 0 to 512 [ 571.618900][T10083] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 571.629621][T10083] EXT4-fs (loop0): 1 truncate cleaned up [ 571.636645][T10083] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10085] close(3) = 0 [pid 10085] close(4) = 0 [pid 10085] mkdir("./file0", 0777) = 0 [pid 10085] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10085] chdir("./file0") = 0 [pid 10085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10085] ioctl(4, LOOP_CLR_FD) = 0 [pid 10085] close(4) = 0 [pid 10085] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10085] truncate("./file2", 0) = 0 [pid 10085] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10085] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10085] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10085, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4588", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4588", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4588/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4588/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4588/binderfs") = 0 umount2("./4588/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4588/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4588/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4588/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4588/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4588/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4588") = 0 mkdir("./4589", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10087 ./strace-static-x86_64: Process 10087 attached [pid 10087] set_robust_list(0x55558abad660, 24) = 0 [pid 10087] chdir("./4589") = 0 [pid 10087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10087] setpgid(0, 0) = 0 [pid 10087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10087] write(3, "1000", 4) = 4 [pid 10087] close(3) = 0 [pid 10087] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10087] write(1, "executing program\n", 18) = 18 [pid 10087] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10087] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10087] memfd_create("syzkaller", 0) = 3 [pid 10087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10087] munmap(0x7ff698483000, 138412032) = 0 [pid 10087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 571.671145][T10085] loop0: detected capacity change from 0 to 512 [ 571.678862][T10085] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 571.689799][T10085] EXT4-fs (loop0): 1 truncate cleaned up [ 571.697488][T10085] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10087] close(3) = 0 [pid 10087] close(4) = 0 [pid 10087] mkdir("./file0", 0777) = 0 [pid 10087] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10087] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10087] chdir("./file0") = 0 [pid 10087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10087] ioctl(4, LOOP_CLR_FD) = 0 [pid 10087] close(4) = 0 [pid 10087] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10087] truncate("./file2", 0) = 0 [pid 10087] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10087] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10087] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10087, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4589", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4589", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4589/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4589/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4589/binderfs") = 0 umount2("./4589/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4589/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4589/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4589/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4589/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4589/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4589") = 0 mkdir("./4590", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10089 ./strace-static-x86_64: Process 10089 attached [pid 10089] set_robust_list(0x55558abad660, 24) = 0 [pid 10089] chdir("./4590") = 0 [pid 10089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10089] setpgid(0, 0) = 0 [pid 10089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10089] write(3, "1000", 4) = 4 [pid 10089] close(3) = 0 [pid 10089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10089] write(1, "executing program\n", 18executing program ) = 18 [pid 10089] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10089] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10089] memfd_create("syzkaller", 0) = 3 [pid 10089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10089] munmap(0x7ff698483000, 138412032) = 0 [pid 10089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 571.736842][T10087] loop0: detected capacity change from 0 to 512 [ 571.743986][T10087] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 571.754828][T10087] EXT4-fs (loop0): 1 truncate cleaned up [ 571.762138][T10087] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10089] close(3) = 0 [pid 10089] close(4) = 0 [pid 10089] mkdir("./file0", 0777) = 0 [pid 10089] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10089] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10089] chdir("./file0") = 0 [pid 10089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10089] ioctl(4, LOOP_CLR_FD) = 0 [pid 10089] close(4) = 0 [pid 10089] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10089] truncate("./file2", 0) = 0 [pid 10089] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10089] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10089] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10089, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4590", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4590", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4590/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4590/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4590/binderfs") = 0 umount2("./4590/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4590/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4590/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4590/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4590/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4590/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4590") = 0 mkdir("./4591", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10091 ./strace-static-x86_64: Process 10091 attached [pid 10091] set_robust_list(0x55558abad660, 24) = 0 [pid 10091] chdir("./4591") = 0 [pid 10091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10091] setpgid(0, 0) = 0 [pid 10091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10091] write(3, "1000", 4) = 4 [pid 10091] close(3) = 0 [pid 10091] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10091] write(1, "executing program\n", 18) = 18 [pid 10091] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10091] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10091] memfd_create("syzkaller", 0) = 3 [pid 10091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10091] munmap(0x7ff698483000, 138412032) = 0 [pid 10091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 571.790180][T10089] loop0: detected capacity change from 0 to 512 [ 571.797719][T10089] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 571.808441][T10089] EXT4-fs (loop0): 1 truncate cleaned up [ 571.815198][T10089] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10091] close(3) = 0 [pid 10091] close(4) = 0 [pid 10091] mkdir("./file0", 0777) = 0 [pid 10091] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10091] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10091] chdir("./file0") = 0 [pid 10091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10091] ioctl(4, LOOP_CLR_FD) = 0 [pid 10091] close(4) = 0 [pid 10091] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10091] truncate("./file2", 0) = 0 [pid 10091] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10091] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10091] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10091, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4591", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4591", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4591/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4591/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4591/binderfs") = 0 umount2("./4591/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4591/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4591/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4591/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4591/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4591/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4591") = 0 mkdir("./4592", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10093 ./strace-static-x86_64: Process 10093 attached [pid 10093] set_robust_list(0x55558abad660, 24) = 0 [pid 10093] chdir("./4592") = 0 [pid 10093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10093] setpgid(0, 0) = 0 [pid 10093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10093] write(3, "1000", 4) = 4 [pid 10093] close(3) = 0 [pid 10093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10093] write(1, "executing program\n", 18) = 18 [pid 10093] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10093] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10093] memfd_create("syzkaller", 0) = 3 [pid 10093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10093] munmap(0x7ff698483000, 138412032) = 0 [pid 10093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 571.853991][T10091] loop0: detected capacity change from 0 to 512 [ 571.862011][T10091] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 571.872575][T10091] EXT4-fs (loop0): 1 truncate cleaned up [ 571.879845][T10091] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10093] close(3) = 0 [pid 10093] close(4) = 0 [pid 10093] mkdir("./file0", 0777) = 0 [pid 10093] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10093] chdir("./file0") = 0 [pid 10093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10093] ioctl(4, LOOP_CLR_FD) = 0 [pid 10093] close(4) = 0 [pid 10093] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10093] truncate("./file2", 0) = 0 [pid 10093] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10093] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10093] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10093, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4592", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4592", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4592/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4592/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4592/binderfs") = 0 umount2("./4592/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4592/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4592/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4592/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4592/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4592/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4592") = 0 mkdir("./4593", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10095 ./strace-static-x86_64: Process 10095 attached [pid 10095] set_robust_list(0x55558abad660, 24) = 0 [pid 10095] chdir("./4593") = 0 [pid 10095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10095] setpgid(0, 0) = 0 [pid 10095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10095] write(3, "1000", 4) = 4 [pid 10095] close(3) = 0 [pid 10095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10095] write(1, "executing program\n", 18executing program ) = 18 [pid 10095] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10095] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10095] memfd_create("syzkaller", 0) = 3 [pid 10095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10095] munmap(0x7ff698483000, 138412032) = 0 [pid 10095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 571.916297][T10093] loop0: detected capacity change from 0 to 512 [ 571.923645][T10093] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 571.934282][T10093] EXT4-fs (loop0): 1 truncate cleaned up [ 571.941288][T10093] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10095] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10095] close(3) = 0 [pid 10095] close(4) = 0 [pid 10095] mkdir("./file0", 0777) = 0 [pid 10095] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10095] chdir("./file0") = 0 [pid 10095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10095] ioctl(4, LOOP_CLR_FD) = 0 [pid 10095] close(4) = 0 [pid 10095] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10095] truncate("./file2", 0) = 0 [pid 10095] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10095] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10095] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10095, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4593", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4593", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4593/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4593/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4593/binderfs") = 0 umount2("./4593/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4593/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4593/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4593/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4593/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4593/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4593") = 0 mkdir("./4594", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10097 ./strace-static-x86_64: Process 10097 attached [pid 10097] set_robust_list(0x55558abad660, 24) = 0 [pid 10097] chdir("./4594") = 0 [pid 10097] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 10097] setpgid(0, 0) = 0 [pid 10097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10097] write(3, "1000", 4) = 4 [pid 10097] close(3) = 0 [pid 10097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10097] write(1, "executing program\n", 18) = 18 [pid 10097] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10097] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10097] memfd_create("syzkaller", 0) = 3 [pid 10097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10097] munmap(0x7ff698483000, 138412032) = 0 [pid 10097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 571.972591][T10095] loop0: detected capacity change from 0 to 512 [ 571.980258][T10095] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 571.990894][T10095] EXT4-fs (loop0): 1 truncate cleaned up [ 571.998385][T10095] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10097] close(3) = 0 [pid 10097] close(4) = 0 [pid 10097] mkdir("./file0", 0777) = 0 [pid 10097] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10097] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10097] chdir("./file0") = 0 [pid 10097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10097] ioctl(4, LOOP_CLR_FD) = 0 [pid 10097] close(4) = 0 [pid 10097] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10097] truncate("./file2", 0) = 0 [pid 10097] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10097] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10097] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10097, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4594", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4594", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4594/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4594/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4594/binderfs") = 0 umount2("./4594/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4594/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4594/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4594/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4594/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4594/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4594") = 0 mkdir("./4595", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10099 ./strace-static-x86_64: Process 10099 attached [pid 10099] set_robust_list(0x55558abad660, 24) = 0 [pid 10099] chdir("./4595") = 0 [pid 10099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10099] setpgid(0, 0) = 0 [pid 10099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 10099] write(3, "1000", 4) = 4 [pid 10099] close(3) = 0 [pid 10099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10099] write(1, "executing program\n", 18) = 18 [pid 10099] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10099] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10099] memfd_create("syzkaller", 0) = 3 [pid 10099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10099] munmap(0x7ff698483000, 138412032) = 0 [pid 10099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 572.032756][T10097] loop0: detected capacity change from 0 to 512 [ 572.040186][T10097] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 572.050757][T10097] EXT4-fs (loop0): 1 truncate cleaned up [ 572.057947][T10097] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10099] close(3) = 0 [pid 10099] close(4) = 0 [pid 10099] mkdir("./file0", 0777) = 0 [pid 10099] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10099] chdir("./file0") = 0 [pid 10099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10099] ioctl(4, LOOP_CLR_FD) = 0 [pid 10099] close(4) = 0 [pid 10099] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10099] truncate("./file2", 0) = 0 [pid 10099] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10099] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10099] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10099, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4595", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4595", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4595/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4595/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4595/binderfs") = 0 umount2("./4595/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4595/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4595/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4595/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4595/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4595/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4595") = 0 mkdir("./4596", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10101 ./strace-static-x86_64: Process 10101 attached [pid 10101] set_robust_list(0x55558abad660, 24) = 0 [pid 10101] chdir("./4596") = 0 [pid 10101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10101] setpgid(0, 0) = 0 [pid 10101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10101] write(3, "1000", 4) = 4 [pid 10101] close(3) = 0 [pid 10101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10101] write(1, "executing program\n", 18) = 18 executing program [pid 10101] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10101] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10101] memfd_create("syzkaller", 0) = 3 [pid 10101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10101] munmap(0x7ff698483000, 138412032) = 0 [pid 10101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 572.086122][T10099] loop0: detected capacity change from 0 to 512 [ 572.093884][T10099] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 572.104437][T10099] EXT4-fs (loop0): 1 truncate cleaned up [ 572.111428][T10099] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10101] close(3) = 0 [pid 10101] close(4) = 0 [pid 10101] mkdir("./file0", 0777) = 0 [pid 10101] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10101] chdir("./file0") = 0 [pid 10101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10101] ioctl(4, LOOP_CLR_FD) = 0 [pid 10101] close(4) = 0 [pid 10101] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10101] truncate("./file2", 0) = 0 [pid 10101] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10101] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10101] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10101, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4596", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4596", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4596/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4596/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4596/binderfs") = 0 umount2("./4596/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./4596/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4596/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4596/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4596/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4596/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4596") = 0 mkdir("./4597", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10103 ./strace-static-x86_64: Process 10103 attached [pid 10103] set_robust_list(0x55558abad660, 24) = 0 [pid 10103] chdir("./4597") = 0 [pid 10103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10103] setpgid(0, 0) = 0 [pid 10103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10103] write(3, "1000", 4) = 4 [pid 10103] close(3) = 0 [pid 10103] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10103] write(1, "executing program\n", 18) = 18 [pid 10103] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10103] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10103] memfd_create("syzkaller", 0) = 3 [pid 10103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [ 572.149963][T10101] loop0: detected capacity change from 0 to 512 [ 572.157303][T10101] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 572.168013][T10101] EXT4-fs (loop0): 1 truncate cleaned up [ 572.174687][T10101] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10103] munmap(0x7ff698483000, 138412032) = 0 [pid 10103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10103] close(3) = 0 [pid 10103] close(4) = 0 [pid 10103] mkdir("./file0", 0777) = 0 [pid 10103] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10103] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10103] chdir("./file0") = 0 [pid 10103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10103] ioctl(4, LOOP_CLR_FD) = 0 [pid 10103] close(4) = 0 [pid 10103] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10103] truncate("./file2", 0) = 0 [pid 10103] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10103] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10103] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10103, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4597", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4597", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4597/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4597/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4597/binderfs") = 0 umount2("./4597/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4597/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4597/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4597/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4597/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4597/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4597") = 0 mkdir("./4598", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10106 ./strace-static-x86_64: Process 10106 attached [pid 10106] set_robust_list(0x55558abad660, 24) = 0 [pid 10106] chdir("./4598") = 0 [pid 10106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10106] setpgid(0, 0) = 0 [pid 10106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10106] write(3, "1000", 4) = 4 [pid 10106] close(3) = 0 [pid 10106] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10106] write(1, "executing program\n", 18) = 18 [pid 10106] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10106] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10106] memfd_create("syzkaller", 0) = 3 [pid 10106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10106] munmap(0x7ff698483000, 138412032) = 0 [pid 10106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 572.211067][T10103] loop0: detected capacity change from 0 to 512 [ 572.218844][T10103] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 572.229437][T10103] EXT4-fs (loop0): 1 truncate cleaned up [ 572.236324][T10103] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10106] close(3) = 0 [pid 10106] close(4) = 0 [pid 10106] mkdir("./file0", 0777) = 0 [pid 10106] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10106] chdir("./file0") = 0 [pid 10106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10106] ioctl(4, LOOP_CLR_FD) = 0 [pid 10106] close(4) = 0 [pid 10106] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10106] truncate("./file2", 0) = 0 [pid 10106] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10106] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10106] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10106, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4598", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4598", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4598/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4598/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4598/binderfs") = 0 umount2("./4598/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4598/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4598/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4598/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4598/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4598/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4598") = 0 mkdir("./4599", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10108 ./strace-static-x86_64: Process 10108 attached [pid 10108] set_robust_list(0x55558abad660, 24) = 0 [pid 10108] chdir("./4599") = 0 [pid 10108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10108] setpgid(0, 0) = 0 [pid 10108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10108] write(3, "1000", 4) = 4 [pid 10108] close(3) = 0 [pid 10108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10108] write(1, "executing program\n", 18) = 18 [pid 10108] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10108] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10108] memfd_create("syzkaller", 0) = 3 [pid 10108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10108] munmap(0x7ff698483000, 138412032) = 0 [pid 10108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 572.269209][T10106] loop0: detected capacity change from 0 to 512 [ 572.278079][T10106] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 572.289025][T10106] EXT4-fs (loop0): 1 truncate cleaned up [ 572.296664][T10106] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10108] close(3) = 0 [pid 10108] close(4) = 0 [pid 10108] mkdir("./file0", 0777) = 0 [pid 10108] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10108] chdir("./file0") = 0 [pid 10108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10108] ioctl(4, LOOP_CLR_FD) = 0 [pid 10108] close(4) = 0 [pid 10108] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10108] truncate("./file2", 0) = 0 [pid 10108] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10108] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10108] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10108, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4599", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4599", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4599/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4599/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4599/binderfs") = 0 umount2("./4599/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4599/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4599/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4599/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4599/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4599/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4599") = 0 mkdir("./4600", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10110 ./strace-static-x86_64: Process 10110 attached [pid 10110] set_robust_list(0x55558abad660, 24) = 0 [pid 10110] chdir("./4600") = 0 [pid 10110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10110] setpgid(0, 0) = 0 [pid 10110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 10110] write(3, "1000", 4) = 4 [pid 10110] close(3) = 0 [pid 10110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10110] write(1, "executing program\n", 18) = 18 [pid 10110] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10110] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10110] memfd_create("syzkaller", 0) = 3 [pid 10110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10110] munmap(0x7ff698483000, 138412032) = 0 [pid 10110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 572.325243][T10108] loop0: detected capacity change from 0 to 512 [ 572.332564][T10108] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 572.343165][T10108] EXT4-fs (loop0): 1 truncate cleaned up [ 572.350515][T10108] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10110] close(3) = 0 [pid 10110] close(4) = 0 [pid 10110] mkdir("./file0", 0777) = 0 [pid 10110] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10110] chdir("./file0") = 0 [pid 10110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10110] ioctl(4, LOOP_CLR_FD) = 0 [pid 10110] close(4) = 0 [pid 10110] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10110] truncate("./file2", 0) = 0 [pid 10110] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10110] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10110] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10110, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4600", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4600", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4600/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4600/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4600/binderfs") = 0 umount2("./4600/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4600/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4600/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4600/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4600/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4600/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4600") = 0 mkdir("./4601", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10112 ./strace-static-x86_64: Process 10112 attached [pid 10112] set_robust_list(0x55558abad660, 24) = 0 [pid 10112] chdir("./4601") = 0 [pid 10112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10112] setpgid(0, 0) = 0 [pid 10112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 10112] write(3, "1000", 4) = 4 [pid 10112] close(3) = 0 [pid 10112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10112] write(1, "executing program\n", 18) = 18 [pid 10112] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10112] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10112] memfd_create("syzkaller", 0) = 3 [pid 10112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10112] munmap(0x7ff698483000, 138412032) = 0 [pid 10112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 572.387323][T10110] loop0: detected capacity change from 0 to 512 [ 572.394736][T10110] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 572.405438][T10110] EXT4-fs (loop0): 1 truncate cleaned up [ 572.412322][T10110] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10112] close(3) = 0 [pid 10112] close(4) = 0 [pid 10112] mkdir("./file0", 0777) = 0 [pid 10112] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10112] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10112] chdir("./file0") = 0 [pid 10112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10112] ioctl(4, LOOP_CLR_FD) = 0 [pid 10112] close(4) = 0 [pid 10112] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10112] truncate("./file2", 0) = 0 [pid 10112] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10112] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10112] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10112, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4601", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4601", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4601/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4601/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4601/binderfs") = 0 umount2("./4601/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4601/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4601/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4601/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4601/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4601/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4601") = 0 mkdir("./4602", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10114 ./strace-static-x86_64: Process 10114 attached [pid 10114] set_robust_list(0x55558abad660, 24) = 0 [pid 10114] chdir("./4602") = 0 [pid 10114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10114] setpgid(0, 0) = 0 [pid 10114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10114] write(3, "1000", 4) = 4 [pid 10114] close(3) = 0 [pid 10114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10114] write(1, "executing program\n", 18) = 18 [pid 10114] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, executing program NULL) = 0 [pid 10114] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10114] memfd_create("syzkaller", 0) = 3 [pid 10114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10114] munmap(0x7ff698483000, 138412032) = 0 [pid 10114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 572.448286][T10112] loop0: detected capacity change from 0 to 512 [ 572.455595][T10112] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 572.466254][T10112] EXT4-fs (loop0): 1 truncate cleaned up [ 572.473246][T10112] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10114] close(3) = 0 [pid 10114] close(4) = 0 [pid 10114] mkdir("./file0", 0777) = 0 [pid 10114] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10114] chdir("./file0") = 0 [pid 10114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10114] ioctl(4, LOOP_CLR_FD) = 0 [pid 10114] close(4) = 0 [pid 10114] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10114] truncate("./file2", 0) = 0 [pid 10114] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10114] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10114] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10114, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4602", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4602", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4602/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4602/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4602/binderfs") = 0 umount2("./4602/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4602/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4602/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4602/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4602/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4602/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4602") = 0 mkdir("./4603", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10116 ./strace-static-x86_64: Process 10116 attached [pid 10116] set_robust_list(0x55558abad660, 24) = 0 [pid 10116] chdir("./4603") = 0 [pid 10116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10116] setpgid(0, 0) = 0 [pid 10116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10116] write(3, "1000", 4) = 4 [pid 10116] close(3) = 0 [pid 10116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10116] write(1, "executing program\n", 18) = 18 [pid 10116] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10116] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10116] memfd_create("syzkaller", 0) = 3 [pid 10116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10116] munmap(0x7ff698483000, 138412032) = 0 [pid 10116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 572.501611][T10114] loop0: detected capacity change from 0 to 512 [ 572.508927][T10114] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 572.519509][T10114] EXT4-fs (loop0): 1 truncate cleaned up [ 572.527405][T10114] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10116] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10116] close(3) = 0 [pid 10116] close(4) = 0 [pid 10116] mkdir("./file0", 0777) = 0 [pid 10116] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10116] chdir("./file0") = 0 [pid 10116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10116] ioctl(4, LOOP_CLR_FD) = 0 [pid 10116] close(4) = 0 [pid 10116] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10116] truncate("./file2", 0) = 0 [pid 10116] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10116] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10116] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10116, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4603", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4603", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4603/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4603/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4603/binderfs") = 0 umount2("./4603/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4603/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4603/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4603/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4603/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4603/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4603") = 0 mkdir("./4604", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10118 ./strace-static-x86_64: Process 10118 attached [pid 10118] set_robust_list(0x55558abad660, 24) = 0 [pid 10118] chdir("./4604") = 0 [pid 10118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10118] setpgid(0, 0) = 0 [pid 10118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10118] write(3, "1000", 4) = 4 [pid 10118] close(3) = 0 [pid 10118] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10118] write(1, "executing program\n", 18) = 18 [pid 10118] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10118] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10118] memfd_create("syzkaller", 0) = 3 [pid 10118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10118] munmap(0x7ff698483000, 138412032) = 0 [pid 10118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 572.564105][T10116] loop0: detected capacity change from 0 to 512 [ 572.571442][T10116] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 572.582186][T10116] EXT4-fs (loop0): 1 truncate cleaned up [ 572.588976][T10116] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10118] close(3) = 0 [pid 10118] close(4) = 0 [pid 10118] mkdir("./file0", 0777) = 0 [pid 10118] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10118] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10118] chdir("./file0") = 0 [pid 10118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10118] ioctl(4, LOOP_CLR_FD) = 0 [pid 10118] close(4) = 0 [pid 10118] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10118] truncate("./file2", 0) = 0 [pid 10118] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10118] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10118] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10118, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4604", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4604", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4604/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4604/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4604/binderfs") = 0 umount2("./4604/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4604/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4604/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4604/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4604/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4604/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4604") = 0 mkdir("./4605", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10120 ./strace-static-x86_64: Process 10120 attached [pid 10120] set_robust_list(0x55558abad660, 24) = 0 [pid 10120] chdir("./4605") = 0 [pid 10120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10120] setpgid(0, 0) = 0 [pid 10120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10120] write(3, "1000", 4) = 4 [pid 10120] close(3) = 0 [pid 10120] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10120] write(1, "executing program\n", 18) = 18 [pid 10120] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10120] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10120] memfd_create("syzkaller", 0) = 3 [pid 10120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10120] munmap(0x7ff698483000, 138412032) = 0 [pid 10120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 572.626111][T10118] loop0: detected capacity change from 0 to 512 [ 572.633379][T10118] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 572.644138][T10118] EXT4-fs (loop0): 1 truncate cleaned up [ 572.651284][T10118] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10120] close(3) = 0 [pid 10120] close(4) = 0 [pid 10120] mkdir("./file0", 0777) = 0 [pid 10120] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10120] chdir("./file0") = 0 [pid 10120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10120] ioctl(4, LOOP_CLR_FD) = 0 [pid 10120] close(4) = 0 [pid 10120] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10120] truncate("./file2", 0) = 0 [pid 10120] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10120] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10120] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10120, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4605", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4605", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4605/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4605/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4605/binderfs") = 0 umount2("./4605/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4605/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4605/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4605/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4605/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4605/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4605") = 0 mkdir("./4606", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10122 ./strace-static-x86_64: Process 10122 attached [pid 10122] set_robust_list(0x55558abad660, 24) = 0 [pid 10122] chdir("./4606") = 0 [pid 10122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10122] setpgid(0, 0) = 0 [pid 10122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10122] write(3, "1000", 4) = 4 [pid 10122] close(3) = 0 [pid 10122] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10122] write(1, "executing program\n", 18) = 18 [pid 10122] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10122] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10122] memfd_create("syzkaller", 0) = 3 [pid 10122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10122] munmap(0x7ff698483000, 138412032) = 0 [pid 10122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 572.688029][T10120] loop0: detected capacity change from 0 to 512 [ 572.695368][T10120] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 572.706100][T10120] EXT4-fs (loop0): 1 truncate cleaned up [ 572.713134][T10120] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10122] close(3) = 0 [pid 10122] close(4) = 0 [pid 10122] mkdir("./file0", 0777) = 0 [pid 10122] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10122] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10122] chdir("./file0") = 0 [pid 10122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10122] ioctl(4, LOOP_CLR_FD) = 0 [pid 10122] close(4) = 0 [pid 10122] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10122] truncate("./file2", 0) = 0 [pid 10122] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10122] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10122] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10122, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4606", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4606", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4606/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4606/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4606/binderfs") = 0 umount2("./4606/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4606/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4606/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4606/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4606/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4606/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4606") = 0 mkdir("./4607", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10124 ./strace-static-x86_64: Process 10124 attached [pid 10124] set_robust_list(0x55558abad660, 24) = 0 [pid 10124] chdir("./4607") = 0 [pid 10124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10124] setpgid(0, 0) = 0 [pid 10124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10124] write(3, "1000", 4) = 4 [pid 10124] close(3) = 0 [pid 10124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10124] write(1, "executing program\n", 18executing program ) = 18 [pid 10124] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10124] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10124] memfd_create("syzkaller", 0) = 3 [pid 10124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10124] munmap(0x7ff698483000, 138412032) = 0 [pid 10124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 572.750184][T10122] loop0: detected capacity change from 0 to 512 [ 572.757482][T10122] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 572.768666][T10122] EXT4-fs (loop0): 1 truncate cleaned up [ 572.775410][T10122] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10124] close(3) = 0 [pid 10124] close(4) = 0 [pid 10124] mkdir("./file0", 0777) = 0 [pid 10124] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10124] chdir("./file0") = 0 [pid 10124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10124] ioctl(4, LOOP_CLR_FD) = 0 [pid 10124] close(4) = 0 [pid 10124] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10124] truncate("./file2", 0) = 0 [pid 10124] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10124] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10124] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10124, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4607", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4607", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4607/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4607/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4607/binderfs") = 0 umount2("./4607/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4607/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4607/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4607/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4607/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4607/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4607") = 0 mkdir("./4608", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10126 ./strace-static-x86_64: Process 10126 attached [pid 10126] set_robust_list(0x55558abad660, 24) = 0 [pid 10126] chdir("./4608") = 0 [pid 10126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10126] setpgid(0, 0) = 0 [pid 10126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10126] write(3, "1000", 4) = 4 [pid 10126] close(3) = 0 [pid 10126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10126] write(1, "executing program\n", 18) = 18 [pid 10126] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10126] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10126] memfd_create("syzkaller", 0) = 3 [pid 10126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10126] munmap(0x7ff698483000, 138412032) = 0 [pid 10126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 572.810012][T10124] loop0: detected capacity change from 0 to 512 [ 572.817543][T10124] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 572.828229][T10124] EXT4-fs (loop0): 1 truncate cleaned up [ 572.835638][T10124] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10126] close(3) = 0 [pid 10126] close(4) = 0 [pid 10126] mkdir("./file0", 0777) = 0 [pid 10126] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10126] chdir("./file0") = 0 [pid 10126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10126] ioctl(4, LOOP_CLR_FD) = 0 [pid 10126] close(4) = 0 [pid 10126] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10126] truncate("./file2", 0) = 0 [pid 10126] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10126] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10126] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10126, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4608", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4608", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4608/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4608/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4608/binderfs") = 0 umount2("./4608/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4608/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4608/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4608/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4608/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4608/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4608") = 0 mkdir("./4609", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10128 ./strace-static-x86_64: Process 10128 attached [pid 10128] set_robust_list(0x55558abad660, 24) = 0 [pid 10128] chdir("./4609") = 0 [pid 10128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10128] setpgid(0, 0) = 0 [pid 10128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10128] write(3, "1000", 4) = 4 [pid 10128] close(3) = 0 [pid 10128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10128] write(1, "executing program\n", 18executing program ) = 18 [pid 10128] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10128] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10128] memfd_create("syzkaller", 0) = 3 [pid 10128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10128] munmap(0x7ff698483000, 138412032) = 0 [pid 10128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 572.872379][T10126] loop0: detected capacity change from 0 to 512 [ 572.879825][T10126] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 572.890489][T10126] EXT4-fs (loop0): 1 truncate cleaned up [ 572.897502][T10126] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10128] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10128] close(3) = 0 [pid 10128] close(4) = 0 [pid 10128] mkdir("./file0", 0777) = 0 [pid 10128] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10128] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10128] chdir("./file0") = 0 [pid 10128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10128] ioctl(4, LOOP_CLR_FD) = 0 [pid 10128] close(4) = 0 [pid 10128] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10128] truncate("./file2", 0) = 0 [pid 10128] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10128] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10128] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10128, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4609", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4609", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4609/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4609/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4609/binderfs") = 0 umount2("./4609/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4609/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4609/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4609/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4609/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4609/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4609") = 0 mkdir("./4610", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10130 ./strace-static-x86_64: Process 10130 attached [pid 10130] set_robust_list(0x55558abad660, 24) = 0 [pid 10130] chdir("./4610") = 0 [pid 10130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10130] setpgid(0, 0) = 0 [pid 10130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10130] write(3, "1000", 4) = 4 [pid 10130] close(3) = 0 [pid 10130] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10130] write(1, "executing program\n", 18) = 18 [pid 10130] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10130] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10130] memfd_create("syzkaller", 0) = 3 [pid 10130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10130] munmap(0x7ff698483000, 138412032) = 0 [pid 10130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 572.931568][T10128] loop0: detected capacity change from 0 to 512 [ 572.938969][T10128] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 572.949751][T10128] EXT4-fs (loop0): 1 truncate cleaned up [ 572.956771][T10128] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10130] close(3) = 0 [pid 10130] close(4) = 0 [pid 10130] mkdir("./file0", 0777) = 0 [pid 10130] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10130] chdir("./file0") = 0 [pid 10130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10130] ioctl(4, LOOP_CLR_FD) = 0 [pid 10130] close(4) = 0 [pid 10130] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10130] truncate("./file2", 0) = 0 [pid 10130] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10130] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10130] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10130, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4610", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4610", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4610/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4610/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4610/binderfs") = 0 umount2("./4610/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4610/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4610/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4610/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4610/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 572.996923][T10130] loop0: detected capacity change from 0 to 512 [ 573.004192][T10130] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 573.014846][T10130] EXT4-fs (loop0): 1 truncate cleaned up [ 573.021877][T10130] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. rmdir("./4610/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4610") = 0 mkdir("./4611", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 10132 attached , child_tidptr=0x55558abad650) = 10132 [pid 10132] set_robust_list(0x55558abad660, 24) = 0 [pid 10132] chdir("./4611") = 0 [pid 10132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10132] setpgid(0, 0) = 0 [pid 10132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10132] write(3, "1000", 4) = 4 [pid 10132] close(3) = 0 [pid 10132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10132] write(1, "executing program\n", 18) = 18 [pid 10132] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10132] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10132] memfd_create("syzkaller", 0) = 3 [pid 10132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10132] munmap(0x7ff698483000, 138412032) = 0 [pid 10132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10132] close(3) = 0 [pid 10132] close(4) = 0 [pid 10132] mkdir("./file0", 0777) = 0 [pid 10132] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10132] chdir("./file0") = 0 [pid 10132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10132] ioctl(4, LOOP_CLR_FD) = 0 [pid 10132] close(4) = 0 [pid 10132] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10132] truncate("./file2", 0) = 0 [pid 10132] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10132] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10132] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10132, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4611", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4611", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4611/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4611/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4611/binderfs") = 0 umount2("./4611/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4611/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4611/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4611/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4611/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4611/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4611") = 0 mkdir("./4612", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10134 ./strace-static-x86_64: Process 10134 attached [pid 10134] set_robust_list(0x55558abad660, 24) = 0 [pid 10134] chdir("./4612") = 0 [pid 10134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10134] setpgid(0, 0) = 0 [pid 10134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10134] write(3, "1000", 4) = 4 [pid 10134] close(3) = 0 [pid 10134] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10134] write(1, "executing program\n", 18) = 18 [pid 10134] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10134] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10134] memfd_create("syzkaller", 0) = 3 [pid 10134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10134] munmap(0x7ff698483000, 138412032) = 0 [pid 10134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 573.090691][T10132] loop0: detected capacity change from 0 to 512 [ 573.098672][T10132] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 573.109413][T10132] EXT4-fs (loop0): 1 truncate cleaned up [ 573.116444][T10132] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10134] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10134] close(3) = 0 [pid 10134] close(4) = 0 [pid 10134] mkdir("./file0", 0777) = 0 [pid 10134] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10134] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10134] chdir("./file0") = 0 [pid 10134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10134] ioctl(4, LOOP_CLR_FD) = 0 [pid 10134] close(4) = 0 [pid 10134] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10134] truncate("./file2", 0) = 0 [pid 10134] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10134] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10134] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10134, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4612", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4612", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4612/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4612/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4612/binderfs") = 0 umount2("./4612/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4612/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4612/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4612/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4612/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4612/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4612") = 0 mkdir("./4613", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10136 ./strace-static-x86_64: Process 10136 attached [pid 10136] set_robust_list(0x55558abad660, 24) = 0 [pid 10136] chdir("./4613") = 0 [pid 10136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10136] setpgid(0, 0) = 0 [pid 10136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10136] write(3, "1000", 4) = 4 [pid 10136] close(3) = 0 [pid 10136] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10136] write(1, "executing program\n", 18) = 18 [pid 10136] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10136] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10136] memfd_create("syzkaller", 0) = 3 [pid 10136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10136] munmap(0x7ff698483000, 138412032) = 0 [pid 10136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 573.143853][T10134] loop0: detected capacity change from 0 to 512 [ 573.151315][T10134] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 573.162274][T10134] EXT4-fs (loop0): 1 truncate cleaned up [ 573.169086][T10134] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10136] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10136] close(3) = 0 [pid 10136] close(4) = 0 [pid 10136] mkdir("./file0", 0777) = 0 [pid 10136] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10136] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10136] chdir("./file0") = 0 [pid 10136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10136] ioctl(4, LOOP_CLR_FD) = 0 [pid 10136] close(4) = 0 [pid 10136] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10136] truncate("./file2", 0) = 0 [pid 10136] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10136] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10136] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10136, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4613", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4613", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4613/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4613/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4613/binderfs") = 0 umount2("./4613/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4613/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4613/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4613/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4613/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4613/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4613") = 0 mkdir("./4614", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10139 ./strace-static-x86_64: Process 10139 attached [pid 10139] set_robust_list(0x55558abad660, 24) = 0 [pid 10139] chdir("./4614") = 0 [pid 10139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10139] setpgid(0, 0) = 0 [pid 10139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10139] write(3, "1000", 4) = 4 [pid 10139] close(3) = 0 [pid 10139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10139] write(1, "executing program\n", 18executing program ) = 18 [pid 10139] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10139] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10139] memfd_create("syzkaller", 0) = 3 [pid 10139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10139] munmap(0x7ff698483000, 138412032) = 0 [pid 10139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 573.201266][T10136] loop0: detected capacity change from 0 to 512 [ 573.208521][T10136] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 573.219487][T10136] EXT4-fs (loop0): 1 truncate cleaned up [ 573.226222][T10136] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10139] close(3) = 0 [pid 10139] close(4) = 0 [pid 10139] mkdir("./file0", 0777) = 0 [pid 10139] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10139] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10139] chdir("./file0") = 0 [pid 10139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10139] ioctl(4, LOOP_CLR_FD) = 0 [pid 10139] close(4) = 0 [pid 10139] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10139] truncate("./file2", 0) = 0 [pid 10139] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10139] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10139] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10139, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4614", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4614", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4614/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4614/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4614/binderfs") = 0 umount2("./4614/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4614/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4614/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4614/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4614/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4614/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4614") = 0 mkdir("./4615", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10141 ./strace-static-x86_64: Process 10141 attached [pid 10141] set_robust_list(0x55558abad660, 24) = 0 [pid 10141] chdir("./4615") = 0 [pid 10141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10141] setpgid(0, 0) = 0 [pid 10141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10141] write(3, "1000", 4) = 4 [pid 10141] close(3) = 0 [pid 10141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10141] write(1, "executing program\n", 18executing program ) = 18 [pid 10141] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10141] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10141] memfd_create("syzkaller", 0) = 3 [pid 10141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10141] munmap(0x7ff698483000, 138412032) = 0 [pid 10141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 573.268077][T10139] loop0: detected capacity change from 0 to 512 [ 573.275669][T10139] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 573.286517][T10139] EXT4-fs (loop0): 1 truncate cleaned up [ 573.293095][T10139] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10141] close(3) = 0 [pid 10141] close(4) = 0 [pid 10141] mkdir("./file0", 0777) = 0 [pid 10141] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10141] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10141] chdir("./file0") = 0 [pid 10141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10141] ioctl(4, LOOP_CLR_FD) = 0 [pid 10141] close(4) = 0 [pid 10141] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10141] truncate("./file2", 0) = 0 [pid 10141] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10141] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10141] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10141, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4615", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4615", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4615/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4615/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4615/binderfs") = 0 umount2("./4615/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4615/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4615/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4615/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4615/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4615/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4615") = 0 mkdir("./4616", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10143 ./strace-static-x86_64: Process 10143 attached [pid 10143] set_robust_list(0x55558abad660, 24) = 0 [pid 10143] chdir("./4616") = 0 [pid 10143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10143] setpgid(0, 0) = 0 [pid 10143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10143] write(3, "1000", 4) = 4 [pid 10143] close(3) = 0 [pid 10143] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10143] write(1, "executing program\n", 18) = 18 [pid 10143] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10143] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10143] memfd_create("syzkaller", 0) = 3 [pid 10143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10143] munmap(0x7ff698483000, 138412032) = 0 [pid 10143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 573.323881][T10141] loop0: detected capacity change from 0 to 512 [ 573.331427][T10141] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 573.342085][T10141] EXT4-fs (loop0): 1 truncate cleaned up [ 573.349116][T10141] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10143] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10143] close(3) = 0 [pid 10143] close(4) = 0 [pid 10143] mkdir("./file0", 0777) = 0 [pid 10143] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10143] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10143] chdir("./file0") = 0 [pid 10143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10143] ioctl(4, LOOP_CLR_FD) = 0 [pid 10143] close(4) = 0 [pid 10143] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10143] truncate("./file2", 0) = 0 [pid 10143] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10143] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10143] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10143, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4616", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4616", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4616/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4616/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4616/binderfs") = 0 umount2("./4616/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4616/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4616/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4616/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4616/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4616/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4616") = 0 mkdir("./4617", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10145 ./strace-static-x86_64: Process 10145 attached [pid 10145] set_robust_list(0x55558abad660, 24) = 0 [pid 10145] chdir("./4617") = 0 [pid 10145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10145] setpgid(0, 0) = 0 [pid 10145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10145] write(3, "1000", 4) = 4 [pid 10145] close(3) = 0 [pid 10145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10145] write(1, "executing program\n", 18executing program ) = 18 [pid 10145] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10145] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10145] memfd_create("syzkaller", 0) = 3 [pid 10145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10145] munmap(0x7ff698483000, 138412032) = 0 [pid 10145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 573.392551][T10143] loop0: detected capacity change from 0 to 512 [ 573.400017][T10143] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 573.410706][T10143] EXT4-fs (loop0): 1 truncate cleaned up [ 573.417687][T10143] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10145] close(3) = 0 [pid 10145] close(4) = 0 [pid 10145] mkdir("./file0", 0777) = 0 [pid 10145] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10145] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10145] chdir("./file0") = 0 [pid 10145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10145] ioctl(4, LOOP_CLR_FD) = 0 [pid 10145] close(4) = 0 [pid 10145] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10145] truncate("./file2", 0) = 0 [pid 10145] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10145] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10145] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10145, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4617", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4617", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4617/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4617/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4617/binderfs") = 0 umount2("./4617/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4617/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4617/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4617/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4617/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4617/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4617") = 0 mkdir("./4618", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10147 ./strace-static-x86_64: Process 10147 attached [pid 10147] set_robust_list(0x55558abad660, 24) = 0 [pid 10147] chdir("./4618") = 0 [pid 10147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10147] setpgid(0, 0) = 0 [pid 10147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10147] write(3, "1000", 4) = 4 [pid 10147] close(3) = 0 [pid 10147] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10147] write(1, "executing program\n", 18) = 18 [pid 10147] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10147] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10147] memfd_create("syzkaller", 0) = 3 [pid 10147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10147] munmap(0x7ff698483000, 138412032) = 0 [pid 10147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 573.463711][T10145] loop0: detected capacity change from 0 to 512 [ 573.471451][T10145] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 573.482278][T10145] EXT4-fs (loop0): 1 truncate cleaned up [ 573.489683][T10145] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10147] close(3) = 0 [pid 10147] close(4) = 0 [pid 10147] mkdir("./file0", 0777) = 0 [pid 10147] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10147] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10147] chdir("./file0") = 0 [pid 10147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10147] ioctl(4, LOOP_CLR_FD) = 0 [pid 10147] close(4) = 0 [pid 10147] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10147] truncate("./file2", 0) = 0 [pid 10147] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10147] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10147] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10147, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4618", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4618", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4618/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4618/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4618/binderfs") = 0 umount2("./4618/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4618/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4618/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4618/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4618/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4618/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4618") = 0 mkdir("./4619", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10149 ./strace-static-x86_64: Process 10149 attached [pid 10149] set_robust_list(0x55558abad660, 24) = 0 [pid 10149] chdir("./4619") = 0 [pid 10149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10149] setpgid(0, 0) = 0 [pid 10149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10149] write(3, "1000", 4) = 4 [pid 10149] close(3) = 0 [pid 10149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10149] write(1, "executing program\n", 18executing program ) = 18 [pid 10149] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10149] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10149] memfd_create("syzkaller", 0) = 3 [pid 10149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10149] munmap(0x7ff698483000, 138412032) = 0 [pid 10149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 573.526237][T10147] loop0: detected capacity change from 0 to 512 [ 573.533808][T10147] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 573.544430][T10147] EXT4-fs (loop0): 1 truncate cleaned up [ 573.551545][T10147] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10149] close(3) = 0 [pid 10149] close(4) = 0 [pid 10149] mkdir("./file0", 0777) = 0 [pid 10149] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10149] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10149] chdir("./file0") = 0 [pid 10149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10149] ioctl(4, LOOP_CLR_FD) = 0 [pid 10149] close(4) = 0 [pid 10149] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10149] truncate("./file2", 0) = 0 [pid 10149] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10149] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10149] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10149, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4619", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4619", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4619/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4619/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4619/binderfs") = 0 umount2("./4619/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4619/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4619/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4619/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4619/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4619/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4619") = 0 mkdir("./4620", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10151 ./strace-static-x86_64: Process 10151 attached [pid 10151] set_robust_list(0x55558abad660, 24) = 0 [pid 10151] chdir("./4620") = 0 [pid 10151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10151] setpgid(0, 0) = 0 [pid 10151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10151] write(3, "1000", 4) = 4 [pid 10151] close(3) = 0 [pid 10151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10151] write(1, "executing program\n", 18executing program ) = 18 [pid 10151] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10151] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10151] memfd_create("syzkaller", 0) = 3 [pid 10151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10151] munmap(0x7ff698483000, 138412032) = 0 [pid 10151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 573.582716][T10149] loop0: detected capacity change from 0 to 512 [ 573.590257][T10149] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 573.601286][T10149] EXT4-fs (loop0): 1 truncate cleaned up [ 573.608051][T10149] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10151] close(3) = 0 [pid 10151] close(4) = 0 [pid 10151] mkdir("./file0", 0777) = 0 [pid 10151] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10151] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10151] chdir("./file0") = 0 [pid 10151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10151] ioctl(4, LOOP_CLR_FD) = 0 [pid 10151] close(4) = 0 [pid 10151] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10151] truncate("./file2", 0) = 0 [pid 10151] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10151] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10151] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10151, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4620", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4620", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4620/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4620/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4620/binderfs") = 0 umount2("./4620/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4620/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4620/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4620/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4620/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4620/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4620") = 0 mkdir("./4621", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10153 ./strace-static-x86_64: Process 10153 attached [pid 10153] set_robust_list(0x55558abad660, 24) = 0 [pid 10153] chdir("./4621") = 0 [pid 10153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10153] setpgid(0, 0) = 0 [pid 10153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10153] write(3, "1000", 4) = 4 [pid 10153] close(3) = 0 [pid 10153] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10153] write(1, "executing program\n", 18) = 18 [pid 10153] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10153] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10153] memfd_create("syzkaller", 0) = 3 [pid 10153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10153] munmap(0x7ff698483000, 138412032) = 0 [pid 10153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 573.641495][T10151] loop0: detected capacity change from 0 to 512 [ 573.648813][T10151] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 573.659695][T10151] EXT4-fs (loop0): 1 truncate cleaned up [ 573.666406][T10151] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10153] close(3) = 0 [pid 10153] close(4) = 0 [pid 10153] mkdir("./file0", 0777) = 0 [pid 10153] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10153] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10153] chdir("./file0") = 0 [pid 10153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10153] ioctl(4, LOOP_CLR_FD) = 0 [pid 10153] close(4) = 0 [pid 10153] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10153] truncate("./file2", 0) = 0 [pid 10153] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10153] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10153] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10153, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4621", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4621", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4621/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4621/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4621/binderfs") = 0 umount2("./4621/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4621/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4621/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4621/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4621/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4621/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4621") = 0 mkdir("./4622", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10155 ./strace-static-x86_64: Process 10155 attached [pid 10155] set_robust_list(0x55558abad660, 24) = 0 [pid 10155] chdir("./4622") = 0 [pid 10155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10155] setpgid(0, 0) = 0 [pid 10155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10155] write(3, "1000", 4) = 4 [pid 10155] close(3) = 0 [pid 10155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10155] write(1, "executing program\n", 18) = 18 [pid 10155] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10155] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10155] memfd_create("syzkaller", 0) = 3 [pid 10155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10155] munmap(0x7ff698483000, 138412032) = 0 [pid 10155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 573.702997][T10153] loop0: detected capacity change from 0 to 512 [ 573.710289][T10153] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 573.720979][T10153] EXT4-fs (loop0): 1 truncate cleaned up [ 573.727679][T10153] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10155] close(3) = 0 [pid 10155] close(4) = 0 [pid 10155] mkdir("./file0", 0777) = 0 [pid 10155] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10155] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10155] chdir("./file0") = 0 [pid 10155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10155] ioctl(4, LOOP_CLR_FD) = 0 [pid 10155] close(4) = 0 [pid 10155] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10155] truncate("./file2", 0) = 0 [pid 10155] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10155] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10155] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10155, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4622", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4622", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4622/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4622/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4622/binderfs") = 0 umount2("./4622/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4622/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4622/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4622/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4622/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4622/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4622") = 0 mkdir("./4623", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10157 ./strace-static-x86_64: Process 10157 attached [pid 10157] set_robust_list(0x55558abad660, 24) = 0 [pid 10157] chdir("./4623") = 0 [pid 10157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10157] setpgid(0, 0) = 0 [pid 10157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10157] write(3, "1000", 4) = 4 [pid 10157] close(3) = 0 [pid 10157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10157] write(1, "executing program\n", 18executing program ) = 18 [pid 10157] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10157] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10157] memfd_create("syzkaller", 0) = 3 [pid 10157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10157] munmap(0x7ff698483000, 138412032) = 0 [pid 10157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 573.764628][T10155] loop0: detected capacity change from 0 to 512 [ 573.772201][T10155] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 573.783334][T10155] EXT4-fs (loop0): 1 truncate cleaned up [ 573.789968][T10155] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10157] close(3) = 0 [pid 10157] close(4) = 0 [pid 10157] mkdir("./file0", 0777) = 0 [pid 10157] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10157] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10157] chdir("./file0") = 0 [pid 10157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10157] ioctl(4, LOOP_CLR_FD) = 0 [pid 10157] close(4) = 0 [pid 10157] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10157] truncate("./file2", 0) = 0 [pid 10157] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10157] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10157] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10157, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4623", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4623", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4623/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4623/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4623/binderfs") = 0 umount2("./4623/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4623/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4623/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4623/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4623/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4623/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4623") = 0 mkdir("./4624", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10159 ./strace-static-x86_64: Process 10159 attached [pid 10159] set_robust_list(0x55558abad660, 24) = 0 [pid 10159] chdir("./4624") = 0 [pid 10159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10159] setpgid(0, 0) = 0 [pid 10159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10159] write(3, "1000", 4) = 4 [pid 10159] close(3) = 0 [pid 10159] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10159] write(1, "executing program\n", 18) = 18 [pid 10159] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10159] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10159] memfd_create("syzkaller", 0) = 3 [pid 10159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10159] munmap(0x7ff698483000, 138412032) = 0 [pid 10159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 573.827478][T10157] loop0: detected capacity change from 0 to 512 [ 573.835067][T10157] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 573.845586][T10157] EXT4-fs (loop0): 1 truncate cleaned up [ 573.852204][T10157] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10159] close(3) = 0 [pid 10159] close(4) = 0 [pid 10159] mkdir("./file0", 0777) = 0 [pid 10159] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10159] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10159] chdir("./file0") = 0 [pid 10159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10159] ioctl(4, LOOP_CLR_FD) = 0 [pid 10159] close(4) = 0 [pid 10159] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10159] truncate("./file2", 0) = 0 [pid 10159] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10159] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10159] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10159, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4624", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4624", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4624/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4624/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4624/binderfs") = 0 umount2("./4624/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4624/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4624/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4624/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4624/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4624/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4624") = 0 mkdir("./4625", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10161 ./strace-static-x86_64: Process 10161 attached [pid 10161] set_robust_list(0x55558abad660, 24) = 0 [pid 10161] chdir("./4625") = 0 [pid 10161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10161] setpgid(0, 0) = 0 [pid 10161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 10161] write(3, "1000", 4) = 4 [pid 10161] close(3) = 0 [pid 10161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10161] write(1, "executing program\n", 18) = 18 [pid 10161] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10161] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10161] memfd_create("syzkaller", 0) = 3 [pid 10161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10161] munmap(0x7ff698483000, 138412032) = 0 [pid 10161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 573.889591][T10159] loop0: detected capacity change from 0 to 512 [ 573.897238][T10159] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 573.908012][T10159] EXT4-fs (loop0): 1 truncate cleaned up [ 573.915320][T10159] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10161] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10161] close(3) = 0 [pid 10161] close(4) = 0 [pid 10161] mkdir("./file0", 0777) = 0 [pid 10161] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10161] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10161] chdir("./file0") = 0 [pid 10161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10161] ioctl(4, LOOP_CLR_FD) = 0 [pid 10161] close(4) = 0 [pid 10161] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10161] truncate("./file2", 0) = 0 [pid 10161] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10161] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10161] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10161, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4625", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4625", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4625/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4625/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4625/binderfs") = 0 umount2("./4625/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4625/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4625/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4625/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4625/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4625/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4625") = 0 mkdir("./4626", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10163 ./strace-static-x86_64: Process 10163 attached [pid 10163] set_robust_list(0x55558abad660, 24) = 0 [pid 10163] chdir("./4626") = 0 [pid 10163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10163] setpgid(0, 0) = 0 [pid 10163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10163] write(3, "1000", 4) = 4 [pid 10163] close(3) = 0 [pid 10163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10163] write(1, "executing program\n", 18executing program ) = 18 [pid 10163] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10163] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10163] memfd_create("syzkaller", 0) = 3 [pid 10163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10163] munmap(0x7ff698483000, 138412032) = 0 [pid 10163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 573.951737][T10161] loop0: detected capacity change from 0 to 512 [ 573.959099][T10161] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 573.969925][T10161] EXT4-fs (loop0): 1 truncate cleaned up [ 573.976954][T10161] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10163] close(3) = 0 [pid 10163] close(4) = 0 [pid 10163] mkdir("./file0", 0777) = 0 [pid 10163] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10163] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10163] chdir("./file0") = 0 [pid 10163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10163] ioctl(4, LOOP_CLR_FD) = 0 [pid 10163] close(4) = 0 [pid 10163] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10163] truncate("./file2", 0) = 0 [pid 10163] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10163] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10163] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10163, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4626", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4626", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4626/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4626/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4626/binderfs") = 0 umount2("./4626/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4626/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4626/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4626/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4626/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4626/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4626") = 0 mkdir("./4627", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10165 ./strace-static-x86_64: Process 10165 attached [pid 10165] set_robust_list(0x55558abad660, 24) = 0 [pid 10165] chdir("./4627") = 0 [pid 10165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10165] setpgid(0, 0) = 0 [pid 10165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10165] write(3, "1000", 4) = 4 [pid 10165] close(3) = 0 [pid 10165] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10165] write(1, "executing program\n", 18) = 18 [pid 10165] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10165] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10165] memfd_create("syzkaller", 0) = 3 [pid 10165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10165] munmap(0x7ff698483000, 138412032) = 0 [pid 10165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 574.003828][T10163] loop0: detected capacity change from 0 to 512 [ 574.011442][T10163] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 574.022173][T10163] EXT4-fs (loop0): 1 truncate cleaned up [ 574.028910][T10163] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10165] close(3) = 0 [pid 10165] close(4) = 0 [pid 10165] mkdir("./file0", 0777) = 0 [pid 10165] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10165] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10165] chdir("./file0") = 0 [pid 10165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10165] ioctl(4, LOOP_CLR_FD) = 0 [pid 10165] close(4) = 0 [pid 10165] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10165] truncate("./file2", 0) = 0 [pid 10165] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10165] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10165] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10165, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4627", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4627", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4627/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4627/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4627/binderfs") = 0 umount2("./4627/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4627/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4627/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4627/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4627/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4627/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4627") = 0 mkdir("./4628", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10167 ./strace-static-x86_64: Process 10167 attached [pid 10167] set_robust_list(0x55558abad660, 24) = 0 [pid 10167] chdir("./4628") = 0 [pid 10167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10167] setpgid(0, 0) = 0 [pid 10167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10167] write(3, "1000", 4) = 4 [pid 10167] close(3) = 0 [pid 10167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10167] write(1, "executing program\n", 18executing program ) = 18 [pid 10167] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10167] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10167] memfd_create("syzkaller", 0) = 3 [pid 10167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10167] munmap(0x7ff698483000, 138412032) = 0 [pid 10167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 574.069119][T10165] loop0: detected capacity change from 0 to 512 [ 574.077106][T10165] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 574.087951][T10165] EXT4-fs (loop0): 1 truncate cleaned up [ 574.094855][T10165] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10167] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10167] close(3) = 0 [pid 10167] close(4) = 0 [pid 10167] mkdir("./file0", 0777) = 0 [pid 10167] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10167] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10167] chdir("./file0") = 0 [pid 10167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10167] ioctl(4, LOOP_CLR_FD) = 0 [pid 10167] close(4) = 0 [pid 10167] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10167] truncate("./file2", 0) = 0 [pid 10167] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10167] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10167] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10167, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4628", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4628", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4628/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4628/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4628/binderfs") = 0 umount2("./4628/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4628/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4628/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4628/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4628/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4628/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4628") = 0 mkdir("./4629", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10169 ./strace-static-x86_64: Process 10169 attached [pid 10169] set_robust_list(0x55558abad660, 24) = 0 [pid 10169] chdir("./4629") = 0 [pid 10169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10169] setpgid(0, 0) = 0 [pid 10169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10169] write(3, "1000", 4) = 4 [pid 10169] close(3) = 0 [pid 10169] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10169] write(1, "executing program\n", 18) = 18 [pid 10169] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10169] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10169] memfd_create("syzkaller", 0) = 3 [pid 10169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10169] munmap(0x7ff698483000, 138412032) = 0 [pid 10169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 574.134136][T10167] loop0: detected capacity change from 0 to 512 [ 574.141543][T10167] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 574.152210][T10167] EXT4-fs (loop0): 1 truncate cleaned up [ 574.159466][T10167] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10169] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10169] close(3) = 0 [pid 10169] close(4) = 0 [pid 10169] mkdir("./file0", 0777) = 0 [pid 10169] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10169] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10169] chdir("./file0") = 0 [pid 10169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10169] ioctl(4, LOOP_CLR_FD) = 0 [pid 10169] close(4) = 0 [pid 10169] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10169] truncate("./file2", 0) = 0 [pid 10169] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10169] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10169] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10169, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4629", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4629", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4629/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4629/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4629/binderfs") = 0 umount2("./4629/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4629/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4629/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4629/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4629/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4629/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4629") = 0 mkdir("./4630", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10172 ./strace-static-x86_64: Process 10172 attached [pid 10172] set_robust_list(0x55558abad660, 24) = 0 [pid 10172] chdir("./4630") = 0 [pid 10172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10172] setpgid(0, 0) = 0 [pid 10172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10172] write(3, "1000", 4) = 4 [pid 10172] close(3) = 0 [pid 10172] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10172] write(1, "executing program\n", 18) = 18 [pid 10172] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10172] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10172] memfd_create("syzkaller", 0) = 3 [pid 10172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10172] munmap(0x7ff698483000, 138412032) = 0 [pid 10172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 574.196260][T10169] loop0: detected capacity change from 0 to 512 [ 574.203545][T10169] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 574.214260][T10169] EXT4-fs (loop0): 1 truncate cleaned up [ 574.222836][T10169] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10172] close(3) = 0 [pid 10172] close(4) = 0 [pid 10172] mkdir("./file0", 0777) = 0 [pid 10172] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10172] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10172] chdir("./file0") = 0 [pid 10172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10172] ioctl(4, LOOP_CLR_FD) = 0 [pid 10172] close(4) = 0 [pid 10172] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10172] truncate("./file2", 0) = 0 [pid 10172] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10172] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10172] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10172, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4630", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4630", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4630/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4630/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4630/binderfs") = 0 umount2("./4630/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4630/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4630/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4630/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4630/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4630/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4630") = 0 mkdir("./4631", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10174 ./strace-static-x86_64: Process 10174 attached [pid 10174] set_robust_list(0x55558abad660, 24) = 0 [pid 10174] chdir("./4631") = 0 [pid 10174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10174] setpgid(0, 0) = 0 [pid 10174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 10174] write(3, "1000", 4) = 4 [pid 10174] close(3) = 0 [pid 10174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10174] write(1, "executing program\n", 18) = 18 [pid 10174] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10174] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10174] memfd_create("syzkaller", 0) = 3 [pid 10174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10174] munmap(0x7ff698483000, 138412032) = 0 [pid 10174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 574.263085][T10172] loop0: detected capacity change from 0 to 512 [ 574.270608][T10172] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 574.281197][T10172] EXT4-fs (loop0): 1 truncate cleaned up [ 574.288141][T10172] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10174] close(3) = 0 [pid 10174] close(4) = 0 [pid 10174] mkdir("./file0", 0777) = 0 [pid 10174] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10174] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10174] chdir("./file0") = 0 [pid 10174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10174] ioctl(4, LOOP_CLR_FD) = 0 [pid 10174] close(4) = 0 [pid 10174] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10174] truncate("./file2", 0) = 0 [pid 10174] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10174] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10174] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10174, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4631", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4631", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4631/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4631/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4631/binderfs") = 0 umount2("./4631/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4631/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4631/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4631/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4631/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4631/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4631") = 0 mkdir("./4632", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10176 ./strace-static-x86_64: Process 10176 attached [pid 10176] set_robust_list(0x55558abad660, 24) = 0 [pid 10176] chdir("./4632") = 0 [pid 10176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10176] setpgid(0, 0) = 0 [pid 10176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10176] write(3, "1000", 4) = 4 [pid 10176] close(3) = 0 [pid 10176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10176] write(1, "executing program\n", 18) = 18 [pid 10176] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10176] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10176] memfd_create("syzkaller", 0) = 3 [pid 10176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10176] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10176] munmap(0x7ff698483000, 138412032) = 0 [pid 10176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 574.328966][T10174] loop0: detected capacity change from 0 to 512 [ 574.336749][T10174] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 574.347376][T10174] EXT4-fs (loop0): 1 truncate cleaned up [ 574.354198][T10174] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10176] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10176] close(3) = 0 [pid 10176] close(4) = 0 [pid 10176] mkdir("./file0", 0777) = 0 [pid 10176] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10176] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10176] chdir("./file0") = 0 [pid 10176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10176] ioctl(4, LOOP_CLR_FD) = 0 [pid 10176] close(4) = 0 [pid 10176] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10176] truncate("./file2", 0) = 0 [pid 10176] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10176] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10176] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10176, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4632", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4632", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4632/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4632/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4632/binderfs") = 0 umount2("./4632/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4632/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4632/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4632/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4632/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4632/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4632") = 0 mkdir("./4633", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10178 ./strace-static-x86_64: Process 10178 attached [pid 10178] set_robust_list(0x55558abad660, 24) = 0 [pid 10178] chdir("./4633") = 0 [pid 10178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10178] setpgid(0, 0) = 0 [pid 10178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10178] write(3, "1000", 4) = 4 [pid 10178] close(3) = 0 [pid 10178] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10178] write(1, "executing program\n", 18) = 18 [pid 10178] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10178] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10178] memfd_create("syzkaller", 0) = 3 [pid 10178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10178] munmap(0x7ff698483000, 138412032) = 0 [pid 10178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 574.388354][T10176] loop0: detected capacity change from 0 to 512 [ 574.395693][T10176] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 574.406461][T10176] EXT4-fs (loop0): 1 truncate cleaned up [ 574.413232][T10176] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10178] close(3) = 0 [pid 10178] close(4) = 0 [pid 10178] mkdir("./file0", 0777) = 0 [pid 10178] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10178] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10178] chdir("./file0") = 0 [pid 10178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10178] ioctl(4, LOOP_CLR_FD) = 0 [pid 10178] close(4) = 0 [pid 10178] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10178] truncate("./file2", 0) = 0 [pid 10178] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10178] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10178] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10178, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4633", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4633", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4633/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4633/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4633/binderfs") = 0 umount2("./4633/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4633/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4633/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4633/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4633/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4633/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4633") = 0 mkdir("./4634", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10180 ./strace-static-x86_64: Process 10180 attached [pid 10180] set_robust_list(0x55558abad660, 24) = 0 [pid 10180] chdir("./4634") = 0 [pid 10180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10180] setpgid(0, 0) = 0 [pid 10180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10180] write(3, "1000", 4) = 4 [pid 10180] close(3) = 0 [pid 10180] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10180] write(1, "executing program\n", 18) = 18 [pid 10180] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10180] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10180] memfd_create("syzkaller", 0) = 3 [pid 10180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10180] munmap(0x7ff698483000, 138412032) = 0 [pid 10180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 574.442881][T10178] loop0: detected capacity change from 0 to 512 [ 574.451057][T10178] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 574.462029][T10178] EXT4-fs (loop0): 1 truncate cleaned up [ 574.469773][T10178] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10180] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10180] close(3) = 0 [pid 10180] close(4) = 0 [pid 10180] mkdir("./file0", 0777) = 0 [pid 10180] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10180] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10180] chdir("./file0") = 0 [pid 10180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10180] ioctl(4, LOOP_CLR_FD) = 0 [pid 10180] close(4) = 0 [pid 10180] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10180] truncate("./file2", 0) = 0 [pid 10180] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10180] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10180] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10180, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4634", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4634", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4634/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4634/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4634/binderfs") = 0 umount2("./4634/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4634/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4634/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4634/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4634/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4634/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4634") = 0 mkdir("./4635", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10182 ./strace-static-x86_64: Process 10182 attached [pid 10182] set_robust_list(0x55558abad660, 24) = 0 [pid 10182] chdir("./4635") = 0 [pid 10182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10182] setpgid(0, 0) = 0 [pid 10182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10182] write(3, "1000", 4) = 4 [pid 10182] close(3) = 0 [pid 10182] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10182] write(1, "executing program\n", 18) = 18 [pid 10182] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10182] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10182] memfd_create("syzkaller", 0) = 3 [pid 10182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10182] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10182] munmap(0x7ff698483000, 138412032) = 0 [pid 10182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 574.510267][T10180] loop0: detected capacity change from 0 to 512 [ 574.518188][T10180] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 574.529349][T10180] EXT4-fs (loop0): 1 truncate cleaned up [ 574.536149][T10180] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10182] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10182] close(3) = 0 [pid 10182] close(4) = 0 [pid 10182] mkdir("./file0", 0777) = 0 [pid 10182] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10182] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10182] chdir("./file0") = 0 [pid 10182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10182] ioctl(4, LOOP_CLR_FD) = 0 [pid 10182] close(4) = 0 [pid 10182] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10182] truncate("./file2", 0) = 0 [pid 10182] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10182] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10182] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10182, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4635", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4635", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4635/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4635/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4635/binderfs") = 0 umount2("./4635/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4635/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4635/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4635/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4635/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4635/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4635") = 0 mkdir("./4636", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10184 ./strace-static-x86_64: Process 10184 attached [pid 10184] set_robust_list(0x55558abad660, 24) = 0 [pid 10184] chdir("./4636") = 0 [pid 10184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10184] setpgid(0, 0) = 0 [pid 10184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10184] write(3, "1000", 4) = 4 [pid 10184] close(3) = 0 [pid 10184] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10184] write(1, "executing program\n", 18) = 18 [pid 10184] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10184] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10184] memfd_create("syzkaller", 0) = 3 [pid 10184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10184] munmap(0x7ff698483000, 138412032) = 0 [pid 10184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 574.564549][T10182] loop0: detected capacity change from 0 to 512 [ 574.571863][T10182] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 574.582589][T10182] EXT4-fs (loop0): 1 truncate cleaned up [ 574.589521][T10182] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10184] close(3) = 0 [pid 10184] close(4) = 0 [pid 10184] mkdir("./file0", 0777) = 0 [pid 10184] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10184] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10184] chdir("./file0") = 0 [pid 10184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10184] ioctl(4, LOOP_CLR_FD) = 0 [pid 10184] close(4) = 0 [pid 10184] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10184] truncate("./file2", 0) = 0 [pid 10184] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10184] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10184] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10184, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4636", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4636", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4636/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4636/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4636/binderfs") = 0 umount2("./4636/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4636/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4636/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4636/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4636/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4636/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4636") = 0 mkdir("./4637", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10186 ./strace-static-x86_64: Process 10186 attached [pid 10186] set_robust_list(0x55558abad660, 24) = 0 [pid 10186] chdir("./4637") = 0 [pid 10186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10186] setpgid(0, 0) = 0 executing program [pid 10186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10186] write(3, "1000", 4) = 4 [pid 10186] close(3) = 0 [pid 10186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10186] write(1, "executing program\n", 18) = 18 [pid 10186] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10186] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10186] memfd_create("syzkaller", 0) = 3 [pid 10186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10186] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10186] munmap(0x7ff698483000, 138412032) = 0 [pid 10186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 574.626755][T10184] loop0: detected capacity change from 0 to 512 [ 574.634071][T10184] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 574.644788][T10184] EXT4-fs (loop0): 1 truncate cleaned up [ 574.651630][T10184] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10186] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10186] close(3) = 0 [pid 10186] close(4) = 0 [pid 10186] mkdir("./file0", 0777) = 0 [pid 10186] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10186] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10186] chdir("./file0") = 0 [pid 10186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10186] ioctl(4, LOOP_CLR_FD) = 0 [pid 10186] close(4) = 0 [pid 10186] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10186] truncate("./file2", 0) = 0 [pid 10186] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10186] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10186] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10186, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4637", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4637", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4637/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4637/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4637/binderfs") = 0 umount2("./4637/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4637/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4637/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4637/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4637/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4637/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4637") = 0 mkdir("./4638", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10188 ./strace-static-x86_64: Process 10188 attached [pid 10188] set_robust_list(0x55558abad660, 24) = 0 [pid 10188] chdir("./4638") = 0 [pid 10188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10188] setpgid(0, 0) = 0 [pid 10188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10188] write(3, "1000", 4) = 4 [pid 10188] close(3) = 0 [pid 10188] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10188] write(1, "executing program\n", 18) = 18 [pid 10188] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10188] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10188] memfd_create("syzkaller", 0) = 3 [pid 10188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10188] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10188] munmap(0x7ff698483000, 138412032) = 0 [pid 10188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 574.680414][T10186] loop0: detected capacity change from 0 to 512 [ 574.687930][T10186] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 574.698644][T10186] EXT4-fs (loop0): 1 truncate cleaned up [ 574.705882][T10186] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10188] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10188] close(3) = 0 [pid 10188] close(4) = 0 [pid 10188] mkdir("./file0", 0777) = 0 [pid 10188] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10188] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10188] chdir("./file0") = 0 [pid 10188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10188] ioctl(4, LOOP_CLR_FD) = 0 [pid 10188] close(4) = 0 [pid 10188] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10188] truncate("./file2", 0) = 0 [pid 10188] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10188] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10188] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10188, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4638", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4638", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4638/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4638/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4638/binderfs") = 0 umount2("./4638/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4638/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4638/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4638/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4638/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4638/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4638") = 0 mkdir("./4639", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10190 ./strace-static-x86_64: Process 10190 attached [pid 10190] set_robust_list(0x55558abad660, 24) = 0 [pid 10190] chdir("./4639") = 0 [pid 10190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10190] setpgid(0, 0) = 0 [pid 10190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10190] write(3, "1000", 4) = 4 [pid 10190] close(3) = 0 [pid 10190] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10190] write(1, "executing program\n", 18) = 18 [pid 10190] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10190] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10190] memfd_create("syzkaller", 0) = 3 [pid 10190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10190] munmap(0x7ff698483000, 138412032) = 0 [pid 10190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 574.743149][T10188] loop0: detected capacity change from 0 to 512 [ 574.750564][T10188] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 574.761290][T10188] EXT4-fs (loop0): 1 truncate cleaned up [ 574.768298][T10188] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10190] close(3) = 0 [pid 10190] close(4) = 0 [pid 10190] mkdir("./file0", 0777) = 0 [pid 10190] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10190] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10190] chdir("./file0") = 0 [pid 10190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10190] ioctl(4, LOOP_CLR_FD) = 0 [pid 10190] close(4) = 0 [pid 10190] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10190] truncate("./file2", 0) = 0 [pid 10190] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10190] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10190] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10190, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4639", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4639", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4639/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4639/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4639/binderfs") = 0 umount2("./4639/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4639/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4639/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4639/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4639/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4639/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4639") = 0 mkdir("./4640", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10192 ./strace-static-x86_64: Process 10192 attached [pid 10192] set_robust_list(0x55558abad660, 24) = 0 [pid 10192] chdir("./4640") = 0 [pid 10192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10192] setpgid(0, 0) = 0 [pid 10192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10192] write(3, "1000", 4) = 4 [pid 10192] close(3) = 0 [pid 10192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10192] write(1, "executing program\n", 18executing program ) = 18 [pid 10192] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10192] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10192] memfd_create("syzkaller", 0) = 3 [pid 10192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10192] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10192] munmap(0x7ff698483000, 138412032) = 0 [pid 10192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 574.811539][T10190] loop0: detected capacity change from 0 to 512 [ 574.819187][T10190] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 574.830020][T10190] EXT4-fs (loop0): 1 truncate cleaned up [ 574.837378][T10190] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10192] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10192] close(3) = 0 [pid 10192] close(4) = 0 [pid 10192] mkdir("./file0", 0777) = 0 [pid 10192] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10192] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10192] chdir("./file0") = 0 [pid 10192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10192] ioctl(4, LOOP_CLR_FD) = 0 [pid 10192] close(4) = 0 [pid 10192] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10192] truncate("./file2", 0) = 0 [pid 10192] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10192] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10192] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10192, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4640", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4640", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4640/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4640/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4640/binderfs") = 0 umount2("./4640/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4640/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4640/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4640/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4640/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4640/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4640") = 0 mkdir("./4641", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10194 ./strace-static-x86_64: Process 10194 attached [pid 10194] set_robust_list(0x55558abad660, 24) = 0 [pid 10194] chdir("./4641") = 0 [pid 10194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10194] setpgid(0, 0) = 0 [pid 10194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10194] write(3, "1000", 4) = 4 [pid 10194] close(3) = 0 [pid 10194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10194] write(1, "executing program\n", 18executing program ) = 18 [pid 10194] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10194] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10194] memfd_create("syzkaller", 0) = 3 [pid 10194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10194] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10194] munmap(0x7ff698483000, 138412032) = 0 [ 574.872512][T10192] loop0: detected capacity change from 0 to 512 [ 574.880313][T10192] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 574.891223][T10192] EXT4-fs (loop0): 1 truncate cleaned up [ 574.899149][T10192] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10194] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10194] close(3) = 0 [pid 10194] close(4) = 0 [pid 10194] mkdir("./file0", 0777) = 0 [pid 10194] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10194] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10194] chdir("./file0") = 0 [pid 10194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10194] ioctl(4, LOOP_CLR_FD) = 0 [pid 10194] close(4) = 0 [pid 10194] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10194] truncate("./file2", 0) = 0 [pid 10194] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10194] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10194] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10194, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4641", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4641", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4641/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4641/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4641/binderfs") = 0 umount2("./4641/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4641/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4641/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4641/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4641/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4641/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4641") = 0 mkdir("./4642", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10196 ./strace-static-x86_64: Process 10196 attached [pid 10196] set_robust_list(0x55558abad660, 24) = 0 [pid 10196] chdir("./4642") = 0 [pid 10196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10196] setpgid(0, 0) = 0 [pid 10196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10196] write(3, "1000", 4) = 4 [pid 10196] close(3) = 0 [pid 10196] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10196] write(1, "executing program\n", 18) = 18 [pid 10196] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10196] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10196] memfd_create("syzkaller", 0) = 3 [pid 10196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10196] munmap(0x7ff698483000, 138412032) = 0 [pid 10196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 574.942242][T10194] loop0: detected capacity change from 0 to 512 [ 574.949998][T10194] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 574.960590][T10194] EXT4-fs (loop0): 1 truncate cleaned up [ 574.968206][T10194] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10196] close(3) = 0 [pid 10196] close(4) = 0 [pid 10196] mkdir("./file0", 0777) = 0 [pid 10196] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10196] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10196] chdir("./file0") = 0 [pid 10196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10196] ioctl(4, LOOP_CLR_FD) = 0 [pid 10196] close(4) = 0 [pid 10196] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10196] truncate("./file2", 0) = 0 [pid 10196] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10196] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10196] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10196, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4642", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4642", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4642/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4642/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4642/binderfs") = 0 umount2("./4642/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4642/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4642/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4642/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4642/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4642/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4642") = 0 mkdir("./4643", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10198 ./strace-static-x86_64: Process 10198 attached [pid 10198] set_robust_list(0x55558abad660, 24) = 0 [pid 10198] chdir("./4643") = 0 [pid 10198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10198] setpgid(0, 0) = 0 [pid 10198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10198] write(3, "1000", 4) = 4 [pid 10198] close(3) = 0 [pid 10198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10198] write(1, "executing program\n", 18executing program ) = 18 [pid 10198] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10198] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10198] memfd_create("syzkaller", 0) = 3 [pid 10198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10198] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10198] munmap(0x7ff698483000, 138412032) = 0 [pid 10198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 575.001696][T10196] loop0: detected capacity change from 0 to 512 [ 575.009042][T10196] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 575.019759][T10196] EXT4-fs (loop0): 1 truncate cleaned up [ 575.027279][T10196] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10198] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10198] close(3) = 0 [pid 10198] close(4) = 0 [pid 10198] mkdir("./file0", 0777) = 0 [pid 10198] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10198] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10198] chdir("./file0") = 0 [pid 10198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10198] ioctl(4, LOOP_CLR_FD) = 0 [pid 10198] close(4) = 0 [pid 10198] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10198] truncate("./file2", 0) = 0 [pid 10198] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10198] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10198] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10198, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4643", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4643", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4643/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4643/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4643/binderfs") = 0 umount2("./4643/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4643/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4643/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4643/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4643/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4643/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4643") = 0 mkdir("./4644", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10200 ./strace-static-x86_64: Process 10200 attached [pid 10200] set_robust_list(0x55558abad660, 24) = 0 [pid 10200] chdir("./4644") = 0 [pid 10200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10200] setpgid(0, 0) = 0 [pid 10200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10200] write(3, "1000", 4) = 4 [pid 10200] close(3) = 0 [pid 10200] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10200] write(1, "executing program\n", 18) = 18 [pid 10200] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10200] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10200] memfd_create("syzkaller", 0) = 3 [pid 10200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10200] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10200] munmap(0x7ff698483000, 138412032) = 0 [pid 10200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 575.064441][T10198] loop0: detected capacity change from 0 to 512 [ 575.071897][T10198] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 575.082708][T10198] EXT4-fs (loop0): 1 truncate cleaned up [ 575.089717][T10198] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10200] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10200] close(3) = 0 [pid 10200] close(4) = 0 [pid 10200] mkdir("./file0", 0777) = 0 [pid 10200] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10200] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10200] chdir("./file0") = 0 [pid 10200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10200] ioctl(4, LOOP_CLR_FD) = 0 [pid 10200] close(4) = 0 [pid 10200] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10200] truncate("./file2", 0) = 0 [pid 10200] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10200] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10200] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10200, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4644", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4644", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4644/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4644/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4644/binderfs") = 0 umount2("./4644/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4644/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4644/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4644/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4644/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4644/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4644") = 0 mkdir("./4645", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10202 ./strace-static-x86_64: Process 10202 attached [pid 10202] set_robust_list(0x55558abad660, 24) = 0 [pid 10202] chdir("./4645") = 0 [pid 10202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10202] setpgid(0, 0) = 0 [pid 10202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10202] write(3, "1000", 4) = 4 [pid 10202] close(3) = 0 [pid 10202] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10202] write(1, "executing program\n", 18) = 18 [pid 10202] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10202] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10202] memfd_create("syzkaller", 0) = 3 [pid 10202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10202] munmap(0x7ff698483000, 138412032) = 0 [pid 10202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 575.120367][T10200] loop0: detected capacity change from 0 to 512 [ 575.128001][T10200] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 575.138741][T10200] EXT4-fs (loop0): 1 truncate cleaned up [ 575.145737][T10200] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10202] close(3) = 0 [pid 10202] close(4) = 0 [pid 10202] mkdir("./file0", 0777) = 0 [pid 10202] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10202] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10202] chdir("./file0") = 0 [pid 10202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10202] ioctl(4, LOOP_CLR_FD) = 0 [pid 10202] close(4) = 0 [pid 10202] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10202] truncate("./file2", 0) = 0 [pid 10202] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10202] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10202] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10202, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- umount2("./4645", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4645", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4645/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4645/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4645/binderfs") = 0 umount2("./4645/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4645/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4645/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4645/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4645/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4645/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4645") = 0 mkdir("./4646", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10206 ./strace-static-x86_64: Process 10206 attached [pid 10206] set_robust_list(0x55558abad660, 24) = 0 executing program [pid 10206] chdir("./4646") = 0 [pid 10206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10206] setpgid(0, 0) = 0 [pid 10206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10206] write(3, "1000", 4) = 4 [pid 10206] close(3) = 0 [pid 10206] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10206] write(1, "executing program\n", 18) = 18 [pid 10206] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10206] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10206] memfd_create("syzkaller", 0) = 3 [pid 10206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10206] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10206] munmap(0x7ff698483000, 138412032) = 0 [pid 10206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 575.182314][T10202] loop0: detected capacity change from 0 to 512 [ 575.189735][T10202] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 575.200533][T10202] EXT4-fs (loop0): 1 truncate cleaned up [ 575.207921][T10202] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10206] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10206] close(3) = 0 [pid 10206] close(4) = 0 [pid 10206] mkdir("./file0", 0777) = 0 [pid 10206] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10206] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10206] chdir("./file0") = 0 [pid 10206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10206] ioctl(4, LOOP_CLR_FD) = 0 [pid 10206] close(4) = 0 [pid 10206] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10206] truncate("./file2", 0) = 0 [pid 10206] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10206] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10206] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10206, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4646", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4646", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4646/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4646/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4646/binderfs") = 0 umount2("./4646/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4646/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4646/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4646/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4646/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4646/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4646") = 0 mkdir("./4647", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10208 ./strace-static-x86_64: Process 10208 attached [pid 10208] set_robust_list(0x55558abad660, 24) = 0 [pid 10208] chdir("./4647") = 0 [pid 10208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10208] setpgid(0, 0) = 0 [pid 10208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10208] write(3, "1000", 4) = 4 [pid 10208] close(3) = 0 [pid 10208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10208] write(1, "executing program\n", 18) = 18 executing program [pid 10208] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10208] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10208] memfd_create("syzkaller", 0) = 3 [pid 10208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10208] munmap(0x7ff698483000, 138412032) = 0 [pid 10208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 575.240898][T10206] loop0: detected capacity change from 0 to 512 [ 575.248419][T10206] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 575.259279][T10206] EXT4-fs (loop0): 1 truncate cleaned up [ 575.266442][T10206] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10208] close(3) = 0 [pid 10208] close(4) = 0 [pid 10208] mkdir("./file0", 0777) = 0 [pid 10208] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10208] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10208] chdir("./file0") = 0 [pid 10208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10208] ioctl(4, LOOP_CLR_FD) = 0 [pid 10208] close(4) = 0 [pid 10208] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10208] truncate("./file2", 0) = 0 [pid 10208] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10208] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10208] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10208, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4647", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4647", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4647/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4647/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4647/binderfs") = 0 umount2("./4647/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4647/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4647/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4647/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4647/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4647/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4647") = 0 mkdir("./4648", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10210 ./strace-static-x86_64: Process 10210 attached [pid 10210] set_robust_list(0x55558abad660, 24) = 0 [pid 10210] chdir("./4648") = 0 [pid 10210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10210] setpgid(0, 0) = 0 [pid 10210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10210] write(3, "1000", 4) = 4 [pid 10210] close(3) = 0 [pid 10210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10210] write(1, "executing program\n", 18executing program ) = 18 [pid 10210] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10210] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10210] memfd_create("syzkaller", 0) = 3 [pid 10210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10210] munmap(0x7ff698483000, 138412032) = 0 [pid 10210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 575.302714][T10208] loop0: detected capacity change from 0 to 512 [ 575.310313][T10208] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 575.321161][T10208] EXT4-fs (loop0): 1 truncate cleaned up [ 575.328039][T10208] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10210] close(3) = 0 [pid 10210] close(4) = 0 [pid 10210] mkdir("./file0", 0777) = 0 [pid 10210] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10210] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10210] chdir("./file0") = 0 [pid 10210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10210] ioctl(4, LOOP_CLR_FD) = 0 [pid 10210] close(4) = 0 [pid 10210] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10210] truncate("./file2", 0) = 0 [pid 10210] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10210] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10210] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10210, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4648", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4648", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4648/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4648/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4648/binderfs") = 0 umount2("./4648/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4648/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4648/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4648/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4648/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4648/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4648") = 0 mkdir("./4649", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10213 ./strace-static-x86_64: Process 10213 attached [pid 10213] set_robust_list(0x55558abad660, 24) = 0 [pid 10213] chdir("./4649") = 0 [pid 10213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10213] setpgid(0, 0) = 0 [pid 10213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10213] write(3, "1000", 4) = 4 [pid 10213] close(3) = 0 [pid 10213] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10213] write(1, "executing program\n", 18executing program ) = 18 [pid 10213] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10213] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10213] memfd_create("syzkaller", 0) = 3 [pid 10213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10213] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10213] munmap(0x7ff698483000, 138412032) = 0 [pid 10213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 575.363300][T10210] loop0: detected capacity change from 0 to 512 [ 575.370761][T10210] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 575.381618][T10210] EXT4-fs (loop0): 1 truncate cleaned up [ 575.388224][T10210] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10213] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10213] close(3) = 0 [pid 10213] close(4) = 0 [pid 10213] mkdir("./file0", 0777) = 0 [pid 10213] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10213] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10213] chdir("./file0") = 0 [pid 10213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10213] ioctl(4, LOOP_CLR_FD) = 0 [pid 10213] close(4) = 0 [pid 10213] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10213] truncate("./file2", 0) = 0 [pid 10213] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10213] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10213] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10213, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4649", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4649", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4649/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4649/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4649/binderfs") = 0 umount2("./4649/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4649/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4649/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4649/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4649/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4649/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4649") = 0 mkdir("./4650", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10215 ./strace-static-x86_64: Process 10215 attached [pid 10215] set_robust_list(0x55558abad660, 24) = 0 [pid 10215] chdir("./4650") = 0 [pid 10215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10215] setpgid(0, 0) = 0 [pid 10215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10215] write(3, "1000", 4) = 4 [pid 10215] close(3) = 0 [pid 10215] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10215] write(1, "executing program\n", 18) = 18 [pid 10215] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10215] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10215] memfd_create("syzkaller", 0) = 3 [pid 10215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10215] munmap(0x7ff698483000, 138412032) = 0 [pid 10215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 575.418369][T10213] loop0: detected capacity change from 0 to 512 [ 575.425852][T10213] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 575.436961][T10213] EXT4-fs (loop0): 1 truncate cleaned up [ 575.444221][T10213] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10215] close(3) = 0 [pid 10215] close(4) = 0 [pid 10215] mkdir("./file0", 0777) = 0 [pid 10215] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10215] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10215] chdir("./file0") = 0 [pid 10215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10215] ioctl(4, LOOP_CLR_FD) = 0 [pid 10215] close(4) = 0 [pid 10215] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10215] truncate("./file2", 0) = 0 [pid 10215] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10215] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10215] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10215, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4650", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4650", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4650/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4650/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4650/binderfs") = 0 umount2("./4650/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4650/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4650/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4650/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4650/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4650/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4650") = 0 mkdir("./4651", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10217 ./strace-static-x86_64: Process 10217 attached [pid 10217] set_robust_list(0x55558abad660, 24) = 0 [pid 10217] chdir("./4651") = 0 [pid 10217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10217] setpgid(0, 0) = 0 [pid 10217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10217] write(3, "1000", 4) = 4 [pid 10217] close(3) = 0 [pid 10217] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10217] write(1, "executing program\n", 18) = 18 [pid 10217] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10217] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10217] memfd_create("syzkaller", 0) = 3 [pid 10217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10217] munmap(0x7ff698483000, 138412032) = 0 [pid 10217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 575.481714][T10215] loop0: detected capacity change from 0 to 512 [ 575.489062][T10215] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 575.500039][T10215] EXT4-fs (loop0): 1 truncate cleaned up [ 575.507608][T10215] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10217] close(3) = 0 [pid 10217] close(4) = 0 [pid 10217] mkdir("./file0", 0777) = 0 [pid 10217] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10217] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10217] chdir("./file0") = 0 [pid 10217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10217] ioctl(4, LOOP_CLR_FD) = 0 [pid 10217] close(4) = 0 [pid 10217] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10217] truncate("./file2", 0) = 0 [pid 10217] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10217] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10217] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10217, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4651", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4651", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4651/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4651/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4651/binderfs") = 0 umount2("./4651/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4651/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4651/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4651/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4651/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4651/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4651") = 0 mkdir("./4652", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10219 ./strace-static-x86_64: Process 10219 attached [pid 10219] set_robust_list(0x55558abad660, 24) = 0 [pid 10219] chdir("./4652") = 0 [pid 10219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10219] setpgid(0, 0) = 0 [pid 10219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10219] write(3, "1000", 4) = 4 [pid 10219] close(3) = 0 [pid 10219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10219] write(1, "executing program\n", 18executing program ) = 18 [pid 10219] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10219] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10219] memfd_create("syzkaller", 0) = 3 [pid 10219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10219] munmap(0x7ff698483000, 138412032) = 0 [pid 10219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 575.543556][T10217] loop0: detected capacity change from 0 to 512 [ 575.550915][T10217] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 575.561774][T10217] EXT4-fs (loop0): 1 truncate cleaned up [ 575.568449][T10217] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10219] close(3) = 0 [pid 10219] close(4) = 0 [pid 10219] mkdir("./file0", 0777) = 0 [pid 10219] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10219] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10219] chdir("./file0") = 0 [pid 10219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10219] ioctl(4, LOOP_CLR_FD) = 0 [pid 10219] close(4) = 0 [pid 10219] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10219] truncate("./file2", 0) = 0 [pid 10219] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10219] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10219] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10219, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4652", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4652", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4652/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4652/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4652/binderfs") = 0 umount2("./4652/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4652/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4652/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4652/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4652/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4652/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4652") = 0 mkdir("./4653", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10221 ./strace-static-x86_64: Process 10221 attached [pid 10221] set_robust_list(0x55558abad660, 24) = 0 [pid 10221] chdir("./4653") = 0 [pid 10221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10221] setpgid(0, 0) = 0 [pid 10221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10221] write(3, "1000", 4) = 4 [pid 10221] close(3) = 0 [pid 10221] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10221] write(1, "executing program\n", 18) = 18 [pid 10221] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10221] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10221] memfd_create("syzkaller", 0) = 3 [pid 10221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10221] munmap(0x7ff698483000, 138412032) = 0 [pid 10221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 575.600565][T10219] loop0: detected capacity change from 0 to 512 [ 575.608653][T10219] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 575.619522][T10219] EXT4-fs (loop0): 1 truncate cleaned up [ 575.627320][T10219] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10221] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10221] close(3) = 0 [pid 10221] close(4) = 0 [pid 10221] mkdir("./file0", 0777) = 0 [pid 10221] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10221] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10221] chdir("./file0") = 0 [pid 10221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10221] ioctl(4, LOOP_CLR_FD) = 0 [pid 10221] close(4) = 0 [pid 10221] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10221] truncate("./file2", 0) = 0 [pid 10221] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10221] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10221] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10221, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4653", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4653", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4653/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4653/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4653/binderfs") = 0 umount2("./4653/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4653/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4653/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4653/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4653/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4653/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4653") = 0 mkdir("./4654", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10223 ./strace-static-x86_64: Process 10223 attached [pid 10223] set_robust_list(0x55558abad660, 24) = 0 [pid 10223] chdir("./4654") = 0 [pid 10223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10223] setpgid(0, 0) = 0 [pid 10223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10223] write(3, "1000", 4) = 4 [pid 10223] close(3) = 0 [pid 10223] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10223] write(1, "executing program\n", 18) = 18 [pid 10223] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10223] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10223] memfd_create("syzkaller", 0) = 3 [pid 10223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10223] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10223] munmap(0x7ff698483000, 138412032) = 0 [pid 10223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 575.653738][T10221] loop0: detected capacity change from 0 to 512 [ 575.661322][T10221] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 575.672226][T10221] EXT4-fs (loop0): 1 truncate cleaned up [ 575.679260][T10221] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10223] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10223] close(3) = 0 [pid 10223] close(4) = 0 [pid 10223] mkdir("./file0", 0777) = 0 [pid 10223] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10223] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10223] chdir("./file0") = 0 [pid 10223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10223] ioctl(4, LOOP_CLR_FD) = 0 [pid 10223] close(4) = 0 [pid 10223] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10223] truncate("./file2", 0) = 0 [pid 10223] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10223] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10223] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10223, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4654", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4654", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4654/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4654/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4654/binderfs") = 0 umount2("./4654/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4654/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4654/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4654/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4654/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4654/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4654") = 0 mkdir("./4655", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10225 ./strace-static-x86_64: Process 10225 attached [pid 10225] set_robust_list(0x55558abad660, 24) = 0 [pid 10225] chdir("./4655") = 0 [pid 10225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10225] setpgid(0, 0) = 0 [pid 10225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10225] write(3, "1000", 4) = 4 [pid 10225] close(3) = 0 [pid 10225] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10225] write(1, "executing program\n", 18) = 18 [pid 10225] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10225] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10225] memfd_create("syzkaller", 0) = 3 [pid 10225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10225] munmap(0x7ff698483000, 138412032) = 0 [pid 10225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 575.716730][T10223] loop0: detected capacity change from 0 to 512 [ 575.724142][T10223] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 575.734891][T10223] EXT4-fs (loop0): 1 truncate cleaned up [ 575.741920][T10223] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10225] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10225] close(3) = 0 [pid 10225] close(4) = 0 [pid 10225] mkdir("./file0", 0777) = 0 [pid 10225] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10225] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10225] chdir("./file0") = 0 [pid 10225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10225] ioctl(4, LOOP_CLR_FD) = 0 [pid 10225] close(4) = 0 [pid 10225] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10225] truncate("./file2", 0) = 0 [pid 10225] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10225] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10225] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10225, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4655", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4655", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4655/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4655/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4655/binderfs") = 0 umount2("./4655/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4655/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4655/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4655/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4655/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4655/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4655") = 0 mkdir("./4656", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10227 ./strace-static-x86_64: Process 10227 attached [pid 10227] set_robust_list(0x55558abad660, 24) = 0 [pid 10227] chdir("./4656") = 0 [pid 10227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10227] setpgid(0, 0) = 0 [pid 10227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10227] write(3, "1000", 4) = 4 [pid 10227] close(3) = 0 [pid 10227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10227] write(1, "executing program\n", 18) = 18 [pid 10227] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10227] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10227] memfd_create("syzkaller", 0) = 3 [pid 10227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10227] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10227] munmap(0x7ff698483000, 138412032) = 0 [pid 10227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 575.778895][T10225] loop0: detected capacity change from 0 to 512 [ 575.786337][T10225] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 575.797269][T10225] EXT4-fs (loop0): 1 truncate cleaned up [ 575.804165][T10225] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10227] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10227] close(3) = 0 [pid 10227] close(4) = 0 [pid 10227] mkdir("./file0", 0777) = 0 [pid 10227] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10227] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10227] chdir("./file0") = 0 [pid 10227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10227] ioctl(4, LOOP_CLR_FD) = 0 [pid 10227] close(4) = 0 [pid 10227] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10227] truncate("./file2", 0) = 0 [pid 10227] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10227] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10227] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10227, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4656", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4656", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4656/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4656/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4656/binderfs") = 0 umount2("./4656/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4656/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4656/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4656/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4656/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4656/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4656") = 0 mkdir("./4657", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10229 ./strace-static-x86_64: Process 10229 attached [pid 10229] set_robust_list(0x55558abad660, 24) = 0 [pid 10229] chdir("./4657") = 0 [pid 10229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10229] setpgid(0, 0) = 0 [pid 10229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10229] write(3, "1000", 4) = 4 [pid 10229] close(3) = 0 [pid 10229] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10229] write(1, "executing program\n", 18) = 18 [pid 10229] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10229] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10229] memfd_create("syzkaller", 0) = 3 [pid 10229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10229] munmap(0x7ff698483000, 138412032) = 0 [pid 10229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 575.841444][T10227] loop0: detected capacity change from 0 to 512 [ 575.848735][T10227] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 575.859441][T10227] EXT4-fs (loop0): 1 truncate cleaned up [ 575.866377][T10227] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10229] close(3) = 0 [pid 10229] close(4) = 0 [pid 10229] mkdir("./file0", 0777) = 0 [pid 10229] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10229] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10229] chdir("./file0") = 0 [pid 10229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10229] ioctl(4, LOOP_CLR_FD) = 0 [pid 10229] close(4) = 0 [pid 10229] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10229] truncate("./file2", 0) = 0 [pid 10229] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10229] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10229] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10229, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4657", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4657", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4657/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4657/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4657/binderfs") = 0 umount2("./4657/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4657/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4657/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4657/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4657/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4657/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4657") = 0 mkdir("./4658", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10231 ./strace-static-x86_64: Process 10231 attached [pid 10231] set_robust_list(0x55558abad660, 24) = 0 [pid 10231] chdir("./4658") = 0 [pid 10231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10231] setpgid(0, 0) = 0 [pid 10231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10231] write(3, "1000", 4) = 4 [pid 10231] close(3) = 0 [pid 10231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10231] write(1, "executing program\n", 18) = 18 [pid 10231] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10231] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10231] memfd_create("syzkaller", 0) = 3 [pid 10231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10231] munmap(0x7ff698483000, 138412032) = 0 [pid 10231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 575.903390][T10229] loop0: detected capacity change from 0 to 512 [ 575.910744][T10229] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 575.921388][T10229] EXT4-fs (loop0): 1 truncate cleaned up [ 575.928428][T10229] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10231] close(3) = 0 [pid 10231] close(4) = 0 [pid 10231] mkdir("./file0", 0777) = 0 [pid 10231] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10231] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10231] chdir("./file0") = 0 [pid 10231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10231] ioctl(4, LOOP_CLR_FD) = 0 [pid 10231] close(4) = 0 [pid 10231] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10231] truncate("./file2", 0) = 0 [pid 10231] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10231] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10231] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10231, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4658", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4658", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4658/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4658/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4658/binderfs") = 0 umount2("./4658/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4658/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4658/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4658/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4658/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4658/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4658") = 0 mkdir("./4659", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10233 ./strace-static-x86_64: Process 10233 attached [pid 10233] set_robust_list(0x55558abad660, 24) = 0 [pid 10233] chdir("./4659") = 0 [pid 10233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10233] setpgid(0, 0) = 0 [pid 10233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10233] write(3, "1000", 4) = 4 [pid 10233] close(3) = 0 [pid 10233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10233] write(1, "executing program\n", 18) = 18 [pid 10233] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10233] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10233] memfd_create("syzkaller", 0) = 3 [pid 10233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10233] munmap(0x7ff698483000, 138412032) = 0 [pid 10233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 575.967564][T10231] loop0: detected capacity change from 0 to 512 [ 575.974982][T10231] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 575.985725][T10231] EXT4-fs (loop0): 1 truncate cleaned up [ 575.992427][T10231] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10233] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10233] close(3) = 0 [pid 10233] close(4) = 0 [pid 10233] mkdir("./file0", 0777) = 0 [pid 10233] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10233] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10233] chdir("./file0") = 0 [pid 10233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10233] ioctl(4, LOOP_CLR_FD) = 0 [pid 10233] close(4) = 0 [pid 10233] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10233] truncate("./file2", 0) = 0 [pid 10233] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10233] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10233] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10233, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4659", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4659", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4659/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4659/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4659/binderfs") = 0 umount2("./4659/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4659/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4659/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4659/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4659/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4659/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4659") = 0 mkdir("./4660", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10235 ./strace-static-x86_64: Process 10235 attached [pid 10235] set_robust_list(0x55558abad660, 24) = 0 [pid 10235] chdir("./4660") = 0 [pid 10235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10235] setpgid(0, 0) = 0 [pid 10235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10235] write(3, "1000", 4) = 4 [pid 10235] close(3) = 0 [pid 10235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10235] write(1, "executing program\n", 18) = 18 [pid 10235] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10235] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10235] memfd_create("syzkaller", 0) = 3 [pid 10235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10235] munmap(0x7ff698483000, 138412032) = 0 [pid 10235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 576.029532][T10233] loop0: detected capacity change from 0 to 512 [ 576.037078][T10233] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 576.048797][T10233] EXT4-fs (loop0): 1 truncate cleaned up [ 576.055763][T10233] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10235] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10235] close(3) = 0 [pid 10235] close(4) = 0 [pid 10235] mkdir("./file0", 0777) = 0 [pid 10235] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10235] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10235] chdir("./file0") = 0 [pid 10235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10235] ioctl(4, LOOP_CLR_FD) = 0 [pid 10235] close(4) = 0 [pid 10235] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10235] truncate("./file2", 0) = 0 [pid 10235] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10235] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10235] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10235, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- umount2("./4660", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4660", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4660/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4660/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4660/binderfs") = 0 umount2("./4660/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4660/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4660/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4660/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4660/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4660/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4660") = 0 mkdir("./4661", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10237 ./strace-static-x86_64: Process 10237 attached [pid 10237] set_robust_list(0x55558abad660, 24) = 0 [pid 10237] chdir("./4661") = 0 [pid 10237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10237] setpgid(0, 0) = 0 [pid 10237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10237] write(3, "1000", 4) = 4 [pid 10237] close(3) = 0 [pid 10237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10237] write(1, "executing program\n", 18executing program ) = 18 [pid 10237] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10237] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10237] memfd_create("syzkaller", 0) = 3 [pid 10237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10237] munmap(0x7ff698483000, 138412032) = 0 [pid 10237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 576.094962][T10235] loop0: detected capacity change from 0 to 512 [ 576.102661][T10235] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 576.113289][T10235] EXT4-fs (loop0): 1 truncate cleaned up [ 576.120567][T10235] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10237] close(3) = 0 [pid 10237] close(4) = 0 [pid 10237] mkdir("./file0", 0777) = 0 [pid 10237] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10237] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10237] chdir("./file0") = 0 [pid 10237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10237] ioctl(4, LOOP_CLR_FD) = 0 [pid 10237] close(4) = 0 [pid 10237] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10237] truncate("./file2", 0) = 0 [pid 10237] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10237] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10237] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10237, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4661", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4661", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4661/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4661/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4661/binderfs") = 0 umount2("./4661/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4661/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4661/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4661/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4661/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4661/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4661") = 0 mkdir("./4662", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10239 ./strace-static-x86_64: Process 10239 attached [pid 10239] set_robust_list(0x55558abad660, 24) = 0 [pid 10239] chdir("./4662") = 0 [pid 10239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10239] setpgid(0, 0) = 0 [pid 10239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10239] write(3, "1000", 4) = 4 [pid 10239] close(3) = 0 [pid 10239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10239] write(1, "executing program\n", 18executing program ) = 18 [pid 10239] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10239] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10239] memfd_create("syzkaller", 0) = 3 [pid 10239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10239] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10239] munmap(0x7ff698483000, 138412032) = 0 [pid 10239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 576.151221][T10237] loop0: detected capacity change from 0 to 512 [ 576.159046][T10237] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 576.169662][T10237] EXT4-fs (loop0): 1 truncate cleaned up [ 576.176663][T10237] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10239] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10239] close(3) = 0 [pid 10239] close(4) = 0 [pid 10239] mkdir("./file0", 0777) = 0 [pid 10239] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10239] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10239] chdir("./file0") = 0 [pid 10239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10239] ioctl(4, LOOP_CLR_FD) = 0 [pid 10239] close(4) = 0 [pid 10239] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10239] truncate("./file2", 0) = 0 [pid 10239] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10239] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10239] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10239, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4662", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4662", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4662/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4662/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4662/binderfs") = 0 umount2("./4662/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4662/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4662/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4662/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4662/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4662/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4662") = 0 mkdir("./4663", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10242 ./strace-static-x86_64: Process 10242 attached [pid 10242] set_robust_list(0x55558abad660, 24) = 0 [pid 10242] chdir("./4663") = 0 [pid 10242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10242] setpgid(0, 0) = 0 [pid 10242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 10242] write(3, "1000", 4) = 4 [pid 10242] close(3) = 0 [pid 10242] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10242] write(1, "executing program\n", 18) = 18 [pid 10242] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10242] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10242] memfd_create("syzkaller", 0) = 3 [pid 10242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10242] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10242] munmap(0x7ff698483000, 138412032) = 0 [pid 10242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 576.216179][T10239] loop0: detected capacity change from 0 to 512 [ 576.223534][T10239] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 576.234140][T10239] EXT4-fs (loop0): 1 truncate cleaned up [ 576.240960][T10239] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10242] close(3) = 0 [pid 10242] close(4) = 0 [pid 10242] mkdir("./file0", 0777) = 0 [pid 10242] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10242] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10242] chdir("./file0") = 0 [pid 10242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10242] ioctl(4, LOOP_CLR_FD) = 0 [pid 10242] close(4) = 0 [pid 10242] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10242] truncate("./file2", 0) = 0 [pid 10242] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10242] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10242] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10242, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4663", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4663", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4663/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4663/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4663/binderfs") = 0 umount2("./4663/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4663/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4663/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4663/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4663/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4663/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4663") = 0 mkdir("./4664", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10244 ./strace-static-x86_64: Process 10244 attached [pid 10244] set_robust_list(0x55558abad660, 24) = 0 [pid 10244] chdir("./4664") = 0 [pid 10244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10244] setpgid(0, 0) = 0 [pid 10244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10244] write(3, "1000", 4) = 4 [pid 10244] close(3) = 0 [pid 10244] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10244] write(1, "executing program\n", 18executing program ) = 18 [pid 10244] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10244] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10244] memfd_create("syzkaller", 0) = 3 [pid 10244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 576.278656][T10242] loop0: detected capacity change from 0 to 512 [ 576.286057][T10242] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 576.297050][T10242] EXT4-fs (loop0): 1 truncate cleaned up [ 576.304357][T10242] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10244] munmap(0x7ff698483000, 138412032) = 0 [pid 10244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10244] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10244] close(3) = 0 [pid 10244] close(4) = 0 [pid 10244] mkdir("./file0", 0777) = 0 [pid 10244] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10244] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10244] chdir("./file0") = 0 [pid 10244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10244] ioctl(4, LOOP_CLR_FD) = 0 [pid 10244] close(4) = 0 [pid 10244] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10244] truncate("./file2", 0) = 0 [pid 10244] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10244] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10244] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10244, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4664", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4664", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4664/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4664/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4664/binderfs") = 0 umount2("./4664/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4664/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4664/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4664/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4664/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4664/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4664") = 0 mkdir("./4665", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10246 ./strace-static-x86_64: Process 10246 attached [pid 10246] set_robust_list(0x55558abad660, 24) = 0 [pid 10246] chdir("./4665") = 0 [pid 10246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10246] setpgid(0, 0) = 0 [pid 10246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10246] write(3, "1000", 4) = 4 [pid 10246] close(3) = 0 [pid 10246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10246] write(1, "executing program\n", 18) = 18 [pid 10246] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10246] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10246] memfd_create("syzkaller", 0) = 3 [pid 10246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10246] munmap(0x7ff698483000, 138412032) = 0 [pid 10246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 576.345340][T10244] loop0: detected capacity change from 0 to 512 [ 576.353175][T10244] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 576.364128][T10244] EXT4-fs (loop0): 1 truncate cleaned up [ 576.370913][T10244] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10246] close(3) = 0 [pid 10246] close(4) = 0 [pid 10246] mkdir("./file0", 0777) = 0 [pid 10246] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10246] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10246] chdir("./file0") = 0 [pid 10246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10246] ioctl(4, LOOP_CLR_FD) = 0 [pid 10246] close(4) = 0 [pid 10246] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10246] truncate("./file2", 0) = 0 [pid 10246] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10246] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10246] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10246, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4665", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4665", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4665/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4665/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4665/binderfs") = 0 umount2("./4665/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4665/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4665/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4665/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4665/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4665/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4665") = 0 mkdir("./4666", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10248 ./strace-static-x86_64: Process 10248 attached [pid 10248] set_robust_list(0x55558abad660, 24) = 0 [pid 10248] chdir("./4666") = 0 [pid 10248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10248] setpgid(0, 0) = 0 [pid 10248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10248] write(3, "1000", 4) = 4 [pid 10248] close(3) = 0 [pid 10248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10248] write(1, "executing program\n", 18executing program ) = 18 [pid 10248] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10248] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10248] memfd_create("syzkaller", 0) = 3 [pid 10248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10248] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10248] munmap(0x7ff698483000, 138412032) = 0 [pid 10248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 576.399089][T10246] loop0: detected capacity change from 0 to 512 [ 576.406581][T10246] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 576.417459][T10246] EXT4-fs (loop0): 1 truncate cleaned up [ 576.424382][T10246] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10248] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10248] close(3) = 0 [pid 10248] close(4) = 0 [pid 10248] mkdir("./file0", 0777) = 0 [pid 10248] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10248] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10248] chdir("./file0") = 0 [pid 10248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10248] ioctl(4, LOOP_CLR_FD) = 0 [pid 10248] close(4) = 0 [pid 10248] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10248] truncate("./file2", 0) = 0 [pid 10248] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10248] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10248] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10248, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4666", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4666", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4666/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4666/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4666/binderfs") = 0 umount2("./4666/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4666/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4666/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4666/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4666/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4666/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4666") = 0 mkdir("./4667", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10250 ./strace-static-x86_64: Process 10250 attached [pid 10250] set_robust_list(0x55558abad660, 24) = 0 [pid 10250] chdir("./4667") = 0 [pid 10250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10250] setpgid(0, 0) = 0 [pid 10250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10250] write(3, "1000", 4) = 4 [pid 10250] close(3) = 0 [pid 10250] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10250] write(1, "executing program\n", 18) = 18 [pid 10250] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10250] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10250] memfd_create("syzkaller", 0) = 3 [pid 10250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10250] munmap(0x7ff698483000, 138412032) = 0 [pid 10250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 576.465417][T10248] loop0: detected capacity change from 0 to 512 [ 576.473055][T10248] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 576.483880][T10248] EXT4-fs (loop0): 1 truncate cleaned up [ 576.491359][T10248] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10250] close(3) = 0 [pid 10250] close(4) = 0 [pid 10250] mkdir("./file0", 0777) = 0 [pid 10250] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10250] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10250] chdir("./file0") = 0 [pid 10250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10250] ioctl(4, LOOP_CLR_FD) = 0 [pid 10250] close(4) = 0 [pid 10250] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10250] truncate("./file2", 0) = 0 [pid 10250] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10250] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10250] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10250, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4667", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4667", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4667/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4667/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4667/binderfs") = 0 umount2("./4667/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4667/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4667/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4667/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4667/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4667/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4667") = 0 mkdir("./4668", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10252 ./strace-static-x86_64: Process 10252 attached [pid 10252] set_robust_list(0x55558abad660, 24) = 0 [pid 10252] chdir("./4668") = 0 [pid 10252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10252] setpgid(0, 0) = 0 executing program [pid 10252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10252] write(3, "1000", 4) = 4 [pid 10252] close(3) = 0 [pid 10252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10252] write(1, "executing program\n", 18) = 18 [pid 10252] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10252] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10252] memfd_create("syzkaller", 0) = 3 [pid 10252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10252] munmap(0x7ff698483000, 138412032) = 0 [pid 10252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 576.530892][T10250] loop0: detected capacity change from 0 to 512 [ 576.538637][T10250] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 576.549491][T10250] EXT4-fs (loop0): 1 truncate cleaned up [ 576.556862][T10250] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10252] close(3) = 0 [pid 10252] close(4) = 0 [pid 10252] mkdir("./file0", 0777) = 0 [pid 10252] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10252] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10252] chdir("./file0") = 0 [pid 10252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10252] ioctl(4, LOOP_CLR_FD) = 0 [pid 10252] close(4) = 0 [pid 10252] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10252] truncate("./file2", 0) = 0 [pid 10252] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10252] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10252] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10252, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4668", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4668", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4668/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4668/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4668/binderfs") = 0 umount2("./4668/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4668/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4668/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4668/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4668/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4668/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4668") = 0 mkdir("./4669", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10254 ./strace-static-x86_64: Process 10254 attached [pid 10254] set_robust_list(0x55558abad660, 24) = 0 [pid 10254] chdir("./4669") = 0 [pid 10254] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 10254] setpgid(0, 0) = 0 [pid 10254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10254] write(3, "1000", 4) = 4 [pid 10254] close(3) = 0 [pid 10254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10254] write(1, "executing program\n", 18) = 18 [pid 10254] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10254] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10254] memfd_create("syzkaller", 0) = 3 [pid 10254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10254] munmap(0x7ff698483000, 138412032) = 0 [pid 10254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 576.594323][T10252] loop0: detected capacity change from 0 to 512 [ 576.601941][T10252] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 576.612936][T10252] EXT4-fs (loop0): 1 truncate cleaned up [ 576.620668][T10252] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10254] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10254] close(3) = 0 [pid 10254] close(4) = 0 [pid 10254] mkdir("./file0", 0777) = 0 [pid 10254] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10254] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10254] chdir("./file0") = 0 [pid 10254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10254] ioctl(4, LOOP_CLR_FD) = 0 [pid 10254] close(4) = 0 [pid 10254] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10254] truncate("./file2", 0) = 0 [pid 10254] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10254] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10254] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10254, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4669", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4669", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4669/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4669/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4669/binderfs") = 0 umount2("./4669/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4669/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4669/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4669/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4669/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4669/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4669") = 0 mkdir("./4670", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10256 ./strace-static-x86_64: Process 10256 attached [pid 10256] set_robust_list(0x55558abad660, 24) = 0 [pid 10256] chdir("./4670") = 0 [pid 10256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10256] setpgid(0, 0) = 0 [pid 10256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10256] write(3, "1000", 4) = 4 [pid 10256] close(3) = 0 [pid 10256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10256] write(1, "executing program\n", 18) = 18 [pid 10256] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10256] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10256] memfd_create("syzkaller", 0) = 3 [pid 10256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10256] munmap(0x7ff698483000, 138412032) = 0 [pid 10256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 576.661999][T10254] loop0: detected capacity change from 0 to 512 [ 576.669408][T10254] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 576.680036][T10254] EXT4-fs (loop0): 1 truncate cleaned up [ 576.687642][T10254] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10256] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10256] close(3) = 0 [pid 10256] close(4) = 0 [pid 10256] mkdir("./file0", 0777) = 0 [pid 10256] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10256] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10256] chdir("./file0") = 0 [pid 10256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10256] ioctl(4, LOOP_CLR_FD) = 0 [pid 10256] close(4) = 0 [pid 10256] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10256] truncate("./file2", 0) = 0 [pid 10256] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10256] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10256] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10256, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4670", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4670", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4670/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4670/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4670/binderfs") = 0 umount2("./4670/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4670/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4670/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4670/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4670/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4670/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4670") = 0 mkdir("./4671", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 10258 attached , child_tidptr=0x55558abad650) = 10258 [pid 10258] set_robust_list(0x55558abad660, 24) = 0 [pid 10258] chdir("./4671") = 0 [pid 10258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10258] setpgid(0, 0) = 0 [pid 10258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10258] write(3, "1000", 4) = 4 [pid 10258] close(3) = 0 [pid 10258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10258] write(1, "executing program\n", 18) = 18 [pid 10258] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10258] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10258] memfd_create("syzkaller", 0) = 3 [pid 10258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10258] munmap(0x7ff698483000, 138412032) = 0 [pid 10258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 576.718713][T10256] loop0: detected capacity change from 0 to 512 [ 576.726077][T10256] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 576.736923][T10256] EXT4-fs (loop0): 1 truncate cleaned up [ 576.743696][T10256] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10258] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10258] close(3) = 0 [pid 10258] close(4) = 0 [pid 10258] mkdir("./file0", 0777) = 0 [pid 10258] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10258] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10258] chdir("./file0") = 0 [pid 10258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10258] ioctl(4, LOOP_CLR_FD) = 0 [pid 10258] close(4) = 0 [pid 10258] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10258] truncate("./file2", 0) = 0 [pid 10258] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10258] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10258] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10258, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4671", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4671", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4671/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4671/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4671/binderfs") = 0 umount2("./4671/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4671/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4671/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4671/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4671/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4671/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4671") = 0 mkdir("./4672", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10260 ./strace-static-x86_64: Process 10260 attached [pid 10260] set_robust_list(0x55558abad660, 24) = 0 [pid 10260] chdir("./4672") = 0 [pid 10260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10260] setpgid(0, 0) = 0 [pid 10260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10260] write(3, "1000", 4) = 4 [pid 10260] close(3) = 0 [pid 10260] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10260] write(1, "executing program\n", 18) = 18 [pid 10260] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10260] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10260] memfd_create("syzkaller", 0) = 3 [pid 10260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10260] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10260] munmap(0x7ff698483000, 138412032) = 0 [pid 10260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 576.777241][T10258] loop0: detected capacity change from 0 to 512 [ 576.784488][T10258] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 576.795720][T10258] EXT4-fs (loop0): 1 truncate cleaned up [ 576.802415][T10258] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10260] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10260] close(3) = 0 [pid 10260] close(4) = 0 [pid 10260] mkdir("./file0", 0777) = 0 [pid 10260] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10260] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10260] chdir("./file0") = 0 [pid 10260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10260] ioctl(4, LOOP_CLR_FD) = 0 [pid 10260] close(4) = 0 [pid 10260] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10260] truncate("./file2", 0) = 0 [pid 10260] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10260] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10260] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10260, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4672", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4672", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4672/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4672/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4672/binderfs") = 0 umount2("./4672/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4672/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4672/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4672/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4672/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4672/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4672") = 0 mkdir("./4673", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10262 ./strace-static-x86_64: Process 10262 attached [pid 10262] set_robust_list(0x55558abad660, 24) = 0 [pid 10262] chdir("./4673") = 0 [pid 10262] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10262] setpgid(0, 0) = 0 [pid 10262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10262] write(3, "1000", 4) = 4 [pid 10262] close(3) = 0 [pid 10262] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10262] write(1, "executing program\n", 18) = 18 [pid 10262] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10262] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10262] memfd_create("syzkaller", 0) = 3 [pid 10262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10262] munmap(0x7ff698483000, 138412032) = 0 [pid 10262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 576.831563][T10260] loop0: detected capacity change from 0 to 512 [ 576.839349][T10260] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 576.850140][T10260] EXT4-fs (loop0): 1 truncate cleaned up [ 576.857339][T10260] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10262] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10262] close(3) = 0 [pid 10262] close(4) = 0 [pid 10262] mkdir("./file0", 0777) = 0 [pid 10262] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10262] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10262] chdir("./file0") = 0 [pid 10262] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10262] ioctl(4, LOOP_CLR_FD) = 0 [pid 10262] close(4) = 0 [pid 10262] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10262] truncate("./file2", 0) = 0 [pid 10262] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10262] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10262] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10262, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4673", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4673", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4673/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4673/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4673/binderfs") = 0 umount2("./4673/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4673/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4673/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4673/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4673/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4673/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4673") = 0 mkdir("./4674", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10264 ./strace-static-x86_64: Process 10264 attached [pid 10264] set_robust_list(0x55558abad660, 24) = 0 [pid 10264] chdir("./4674") = 0 [pid 10264] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10264] setpgid(0, 0) = 0 [pid 10264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10264] write(3, "1000", 4) = 4 [pid 10264] close(3) = 0 [pid 10264] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10264] write(1, "executing program\n", 18executing program ) = 18 [pid 10264] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10264] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10264] memfd_create("syzkaller", 0) = 3 [pid 10264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10264] munmap(0x7ff698483000, 138412032) = 0 [pid 10264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 576.897883][T10262] loop0: detected capacity change from 0 to 512 [ 576.905797][T10262] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 576.916724][T10262] EXT4-fs (loop0): 1 truncate cleaned up [ 576.924188][T10262] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10264] close(3) = 0 [pid 10264] close(4) = 0 [pid 10264] mkdir("./file0", 0777) = 0 [pid 10264] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10264] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10264] chdir("./file0") = 0 [pid 10264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10264] ioctl(4, LOOP_CLR_FD) = 0 [pid 10264] close(4) = 0 [pid 10264] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10264] truncate("./file2", 0) = 0 [pid 10264] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10264] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10264] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10264, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4674", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4674", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4674/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4674/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4674/binderfs") = 0 umount2("./4674/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4674/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4674/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4674/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4674/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4674/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4674") = 0 mkdir("./4675", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10266 ./strace-static-x86_64: Process 10266 attached [pid 10266] set_robust_list(0x55558abad660, 24) = 0 [pid 10266] chdir("./4675") = 0 [pid 10266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10266] setpgid(0, 0) = 0 [pid 10266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10266] write(3, "1000", 4) = 4 [pid 10266] close(3) = 0 [pid 10266] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10266] write(1, "executing program\n", 18) = 18 [pid 10266] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10266] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10266] memfd_create("syzkaller", 0) = 3 [pid 10266] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10266] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10266] munmap(0x7ff698483000, 138412032) = 0 [pid 10266] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 576.961538][T10264] loop0: detected capacity change from 0 to 512 [ 576.969058][T10264] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 576.979705][T10264] EXT4-fs (loop0): 1 truncate cleaned up [ 576.986564][T10264] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10266] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10266] close(3) = 0 [pid 10266] close(4) = 0 [pid 10266] mkdir("./file0", 0777) = 0 [pid 10266] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10266] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10266] chdir("./file0") = 0 [pid 10266] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10266] ioctl(4, LOOP_CLR_FD) = 0 [pid 10266] close(4) = 0 [pid 10266] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10266] truncate("./file2", 0) = 0 [pid 10266] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10266] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10266] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10266, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4675", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4675", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4675/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4675/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4675/binderfs") = 0 umount2("./4675/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4675/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4675/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4675/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4675/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4675/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4675") = 0 mkdir("./4676", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10268 ./strace-static-x86_64: Process 10268 attached [pid 10268] set_robust_list(0x55558abad660, 24) = 0 [pid 10268] chdir("./4676") = 0 [pid 10268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10268] setpgid(0, 0) = 0 [pid 10268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10268] write(3, "1000", 4) = 4 [pid 10268] close(3) = 0 [pid 10268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10268] write(1, "executing program\n", 18executing program ) = 18 [pid 10268] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10268] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10268] memfd_create("syzkaller", 0) = 3 [pid 10268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10268] munmap(0x7ff698483000, 138412032) = 0 [pid 10268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 577.014616][T10266] loop0: detected capacity change from 0 to 512 [ 577.022702][T10266] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 577.033424][T10266] EXT4-fs (loop0): 1 truncate cleaned up [ 577.040248][T10266] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10268] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10268] close(3) = 0 [pid 10268] close(4) = 0 [pid 10268] mkdir("./file0", 0777) = 0 [pid 10268] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10268] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10268] chdir("./file0") = 0 [pid 10268] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10268] ioctl(4, LOOP_CLR_FD) = 0 [pid 10268] close(4) = 0 [pid 10268] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10268] truncate("./file2", 0) = 0 [pid 10268] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10268] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10268] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10268, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4676", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4676", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4676/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4676/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4676/binderfs") = 0 umount2("./4676/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4676/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4676/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4676/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4676/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4676/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4676") = 0 mkdir("./4677", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10270 ./strace-static-x86_64: Process 10270 attached [pid 10270] set_robust_list(0x55558abad660, 24) = 0 [pid 10270] chdir("./4677") = 0 [pid 10270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10270] setpgid(0, 0) = 0 [pid 10270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10270] write(3, "1000", 4) = 4 [pid 10270] close(3) = 0 [pid 10270] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10270] write(1, "executing program\n", 18) = 18 [pid 10270] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10270] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10270] memfd_create("syzkaller", 0) = 3 [pid 10270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10270] munmap(0x7ff698483000, 138412032) = 0 [pid 10270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 577.076312][T10268] loop0: detected capacity change from 0 to 512 [ 577.084050][T10268] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 577.094647][T10268] EXT4-fs (loop0): 1 truncate cleaned up [ 577.101909][T10268] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10270] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10270] close(3) = 0 [pid 10270] close(4) = 0 [pid 10270] mkdir("./file0", 0777) = 0 [pid 10270] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10270] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10270] chdir("./file0") = 0 [pid 10270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10270] ioctl(4, LOOP_CLR_FD) = 0 [pid 10270] close(4) = 0 [pid 10270] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10270] truncate("./file2", 0) = 0 [pid 10270] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10270] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10270] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10270, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4677", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4677", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4677/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4677/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4677/binderfs") = 0 umount2("./4677/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4677/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4677/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4677/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4677/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4677/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4677") = 0 mkdir("./4678", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10272 ./strace-static-x86_64: Process 10272 attached [pid 10272] set_robust_list(0x55558abad660, 24) = 0 [pid 10272] chdir("./4678") = 0 [pid 10272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10272] setpgid(0, 0) = 0 [pid 10272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 10272] write(3, "1000", 4) = 4 [pid 10272] close(3) = 0 [pid 10272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10272] write(1, "executing program\n", 18) = 18 [pid 10272] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10272] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10272] memfd_create("syzkaller", 0) = 3 [pid 10272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10272] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10272] munmap(0x7ff698483000, 138412032) = 0 [pid 10272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 577.138071][T10270] loop0: detected capacity change from 0 to 512 [ 577.145354][T10270] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 577.155977][T10270] EXT4-fs (loop0): 1 truncate cleaned up [ 577.162984][T10270] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10272] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10272] close(3) = 0 [pid 10272] close(4) = 0 [pid 10272] mkdir("./file0", 0777) = 0 [pid 10272] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10272] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10272] chdir("./file0") = 0 [pid 10272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10272] ioctl(4, LOOP_CLR_FD) = 0 [pid 10272] close(4) = 0 [pid 10272] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10272] truncate("./file2", 0) = 0 [pid 10272] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10272] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10272] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10272, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4678", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4678", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4678/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4678/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4678/binderfs") = 0 umount2("./4678/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4678/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4678/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4678/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4678/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4678/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4678") = 0 mkdir("./4679", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10275 ./strace-static-x86_64: Process 10275 attached [pid 10275] set_robust_list(0x55558abad660, 24) = 0 [pid 10275] chdir("./4679") = 0 [pid 10275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10275] setpgid(0, 0) = 0 [pid 10275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10275] write(3, "1000", 4) = 4 [pid 10275] close(3) = 0 [pid 10275] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10275] write(1, "executing program\n", 18) = 18 [pid 10275] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10275] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10275] memfd_create("syzkaller", 0) = 3 [pid 10275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10275] munmap(0x7ff698483000, 138412032) = 0 [pid 10275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 577.203035][T10272] loop0: detected capacity change from 0 to 512 [ 577.210410][T10272] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 577.220931][T10272] EXT4-fs (loop0): 1 truncate cleaned up [ 577.228212][T10272] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10275] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10275] close(3) = 0 [pid 10275] close(4) = 0 [pid 10275] mkdir("./file0", 0777) = 0 [pid 10275] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10275] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10275] chdir("./file0") = 0 [pid 10275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10275] ioctl(4, LOOP_CLR_FD) = 0 [pid 10275] close(4) = 0 [pid 10275] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10275] truncate("./file2", 0) = 0 [pid 10275] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10275] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10275] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10275, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4679", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4679", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4679/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4679/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4679/binderfs") = 0 umount2("./4679/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./4679/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4679/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4679/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4679/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4679/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4679") = 0 mkdir("./4680", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10277 ./strace-static-x86_64: Process 10277 attached [pid 10277] set_robust_list(0x55558abad660, 24) = 0 [pid 10277] chdir("./4680") = 0 [pid 10277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10277] setpgid(0, 0) = 0 [pid 10277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10277] write(3, "1000", 4) = 4 [pid 10277] close(3) = 0 [pid 10277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10277] write(1, "executing program\n", 18) = 18 [pid 10277] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10277] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10277] memfd_create("syzkaller", 0) = 3 [pid 10277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10277] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10277] munmap(0x7ff698483000, 138412032) = 0 [pid 10277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 577.264934][T10275] loop0: detected capacity change from 0 to 512 [ 577.272657][T10275] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 577.283443][T10275] EXT4-fs (loop0): 1 truncate cleaned up [ 577.290909][T10275] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10277] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10277] close(3) = 0 [pid 10277] close(4) = 0 [pid 10277] mkdir("./file0", 0777) = 0 [pid 10277] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10277] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10277] chdir("./file0") = 0 [pid 10277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10277] ioctl(4, LOOP_CLR_FD) = 0 [pid 10277] close(4) = 0 [pid 10277] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10277] truncate("./file2", 0) = 0 [pid 10277] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10277] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10277] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10277, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4680", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4680", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4680/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4680/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4680/binderfs") = 0 umount2("./4680/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4680/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4680/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4680/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4680/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4680/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4680") = 0 mkdir("./4681", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10279 ./strace-static-x86_64: Process 10279 attached [pid 10279] set_robust_list(0x55558abad660, 24) = 0 [pid 10279] chdir("./4681") = 0 [pid 10279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10279] setpgid(0, 0) = 0 [pid 10279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10279] write(3, "1000", 4) = 4 [pid 10279] close(3) = 0 [pid 10279] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10279] write(1, "executing program\n", 18executing program ) = 18 [pid 10279] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10279] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10279] memfd_create("syzkaller", 0) = 3 [pid 10279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10279] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10279] munmap(0x7ff698483000, 138412032) = 0 [pid 10279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 577.327269][T10277] loop0: detected capacity change from 0 to 512 [ 577.334551][T10277] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 577.345189][T10277] EXT4-fs (loop0): 1 truncate cleaned up [ 577.351890][T10277] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10279] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10279] close(3) = 0 [pid 10279] close(4) = 0 [pid 10279] mkdir("./file0", 0777) = 0 [pid 10279] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10279] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10279] chdir("./file0") = 0 [pid 10279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10279] ioctl(4, LOOP_CLR_FD) = 0 [pid 10279] close(4) = 0 [pid 10279] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10279] truncate("./file2", 0) = 0 [pid 10279] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10279] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10279] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10279, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4681", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4681", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4681/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4681/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4681/binderfs") = 0 umount2("./4681/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4681/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4681/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4681/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4681/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4681/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4681") = 0 mkdir("./4682", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10281 ./strace-static-x86_64: Process 10281 attached [pid 10281] set_robust_list(0x55558abad660, 24) = 0 [pid 10281] chdir("./4682") = 0 [pid 10281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10281] setpgid(0, 0) = 0 [pid 10281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10281] write(3, "1000", 4) = 4 [pid 10281] close(3) = 0 [pid 10281] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10281] write(1, "executing program\n", 18) = 18 [pid 10281] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10281] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10281] memfd_create("syzkaller", 0) = 3 [pid 10281] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10281] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10281] munmap(0x7ff698483000, 138412032) = 0 [pid 10281] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 577.384346][T10279] loop0: detected capacity change from 0 to 512 [ 577.392017][T10279] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 577.402755][T10279] EXT4-fs (loop0): 1 truncate cleaned up [ 577.409907][T10279] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10281] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10281] close(3) = 0 [pid 10281] close(4) = 0 [pid 10281] mkdir("./file0", 0777) = 0 [pid 10281] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10281] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10281] chdir("./file0") = 0 [pid 10281] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10281] ioctl(4, LOOP_CLR_FD) = 0 [pid 10281] close(4) = 0 [pid 10281] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10281] truncate("./file2", 0) = 0 [pid 10281] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10281] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10281] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10281, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4682", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4682", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4682/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4682/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4682/binderfs") = 0 umount2("./4682/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4682/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4682/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4682/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4682/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4682/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4682") = 0 mkdir("./4683", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10283 ./strace-static-x86_64: Process 10283 attached [pid 10283] set_robust_list(0x55558abad660, 24) = 0 [pid 10283] chdir("./4683") = 0 [pid 10283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10283] setpgid(0, 0) = 0 [pid 10283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10283] write(3, "1000", 4) = 4 [pid 10283] close(3) = 0 [pid 10283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10283] write(1, "executing program\n", 18executing program ) = 18 [pid 10283] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10283] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10283] memfd_create("syzkaller", 0) = 3 [pid 10283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10283] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10283] munmap(0x7ff698483000, 138412032) = 0 [pid 10283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 577.454902][T10281] loop0: detected capacity change from 0 to 512 [ 577.462953][T10281] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 577.474017][T10281] EXT4-fs (loop0): 1 truncate cleaned up [ 577.481355][T10281] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10283] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10283] close(3) = 0 [pid 10283] close(4) = 0 [pid 10283] mkdir("./file0", 0777) = 0 [pid 10283] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10283] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10283] chdir("./file0") = 0 [pid 10283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10283] ioctl(4, LOOP_CLR_FD) = 0 [pid 10283] close(4) = 0 [pid 10283] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10283] truncate("./file2", 0) = 0 [pid 10283] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10283] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10283] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10283, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4683", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4683", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4683/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4683/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4683/binderfs") = 0 umount2("./4683/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4683/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4683/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4683/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4683/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4683/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4683") = 0 mkdir("./4684", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10285 ./strace-static-x86_64: Process 10285 attached executing program [pid 10285] set_robust_list(0x55558abad660, 24) = 0 [pid 10285] chdir("./4684") = 0 [pid 10285] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10285] setpgid(0, 0) = 0 [pid 10285] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10285] write(3, "1000", 4) = 4 [pid 10285] close(3) = 0 [pid 10285] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10285] write(1, "executing program\n", 18) = 18 [pid 10285] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10285] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10285] memfd_create("syzkaller", 0) = 3 [pid 10285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10285] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10285] munmap(0x7ff698483000, 138412032) = 0 [pid 10285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 577.513264][T10283] loop0: detected capacity change from 0 to 512 [ 577.520828][T10283] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 577.531507][T10283] EXT4-fs (loop0): 1 truncate cleaned up [ 577.538384][T10283] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10285] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10285] close(3) = 0 [pid 10285] close(4) = 0 [pid 10285] mkdir("./file0", 0777) = 0 [pid 10285] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10285] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10285] chdir("./file0") = 0 [pid 10285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10285] ioctl(4, LOOP_CLR_FD) = 0 [pid 10285] close(4) = 0 [pid 10285] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10285] truncate("./file2", 0) = 0 [pid 10285] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10285] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10285] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10285, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4684", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4684", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4684/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4684/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4684/binderfs") = 0 umount2("./4684/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4684/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4684/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4684/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4684/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4684/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4684") = 0 mkdir("./4685", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10287 ./strace-static-x86_64: Process 10287 attached [pid 10287] set_robust_list(0x55558abad660, 24) = 0 [pid 10287] chdir("./4685") = 0 [pid 10287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10287] setpgid(0, 0) = 0 [pid 10287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10287] write(3, "1000", 4) = 4 [pid 10287] close(3) = 0 [pid 10287] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10287] write(1, "executing program\n", 18) = 18 [pid 10287] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10287] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10287] memfd_create("syzkaller", 0) = 3 [pid 10287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10287] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10287] munmap(0x7ff698483000, 138412032) = 0 [pid 10287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 577.568806][T10285] loop0: detected capacity change from 0 to 512 [ 577.576116][T10285] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 577.586939][T10285] EXT4-fs (loop0): 1 truncate cleaned up [ 577.593761][T10285] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10287] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10287] close(3) = 0 [pid 10287] close(4) = 0 [pid 10287] mkdir("./file0", 0777) = 0 [pid 10287] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10287] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10287] chdir("./file0") = 0 [pid 10287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10287] ioctl(4, LOOP_CLR_FD) = 0 [pid 10287] close(4) = 0 [pid 10287] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10287] truncate("./file2", 0) = 0 [pid 10287] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10287] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10287] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10287, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4685", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4685", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4685/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4685/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4685/binderfs") = 0 umount2("./4685/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4685/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4685/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4685/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4685/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4685/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4685") = 0 mkdir("./4686", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10289 ./strace-static-x86_64: Process 10289 attached [pid 10289] set_robust_list(0x55558abad660, 24) = 0 [pid 10289] chdir("./4686") = 0 [pid 10289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10289] setpgid(0, 0) = 0 [pid 10289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10289] write(3, "1000", 4) = 4 [pid 10289] close(3) = 0 [pid 10289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10289] write(1, "executing program\n", 18executing program ) = 18 [pid 10289] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10289] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10289] memfd_create("syzkaller", 0) = 3 [pid 10289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10289] munmap(0x7ff698483000, 138412032) = 0 [pid 10289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 577.630741][T10287] loop0: detected capacity change from 0 to 512 [ 577.638170][T10287] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 577.648835][T10287] EXT4-fs (loop0): 1 truncate cleaned up [ 577.655763][T10287] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10289] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10289] close(3) = 0 [pid 10289] close(4) = 0 [pid 10289] mkdir("./file0", 0777) = 0 [pid 10289] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10289] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10289] chdir("./file0") = 0 [pid 10289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10289] ioctl(4, LOOP_CLR_FD) = 0 [pid 10289] close(4) = 0 [pid 10289] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10289] truncate("./file2", 0) = 0 [pid 10289] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10289] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10289] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10289, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4686", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4686", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4686/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4686/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4686/binderfs") = 0 umount2("./4686/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4686/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4686/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4686/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4686/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4686/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4686") = 0 mkdir("./4687", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10291 executing program ./strace-static-x86_64: Process 10291 attached [pid 10291] set_robust_list(0x55558abad660, 24) = 0 [pid 10291] chdir("./4687") = 0 [pid 10291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10291] setpgid(0, 0) = 0 [pid 10291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10291] write(3, "1000", 4) = 4 [pid 10291] close(3) = 0 [pid 10291] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10291] write(1, "executing program\n", 18) = 18 [pid 10291] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10291] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10291] memfd_create("syzkaller", 0) = 3 [pid 10291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10291] munmap(0x7ff698483000, 138412032) = 0 [pid 10291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 577.687167][T10289] loop0: detected capacity change from 0 to 512 [ 577.694689][T10289] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 577.705280][T10289] EXT4-fs (loop0): 1 truncate cleaned up [ 577.712540][T10289] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10291] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10291] close(3) = 0 [pid 10291] close(4) = 0 [pid 10291] mkdir("./file0", 0777) = 0 [pid 10291] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10291] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10291] chdir("./file0") = 0 [pid 10291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10291] ioctl(4, LOOP_CLR_FD) = 0 [pid 10291] close(4) = 0 [pid 10291] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10291] truncate("./file2", 0) = 0 [pid 10291] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10291] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10291] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10291, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4687", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4687", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4687/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4687/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4687/binderfs") = 0 umount2("./4687/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4687/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4687/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4687/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4687/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4687/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4687") = 0 mkdir("./4688", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10293 ./strace-static-x86_64: Process 10293 attached [pid 10293] set_robust_list(0x55558abad660, 24) = 0 [pid 10293] chdir("./4688") = 0 [pid 10293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10293] setpgid(0, 0) = 0 [pid 10293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10293] write(3, "1000", 4) = 4 [pid 10293] close(3) = 0 [pid 10293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10293] write(1, "executing program\n", 18executing program ) = 18 [pid 10293] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10293] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10293] memfd_create("syzkaller", 0) = 3 [pid 10293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10293] munmap(0x7ff698483000, 138412032) = 0 [pid 10293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 577.748506][T10291] loop0: detected capacity change from 0 to 512 [ 577.755980][T10291] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 577.766699][T10291] EXT4-fs (loop0): 1 truncate cleaned up [ 577.773645][T10291] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10293] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10293] close(3) = 0 [pid 10293] close(4) = 0 [pid 10293] mkdir("./file0", 0777) = 0 [pid 10293] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10293] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10293] chdir("./file0") = 0 [pid 10293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10293] ioctl(4, LOOP_CLR_FD) = 0 [pid 10293] close(4) = 0 [pid 10293] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10293] truncate("./file2", 0) = 0 [pid 10293] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10293] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10293] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10293, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4688", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4688", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4688/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4688/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4688/binderfs") = 0 umount2("./4688/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4688/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4688/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4688/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4688/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4688/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4688") = 0 mkdir("./4689", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10295 ./strace-static-x86_64: Process 10295 attached [pid 10295] set_robust_list(0x55558abad660, 24) = 0 [pid 10295] chdir("./4689") = 0 [pid 10295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10295] setpgid(0, 0) = 0 [pid 10295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10295] write(3, "1000", 4) = 4 [pid 10295] close(3) = 0 [pid 10295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10295] write(1, "executing program\n", 18executing program ) = 18 [pid 10295] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10295] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10295] memfd_create("syzkaller", 0) = 3 [pid 10295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10295] munmap(0x7ff698483000, 138412032) = 0 [ 577.811242][T10293] loop0: detected capacity change from 0 to 512 [ 577.818556][T10293] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 577.829301][T10293] EXT4-fs (loop0): 1 truncate cleaned up [ 577.836064][T10293] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10295] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10295] close(3) = 0 [pid 10295] close(4) = 0 [pid 10295] mkdir("./file0", 0777) = 0 [pid 10295] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10295] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10295] chdir("./file0") = 0 [pid 10295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10295] ioctl(4, LOOP_CLR_FD) = 0 [pid 10295] close(4) = 0 [pid 10295] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10295] truncate("./file2", 0) = 0 [pid 10295] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10295] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10295] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10295, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4689", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4689", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4689/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4689/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4689/binderfs") = 0 umount2("./4689/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4689/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4689/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4689/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4689/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4689/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4689") = 0 mkdir("./4690", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10297 ./strace-static-x86_64: Process 10297 attached [pid 10297] set_robust_list(0x55558abad660, 24) = 0 [pid 10297] chdir("./4690") = 0 [pid 10297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10297] setpgid(0, 0) = 0 [pid 10297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10297] write(3, "1000", 4) = 4 [pid 10297] close(3) = 0 [pid 10297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10297] write(1, "executing program\n", 18executing program ) = 18 [pid 10297] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10297] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10297] memfd_create("syzkaller", 0) = 3 [pid 10297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10297] munmap(0x7ff698483000, 138412032) = 0 [pid 10297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 577.867652][T10295] loop0: detected capacity change from 0 to 512 [ 577.874958][T10295] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 577.885565][T10295] EXT4-fs (loop0): 1 truncate cleaned up [ 577.892809][T10295] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10297] close(3) = 0 [pid 10297] close(4) = 0 [pid 10297] mkdir("./file0", 0777) = 0 [pid 10297] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10297] chdir("./file0") = 0 [pid 10297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10297] ioctl(4, LOOP_CLR_FD) = 0 [pid 10297] close(4) = 0 [pid 10297] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10297] truncate("./file2", 0) = 0 [pid 10297] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10297] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10297] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10297, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4690", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4690", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4690/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4690/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4690/binderfs") = 0 umount2("./4690/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4690/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4690/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4690/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4690/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4690/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4690") = 0 mkdir("./4691", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10299 ./strace-static-x86_64: Process 10299 attached [pid 10299] set_robust_list(0x55558abad660, 24) = 0 [pid 10299] chdir("./4691") = 0 [pid 10299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10299] setpgid(0, 0) = 0 [pid 10299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10299] write(3, "1000", 4) = 4 [pid 10299] close(3) = 0 [pid 10299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10299] write(1, "executing program\n", 18) = 18 [pid 10299] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10299] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10299] memfd_create("syzkaller", 0) = 3 [pid 10299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10299] munmap(0x7ff698483000, 138412032) = 0 [pid 10299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 577.925748][T10297] loop0: detected capacity change from 0 to 512 [ 577.932997][T10297] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 577.943691][T10297] EXT4-fs (loop0): 1 truncate cleaned up [ 577.950725][T10297] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10299] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10299] close(3) = 0 [pid 10299] close(4) = 0 [pid 10299] mkdir("./file0", 0777) = 0 [pid 10299] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10299] chdir("./file0") = 0 [pid 10299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10299] ioctl(4, LOOP_CLR_FD) = 0 [pid 10299] close(4) = 0 [pid 10299] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10299] truncate("./file2", 0) = 0 [pid 10299] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10299] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10299] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10299, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4691", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4691", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4691/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4691/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4691/binderfs") = 0 umount2("./4691/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4691/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4691/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4691/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4691/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4691/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4691") = 0 mkdir("./4692", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10301 ./strace-static-x86_64: Process 10301 attached [pid 10301] set_robust_list(0x55558abad660, 24) = 0 [pid 10301] chdir("./4692") = 0 [pid 10301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10301] setpgid(0, 0) = 0 [pid 10301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10301] write(3, "1000", 4) = 4 [pid 10301] close(3) = 0 [pid 10301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10301] write(1, "executing program\n", 18executing program ) = 18 [pid 10301] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10301] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10301] memfd_create("syzkaller", 0) = 3 [pid 10301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10301] munmap(0x7ff698483000, 138412032) = 0 [pid 10301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 577.986271][T10299] loop0: detected capacity change from 0 to 512 [ 577.993939][T10299] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 578.004412][T10299] EXT4-fs (loop0): 1 truncate cleaned up [ 578.011348][T10299] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10301] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10301] close(3) = 0 [pid 10301] close(4) = 0 [pid 10301] mkdir("./file0", 0777) = 0 [pid 10301] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10301] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10301] chdir("./file0") = 0 [pid 10301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10301] ioctl(4, LOOP_CLR_FD) = 0 [pid 10301] close(4) = 0 [pid 10301] creat(NULL, 000) = -1 EFAULT (Bad address) [ 578.043721][T10301] loop0: detected capacity change from 0 to 512 [ 578.073447][T10301] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 578.084665][T10301] EXT4-fs (loop0): 1 truncate cleaned up [pid 10301] truncate("./file2", 0) = 0 [pid 10301] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10301] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10301] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10301, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4692", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4692", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4692/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4692/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4692/binderfs") = 0 umount2("./4692/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4692/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4692/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4692/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4692/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4692/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4692") = 0 mkdir("./4693", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10303 ./strace-static-x86_64: Process 10303 attached [pid 10303] set_robust_list(0x55558abad660, 24) = 0 [pid 10303] chdir("./4693") = 0 [pid 10303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10303] setpgid(0, 0) = 0 [pid 10303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10303] write(3, "1000", 4) = 4 [pid 10303] close(3) = 0 [pid 10303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10303] write(1, "executing program\n", 18) = 18 executing program [pid 10303] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10303] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10303] memfd_create("syzkaller", 0) = 3 [pid 10303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10303] munmap(0x7ff698483000, 138412032) = 0 [pid 10303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 578.092592][T10301] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10303] close(3) = 0 [pid 10303] close(4) = 0 [pid 10303] mkdir("./file0", 0777) = 0 [pid 10303] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10303] chdir("./file0") = 0 [pid 10303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10303] ioctl(4, LOOP_CLR_FD) = 0 [pid 10303] close(4) = 0 [pid 10303] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10303] truncate("./file2", 0) = 0 [pid 10303] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10303] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10303] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10303, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4693", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4693", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4693/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4693/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4693/binderfs") = 0 umount2("./4693/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4693/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4693/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4693/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4693/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4693/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4693") = 0 mkdir("./4694", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10305 ./strace-static-x86_64: Process 10305 attached executing program [pid 10305] set_robust_list(0x55558abad660, 24) = 0 [pid 10305] chdir("./4694") = 0 [pid 10305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10305] setpgid(0, 0) = 0 [pid 10305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10305] write(3, "1000", 4) = 4 [pid 10305] close(3) = 0 [pid 10305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10305] write(1, "executing program\n", 18) = 18 [pid 10305] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10305] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10305] memfd_create("syzkaller", 0) = 3 [pid 10305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10305] munmap(0x7ff698483000, 138412032) = 0 [pid 10305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 578.135608][T10303] loop0: detected capacity change from 0 to 512 [ 578.143064][T10303] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 578.153741][T10303] EXT4-fs (loop0): 1 truncate cleaned up [ 578.160638][T10303] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10305] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10305] close(3) = 0 [pid 10305] close(4) = 0 [pid 10305] mkdir("./file0", 0777) = 0 [pid 10305] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10305] chdir("./file0") = 0 [pid 10305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10305] ioctl(4, LOOP_CLR_FD) = 0 [pid 10305] close(4) = 0 [pid 10305] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10305] truncate("./file2", 0) = 0 [pid 10305] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10305] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10305] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10305, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4694", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4694", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4694/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4694/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4694/binderfs") = 0 umount2("./4694/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4694/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4694/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4694/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4694/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4694/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4694") = 0 mkdir("./4695", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10308 ./strace-static-x86_64: Process 10308 attached [pid 10308] set_robust_list(0x55558abad660, 24) = 0 [pid 10308] chdir("./4695") = 0 [pid 10308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10308] setpgid(0, 0) = 0 [pid 10308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10308] write(3, "1000", 4) = 4 [pid 10308] close(3) = 0 [pid 10308] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10308] write(1, "executing program\n", 18) = 18 [pid 10308] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10308] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10308] memfd_create("syzkaller", 0) = 3 [pid 10308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10308] munmap(0x7ff698483000, 138412032) = 0 [pid 10308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 578.196209][T10305] loop0: detected capacity change from 0 to 512 [ 578.203386][T10305] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 578.213987][T10305] EXT4-fs (loop0): 1 truncate cleaned up [ 578.220724][T10305] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10308] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10308] close(3) = 0 [pid 10308] close(4) = 0 [pid 10308] mkdir("./file0", 0777) = 0 [pid 10308] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10308] chdir("./file0") = 0 [pid 10308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10308] ioctl(4, LOOP_CLR_FD) = 0 [pid 10308] close(4) = 0 [pid 10308] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10308] truncate("./file2", 0) = 0 [pid 10308] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10308] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10308] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10308, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- umount2("./4695", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4695", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4695/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4695/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4695/binderfs") = 0 umount2("./4695/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4695/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4695/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4695/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4695/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4695/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4695") = 0 mkdir("./4696", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10310 ./strace-static-x86_64: Process 10310 attached [pid 10310] set_robust_list(0x55558abad660, 24) = 0 [pid 10310] chdir("./4696") = 0 [pid 10310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10310] setpgid(0, 0) = 0 [pid 10310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10310] write(3, "1000", 4) = 4 [pid 10310] close(3) = 0 [pid 10310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10310] write(1, "executing program\n", 18executing program ) = 18 [pid 10310] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10310] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10310] memfd_create("syzkaller", 0) = 3 [pid 10310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10310] munmap(0x7ff698483000, 138412032) = 0 [pid 10310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 578.256264][T10308] loop0: detected capacity change from 0 to 512 [ 578.263751][T10308] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 578.274394][T10308] EXT4-fs (loop0): 1 truncate cleaned up [ 578.281349][T10308] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10310] close(3) = 0 [pid 10310] close(4) = 0 [pid 10310] mkdir("./file0", 0777) = 0 [pid 10310] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10310] chdir("./file0") = 0 [pid 10310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10310] ioctl(4, LOOP_CLR_FD) = 0 [pid 10310] close(4) = 0 [pid 10310] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10310] truncate("./file2", 0) = 0 [pid 10310] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10310] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10310] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10310, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4696", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4696", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4696/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4696/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4696/binderfs") = 0 umount2("./4696/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4696/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4696/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4696/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4696/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4696/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4696") = 0 mkdir("./4697", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10312 ./strace-static-x86_64: Process 10312 attached [pid 10312] set_robust_list(0x55558abad660, 24) = 0 [pid 10312] chdir("./4697") = 0 [pid 10312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10312] setpgid(0, 0) = 0 [pid 10312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10312] write(3, "1000", 4) = 4 [pid 10312] close(3) = 0 [pid 10312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10312] write(1, "executing program\n", 18) = 18 executing program [pid 10312] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10312] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10312] memfd_create("syzkaller", 0) = 3 [pid 10312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10312] munmap(0x7ff698483000, 138412032) = 0 [pid 10312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 578.311755][T10310] loop0: detected capacity change from 0 to 512 [ 578.319740][T10310] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 578.331267][T10310] EXT4-fs (loop0): 1 truncate cleaned up [ 578.337780][T10310] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10312] close(3) = 0 [pid 10312] close(4) = 0 [pid 10312] mkdir("./file0", 0777) = 0 [pid 10312] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10312] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10312] chdir("./file0") = 0 [pid 10312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10312] ioctl(4, LOOP_CLR_FD) = 0 [pid 10312] close(4) = 0 [pid 10312] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10312] truncate("./file2", 0) = 0 [pid 10312] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10312] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10312] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10312, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4697", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4697", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4697/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4697/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4697/binderfs") = 0 umount2("./4697/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4697/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4697/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4697/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4697/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4697/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4697") = 0 mkdir("./4698", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10314 ./strace-static-x86_64: Process 10314 attached [pid 10314] set_robust_list(0x55558abad660, 24) = 0 [pid 10314] chdir("./4698") = 0 [pid 10314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10314] setpgid(0, 0) = 0 [pid 10314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10314] write(3, "1000", 4) = 4 [pid 10314] close(3) = 0 [pid 10314] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10314] write(1, "executing program\n", 18) = 18 [pid 10314] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10314] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10314] memfd_create("syzkaller", 0) = 3 [pid 10314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10314] munmap(0x7ff698483000, 138412032) = 0 [pid 10314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 578.373484][T10312] loop0: detected capacity change from 0 to 512 [ 578.380771][T10312] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 578.391608][T10312] EXT4-fs (loop0): 1 truncate cleaned up [ 578.398989][T10312] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10314] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10314] close(3) = 0 [pid 10314] close(4) = 0 [pid 10314] mkdir("./file0", 0777) = 0 [pid 10314] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10314] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10314] chdir("./file0") = 0 [pid 10314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10314] ioctl(4, LOOP_CLR_FD) = 0 [pid 10314] close(4) = 0 [pid 10314] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10314] truncate("./file2", 0) = 0 [pid 10314] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10314] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10314] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10314, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4698", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4698", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4698/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4698/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4698/binderfs") = 0 umount2("./4698/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4698/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4698/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4698/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4698/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4698/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4698") = 0 mkdir("./4699", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10316 ./strace-static-x86_64: Process 10316 attached [pid 10316] set_robust_list(0x55558abad660, 24) = 0 [pid 10316] chdir("./4699") = 0 [pid 10316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10316] setpgid(0, 0) = 0 [pid 10316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10316] write(3, "1000", 4) = 4 [pid 10316] close(3) = 0 [pid 10316] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10316] write(1, "executing program\n", 18) = 18 [pid 10316] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10316] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10316] memfd_create("syzkaller", 0) = 3 [pid 10316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10316] munmap(0x7ff698483000, 138412032) = 0 [pid 10316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 578.435443][T10314] loop0: detected capacity change from 0 to 512 [ 578.442791][T10314] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 578.453504][T10314] EXT4-fs (loop0): 1 truncate cleaned up [ 578.460927][T10314] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10316] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10316] close(3) = 0 [pid 10316] close(4) = 0 [pid 10316] mkdir("./file0", 0777) = 0 [pid 10316] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10316] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10316] chdir("./file0") = 0 [pid 10316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10316] ioctl(4, LOOP_CLR_FD) = 0 [pid 10316] close(4) = 0 [pid 10316] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10316] truncate("./file2", 0) = 0 [pid 10316] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10316] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10316] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10316, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- umount2("./4699", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4699", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4699/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4699/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4699/binderfs") = 0 umount2("./4699/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4699/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4699/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4699/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4699/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4699/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4699") = 0 mkdir("./4700", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10318 ./strace-static-x86_64: Process 10318 attached [pid 10318] set_robust_list(0x55558abad660, 24) = 0 [pid 10318] chdir("./4700") = 0 [pid 10318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10318] setpgid(0, 0) = 0 [pid 10318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10318] write(3, "1000", 4) = 4 [pid 10318] close(3) = 0 [pid 10318] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10318] write(1, "executing program\n", 18executing program ) = 18 [pid 10318] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10318] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10318] memfd_create("syzkaller", 0) = 3 [pid 10318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10318] munmap(0x7ff698483000, 138412032) = 0 [pid 10318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 578.497099][T10316] loop0: detected capacity change from 0 to 512 [ 578.504203][T10316] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 578.514780][T10316] EXT4-fs (loop0): 1 truncate cleaned up [ 578.521535][T10316] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10318] close(3) = 0 [pid 10318] close(4) = 0 [pid 10318] mkdir("./file0", 0777) = 0 [pid 10318] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10318] chdir("./file0") = 0 [pid 10318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10318] ioctl(4, LOOP_CLR_FD) = 0 [pid 10318] close(4) = 0 [pid 10318] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10318] truncate("./file2", 0) = 0 [pid 10318] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10318] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10318] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10318, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4700", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4700", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4700/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4700/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4700/binderfs") = 0 umount2("./4700/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4700/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4700/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4700/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4700/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4700/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4700") = 0 mkdir("./4701", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10320 ./strace-static-x86_64: Process 10320 attached [pid 10320] set_robust_list(0x55558abad660, 24) = 0 [pid 10320] chdir("./4701") = 0 [pid 10320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10320] setpgid(0, 0) = 0 [pid 10320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10320] write(3, "1000", 4) = 4 [pid 10320] close(3) = 0 [pid 10320] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10320] write(1, "executing program\n", 18) = 18 [pid 10320] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10320] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10320] memfd_create("syzkaller", 0) = 3 [pid 10320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10320] munmap(0x7ff698483000, 138412032) = 0 [pid 10320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 578.553873][T10318] loop0: detected capacity change from 0 to 512 [ 578.561434][T10318] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 578.572021][T10318] EXT4-fs (loop0): 1 truncate cleaned up [ 578.579067][T10318] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10320] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10320] close(3) = 0 [pid 10320] close(4) = 0 [pid 10320] mkdir("./file0", 0777) = 0 [pid 10320] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10320] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10320] chdir("./file0") = 0 [pid 10320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10320] ioctl(4, LOOP_CLR_FD) = 0 [pid 10320] close(4) = 0 [pid 10320] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10320] truncate("./file2", 0) = 0 [pid 10320] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10320] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10320] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10320, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4701", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4701", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4701/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4701/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4701/binderfs") = 0 umount2("./4701/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4701/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4701/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4701/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4701/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4701/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4701") = 0 mkdir("./4702", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10322 ./strace-static-x86_64: Process 10322 attached [pid 10322] set_robust_list(0x55558abad660, 24) = 0 [pid 10322] chdir("./4702") = 0 [pid 10322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10322] setpgid(0, 0) = 0 [pid 10322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10322] write(3, "1000", 4) = 4 [pid 10322] close(3) = 0 [pid 10322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10322] write(1, "executing program\n", 18executing program ) = 18 [pid 10322] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10322] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10322] memfd_create("syzkaller", 0) = 3 [pid 10322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10322] munmap(0x7ff698483000, 138412032) = 0 [pid 10322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 578.610687][T10320] loop0: detected capacity change from 0 to 512 [ 578.618671][T10320] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 578.629194][T10320] EXT4-fs (loop0): 1 truncate cleaned up [ 578.636245][T10320] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10322] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10322] close(3) = 0 [pid 10322] close(4) = 0 [pid 10322] mkdir("./file0", 0777) = 0 [pid 10322] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10322] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10322] chdir("./file0") = 0 [pid 10322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10322] ioctl(4, LOOP_CLR_FD) = 0 [pid 10322] close(4) = 0 [pid 10322] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10322] truncate("./file2", 0) = 0 [pid 10322] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10322] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10322] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10322, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4702", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4702", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4702/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4702/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4702/binderfs") = 0 umount2("./4702/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4702/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4702/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4702/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4702/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4702/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4702") = 0 mkdir("./4703", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10324 ./strace-static-x86_64: Process 10324 attached [pid 10324] set_robust_list(0x55558abad660, 24) = 0 [pid 10324] chdir("./4703") = 0 [pid 10324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10324] setpgid(0, 0) = 0 [pid 10324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10324] write(3, "1000", 4) = 4 [pid 10324] close(3) = 0 [pid 10324] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10324] write(1, "executing program\n", 18) = 18 [pid 10324] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10324] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10324] memfd_create("syzkaller", 0) = 3 [pid 10324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10324] munmap(0x7ff698483000, 138412032) = 0 [pid 10324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 578.674490][T10322] loop0: detected capacity change from 0 to 512 [ 578.682251][T10322] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 578.693052][T10322] EXT4-fs (loop0): 1 truncate cleaned up [ 578.700081][T10322] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10324] close(3) = 0 [pid 10324] close(4) = 0 [pid 10324] mkdir("./file0", 0777) = 0 [pid 10324] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10324] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10324] chdir("./file0") = 0 [pid 10324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10324] ioctl(4, LOOP_CLR_FD) = 0 [pid 10324] close(4) = 0 [pid 10324] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10324] truncate("./file2", 0) = 0 [pid 10324] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10324] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10324] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10324, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4703", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4703", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4703/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4703/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4703/binderfs") = 0 umount2("./4703/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4703/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4703/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4703/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4703/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4703/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4703") = 0 mkdir("./4704", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10326 ./strace-static-x86_64: Process 10326 attached [pid 10326] set_robust_list(0x55558abad660, 24) = 0 [pid 10326] chdir("./4704") = 0 [pid 10326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10326] setpgid(0, 0) = 0 [pid 10326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10326] write(3, "1000", 4) = 4 [pid 10326] close(3) = 0 [pid 10326] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10326] write(1, "executing program\n", 18) = 18 [pid 10326] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10326] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10326] memfd_create("syzkaller", 0) = 3 [pid 10326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10326] munmap(0x7ff698483000, 138412032) = 0 [pid 10326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 578.739902][T10324] loop0: detected capacity change from 0 to 512 [ 578.747646][T10324] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 578.758320][T10324] EXT4-fs (loop0): 1 truncate cleaned up [ 578.765596][T10324] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10326] close(3) = 0 [pid 10326] close(4) = 0 [pid 10326] mkdir("./file0", 0777) = 0 [pid 10326] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10326] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10326] chdir("./file0") = 0 [pid 10326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10326] ioctl(4, LOOP_CLR_FD) = 0 [pid 10326] close(4) = 0 [pid 10326] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10326] truncate("./file2", 0) = 0 [pid 10326] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10326] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10326] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10326, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4704", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4704", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4704/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4704/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4704/binderfs") = 0 umount2("./4704/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4704/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4704/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4704/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4704/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4704/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4704") = 0 mkdir("./4705", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10328 ./strace-static-x86_64: Process 10328 attached [pid 10328] set_robust_list(0x55558abad660, 24) = 0 [pid 10328] chdir("./4705") = 0 [pid 10328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10328] setpgid(0, 0) = 0 [pid 10328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10328] write(3, "1000", 4) = 4 [pid 10328] close(3) = 0 [pid 10328] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10328] write(1, "executing program\n", 18) = 18 [pid 10328] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10328] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10328] memfd_create("syzkaller", 0) = 3 [pid 10328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10328] munmap(0x7ff698483000, 138412032) = 0 [pid 10328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 578.796560][T10326] loop0: detected capacity change from 0 to 512 [ 578.803880][T10326] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 578.815631][T10326] EXT4-fs (loop0): 1 truncate cleaned up [ 578.822674][T10326] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10328] close(3) = 0 [pid 10328] close(4) = 0 [pid 10328] mkdir("./file0", 0777) = 0 [pid 10328] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10328] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10328] chdir("./file0") = 0 [pid 10328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10328] ioctl(4, LOOP_CLR_FD) = 0 [pid 10328] close(4) = 0 [pid 10328] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10328] truncate("./file2", 0) = 0 [pid 10328] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10328] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10328] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10328, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4705", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4705", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4705/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4705/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4705/binderfs") = 0 umount2("./4705/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4705/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4705/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4705/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4705/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4705/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4705") = 0 mkdir("./4706", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10330 ./strace-static-x86_64: Process 10330 attached [pid 10330] set_robust_list(0x55558abad660, 24) = 0 [pid 10330] chdir("./4706") = 0 [pid 10330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10330] setpgid(0, 0) = 0 [pid 10330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10330] write(3, "1000", 4) = 4 [pid 10330] close(3) = 0 [pid 10330] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10330] write(1, "executing program\n", 18executing program ) = 18 [pid 10330] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10330] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10330] memfd_create("syzkaller", 0) = 3 [pid 10330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10330] munmap(0x7ff698483000, 138412032) = 0 [pid 10330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 578.859514][T10328] loop0: detected capacity change from 0 to 512 [ 578.867161][T10328] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 578.877827][T10328] EXT4-fs (loop0): 1 truncate cleaned up [ 578.884766][T10328] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10330] close(3) = 0 [pid 10330] close(4) = 0 [pid 10330] mkdir("./file0", 0777) = 0 [pid 10330] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10330] chdir("./file0") = 0 [pid 10330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10330] ioctl(4, LOOP_CLR_FD) = 0 [pid 10330] close(4) = 0 [pid 10330] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10330] truncate("./file2", 0) = 0 [pid 10330] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10330] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10330] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10330, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4706", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4706", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4706/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4706/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4706/binderfs") = 0 umount2("./4706/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4706/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4706/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4706/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4706/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4706/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4706") = 0 mkdir("./4707", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10332 ./strace-static-x86_64: Process 10332 attached [pid 10332] set_robust_list(0x55558abad660, 24) = 0 [pid 10332] chdir("./4707") = 0 [pid 10332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10332] setpgid(0, 0) = 0 [pid 10332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10332] write(3, "1000", 4) = 4 [pid 10332] close(3) = 0 [pid 10332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10332] write(1, "executing program\n", 18executing program ) = 18 [pid 10332] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10332] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10332] memfd_create("syzkaller", 0) = 3 [pid 10332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10332] munmap(0x7ff698483000, 138412032) = 0 [pid 10332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 578.917330][T10330] loop0: detected capacity change from 0 to 512 [ 578.924537][T10330] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 578.935445][T10330] EXT4-fs (loop0): 1 truncate cleaned up [ 578.942172][T10330] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10332] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10332] close(3) = 0 [pid 10332] close(4) = 0 [pid 10332] mkdir("./file0", 0777) = 0 [pid 10332] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10332] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10332] chdir("./file0") = 0 [pid 10332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10332] ioctl(4, LOOP_CLR_FD) = 0 [pid 10332] close(4) = 0 [pid 10332] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10332] truncate("./file2", 0) = 0 [pid 10332] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10332] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10332] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10332, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4707", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4707", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4707/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4707/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4707/binderfs") = 0 umount2("./4707/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4707/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4707/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4707/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4707/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4707/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4707") = 0 mkdir("./4708", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10334 ./strace-static-x86_64: Process 10334 attached [pid 10334] set_robust_list(0x55558abad660, 24) = 0 [pid 10334] chdir("./4708") = 0 [pid 10334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10334] setpgid(0, 0) = 0 [pid 10334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10334] write(3, "1000", 4) = 4 [pid 10334] close(3) = 0 [pid 10334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10334] write(1, "executing program\n", 18executing program ) = 18 [pid 10334] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10334] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10334] memfd_create("syzkaller", 0) = 3 [pid 10334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10334] munmap(0x7ff698483000, 138412032) = 0 [pid 10334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 578.974749][T10332] loop0: detected capacity change from 0 to 512 [ 578.982094][T10332] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 578.992610][T10332] EXT4-fs (loop0): 1 truncate cleaned up [ 578.999350][T10332] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10334] close(3) = 0 [pid 10334] close(4) = 0 [pid 10334] mkdir("./file0", 0777) = 0 [pid 10334] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10334] chdir("./file0") = 0 [pid 10334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10334] ioctl(4, LOOP_CLR_FD) = 0 [pid 10334] close(4) = 0 [pid 10334] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10334] truncate("./file2", 0) = 0 [pid 10334] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10334] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10334] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10334, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4708", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4708", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4708/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4708/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4708/binderfs") = 0 umount2("./4708/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4708/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4708/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4708/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4708/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4708/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4708") = 0 mkdir("./4709", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10336 ./strace-static-x86_64: Process 10336 attached [pid 10336] set_robust_list(0x55558abad660, 24) = 0 [pid 10336] chdir("./4709") = 0 [pid 10336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10336] setpgid(0, 0) = 0 [pid 10336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10336] write(3, "1000", 4) = 4 [pid 10336] close(3) = 0 [pid 10336] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10336] write(1, "executing program\n", 18) = 18 [pid 10336] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10336] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10336] memfd_create("syzkaller", 0) = 3 [pid 10336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10336] munmap(0x7ff698483000, 138412032) = 0 [pid 10336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 579.028712][T10334] loop0: detected capacity change from 0 to 512 [ 579.036095][T10334] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 579.046835][T10334] EXT4-fs (loop0): 1 truncate cleaned up [ 579.053435][T10334] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10336] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10336] close(3) = 0 [pid 10336] close(4) = 0 [pid 10336] mkdir("./file0", 0777) = 0 [pid 10336] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10336] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10336] chdir("./file0") = 0 [pid 10336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10336] ioctl(4, LOOP_CLR_FD) = 0 [pid 10336] close(4) = 0 [pid 10336] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10336] truncate("./file2", 0) = 0 [pid 10336] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10336] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10336] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10336, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4709", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4709", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4709/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4709/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4709/binderfs") = 0 umount2("./4709/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4709/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4709/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4709/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4709/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4709/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4709") = 0 mkdir("./4710", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10338 ./strace-static-x86_64: Process 10338 attached [pid 10338] set_robust_list(0x55558abad660, 24) = 0 [pid 10338] chdir("./4710") = 0 [pid 10338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10338] setpgid(0, 0) = 0 [pid 10338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10338] write(3, "1000", 4) = 4 [pid 10338] close(3) = 0 [pid 10338] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10338] write(1, "executing program\n", 18) = 18 [pid 10338] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10338] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10338] memfd_create("syzkaller", 0) = 3 [pid 10338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10338] munmap(0x7ff698483000, 138412032) = 0 [pid 10338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 579.083961][T10336] loop0: detected capacity change from 0 to 512 [ 579.091727][T10336] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 579.102493][T10336] EXT4-fs (loop0): 1 truncate cleaned up [ 579.109639][T10336] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10338] close(3) = 0 [pid 10338] close(4) = 0 [pid 10338] mkdir("./file0", 0777) = 0 [pid 10338] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10338] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10338] chdir("./file0") = 0 [pid 10338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10338] ioctl(4, LOOP_CLR_FD) = 0 [pid 10338] close(4) = 0 [pid 10338] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10338] truncate("./file2", 0) = 0 [pid 10338] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10338] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10338] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10338, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4710", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4710", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4710/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4710/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4710/binderfs") = 0 umount2("./4710/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4710/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4710/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4710/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4710/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4710/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4710") = 0 mkdir("./4711", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10340 ./strace-static-x86_64: Process 10340 attached [pid 10340] set_robust_list(0x55558abad660, 24) = 0 [pid 10340] chdir("./4711") = 0 [pid 10340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10340] setpgid(0, 0) = 0 [pid 10340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10340] write(3, "1000", 4) = 4 [pid 10340] close(3) = 0 [pid 10340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10340] write(1, "executing program\n", 18executing program ) = 18 [pid 10340] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10340] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10340] memfd_create("syzkaller", 0) = 3 [pid 10340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10340] munmap(0x7ff698483000, 138412032) = 0 [pid 10340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 579.149147][T10338] loop0: detected capacity change from 0 to 512 [ 579.157226][T10338] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 579.167753][T10338] EXT4-fs (loop0): 1 truncate cleaned up [ 579.175258][T10338] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10340] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10340] close(3) = 0 [pid 10340] close(4) = 0 [pid 10340] mkdir("./file0", 0777) = 0 [pid 10340] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10340] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10340] chdir("./file0") = 0 [pid 10340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10340] ioctl(4, LOOP_CLR_FD) = 0 [pid 10340] close(4) = 0 [pid 10340] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10340] truncate("./file2", 0) = 0 [pid 10340] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10340] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10340] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10340, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4711", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4711", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4711/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4711/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4711/binderfs") = 0 umount2("./4711/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4711/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4711/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4711/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4711/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4711/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4711") = 0 mkdir("./4712", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10343 ./strace-static-x86_64: Process 10343 attached [pid 10343] set_robust_list(0x55558abad660, 24) = 0 [pid 10343] chdir("./4712") = 0 [pid 10343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10343] setpgid(0, 0) = 0 [pid 10343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10343] write(3, "1000", 4) = 4 [pid 10343] close(3) = 0 [pid 10343] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10343] write(1, "executing program\n", 18) = 18 [pid 10343] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10343] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10343] memfd_create("syzkaller", 0) = 3 [pid 10343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [ 579.218090][T10340] loop0: detected capacity change from 0 to 512 [ 579.225196][T10340] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 579.236027][T10340] EXT4-fs (loop0): 1 truncate cleaned up [ 579.242869][T10340] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10343] munmap(0x7ff698483000, 138412032) = 0 [pid 10343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10343] close(3) = 0 [pid 10343] close(4) = 0 [pid 10343] mkdir("./file0", 0777) = 0 [pid 10343] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10343] chdir("./file0") = 0 [pid 10343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10343] ioctl(4, LOOP_CLR_FD) = 0 [pid 10343] close(4) = 0 [pid 10343] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10343] truncate("./file2", 0) = 0 [pid 10343] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10343] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10343] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10343, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4712", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4712", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4712/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4712/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4712/binderfs") = 0 umount2("./4712/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4712/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4712/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4712/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4712/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4712/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4712") = 0 mkdir("./4713", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10345 ./strace-static-x86_64: Process 10345 attached [pid 10345] set_robust_list(0x55558abad660, 24) = 0 [pid 10345] chdir("./4713") = 0 [pid 10345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10345] setpgid(0, 0) = 0 [pid 10345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10345] write(3, "1000", 4) = 4 [pid 10345] close(3) = 0 [pid 10345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10345] write(1, "executing program\n", 18executing program ) = 18 [pid 10345] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10345] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10345] memfd_create("syzkaller", 0) = 3 [pid 10345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10345] munmap(0x7ff698483000, 138412032) = 0 [pid 10345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 579.279166][T10343] loop0: detected capacity change from 0 to 512 [ 579.286607][T10343] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 579.297435][T10343] EXT4-fs (loop0): 1 truncate cleaned up [ 579.304322][T10343] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10345] close(3) = 0 [pid 10345] close(4) = 0 [pid 10345] mkdir("./file0", 0777) = 0 [pid 10345] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10345] chdir("./file0") = 0 [pid 10345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10345] ioctl(4, LOOP_CLR_FD) = 0 [pid 10345] close(4) = 0 [pid 10345] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10345] truncate("./file2", 0) = 0 [pid 10345] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10345] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10345] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10345, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4713", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4713", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4713/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4713/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4713/binderfs") = 0 umount2("./4713/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4713/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4713/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4713/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4713/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4713/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4713") = 0 mkdir("./4714", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10347 ./strace-static-x86_64: Process 10347 attached [pid 10347] set_robust_list(0x55558abad660, 24) = 0 [pid 10347] chdir("./4714") = 0 [pid 10347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10347] setpgid(0, 0) = 0 executing program [pid 10347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10347] write(3, "1000", 4) = 4 [pid 10347] close(3) = 0 [pid 10347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10347] write(1, "executing program\n", 18) = 18 [pid 10347] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10347] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10347] memfd_create("syzkaller", 0) = 3 [pid 10347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10347] munmap(0x7ff698483000, 138412032) = 0 [pid 10347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 579.334876][T10345] loop0: detected capacity change from 0 to 512 [ 579.342807][T10345] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 579.353586][T10345] EXT4-fs (loop0): 1 truncate cleaned up [ 579.360657][T10345] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10347] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10347] close(3) = 0 [pid 10347] close(4) = 0 [pid 10347] mkdir("./file0", 0777) = 0 [pid 10347] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10347] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10347] chdir("./file0") = 0 [pid 10347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10347] ioctl(4, LOOP_CLR_FD) = 0 [pid 10347] close(4) = 0 [pid 10347] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10347] truncate("./file2", 0) = 0 [pid 10347] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10347] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10347] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10347, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4714", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4714", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4714/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4714/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4714/binderfs") = 0 umount2("./4714/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4714/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4714/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4714/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4714/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4714/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4714") = 0 mkdir("./4715", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10349 ./strace-static-x86_64: Process 10349 attached [pid 10349] set_robust_list(0x55558abad660, 24) = 0 [pid 10349] chdir("./4715") = 0 [pid 10349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10349] setpgid(0, 0) = 0 [pid 10349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10349] write(3, "1000", 4) = 4 [pid 10349] close(3) = 0 [pid 10349] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10349] write(1, "executing program\n", 18) = 18 [pid 10349] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10349] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10349] memfd_create("syzkaller", 0) = 3 [pid 10349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10349] munmap(0x7ff698483000, 138412032) = 0 [pid 10349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 579.398013][T10347] loop0: detected capacity change from 0 to 512 [ 579.405572][T10347] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 579.416141][T10347] EXT4-fs (loop0): 1 truncate cleaned up [ 579.423058][T10347] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10349] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10349] close(3) = 0 [pid 10349] close(4) = 0 [pid 10349] mkdir("./file0", 0777) = 0 [pid 10349] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10349] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10349] chdir("./file0") = 0 [pid 10349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10349] ioctl(4, LOOP_CLR_FD) = 0 [pid 10349] close(4) = 0 [pid 10349] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10349] truncate("./file2", 0) = 0 [pid 10349] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10349] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10349] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10349, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4715", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4715", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4715/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4715/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4715/binderfs") = 0 umount2("./4715/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4715/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4715/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4715/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4715/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4715/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4715") = 0 mkdir("./4716", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10351 ./strace-static-x86_64: Process 10351 attached [pid 10351] set_robust_list(0x55558abad660, 24) = 0 [pid 10351] chdir("./4716") = 0 [pid 10351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10351] setpgid(0, 0) = 0 [pid 10351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10351] write(3, "1000", 4) = 4 [pid 10351] close(3) = 0 [pid 10351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10351] write(1, "executing program\n", 18executing program ) = 18 [pid 10351] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10351] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10351] memfd_create("syzkaller", 0) = 3 [pid 10351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10351] munmap(0x7ff698483000, 138412032) = 0 [pid 10351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 579.459564][T10349] loop0: detected capacity change from 0 to 512 [ 579.467184][T10349] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 579.477877][T10349] EXT4-fs (loop0): 1 truncate cleaned up [ 579.484732][T10349] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10351] close(3) = 0 [pid 10351] close(4) = 0 [pid 10351] mkdir("./file0", 0777) = 0 [pid 10351] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10351] chdir("./file0") = 0 [pid 10351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10351] ioctl(4, LOOP_CLR_FD) = 0 [pid 10351] close(4) = 0 [pid 10351] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10351] truncate("./file2", 0) = 0 [pid 10351] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10351] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10351] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10351, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4716", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4716", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4716/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4716/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4716/binderfs") = 0 umount2("./4716/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4716/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4716/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4716/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4716/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4716/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4716") = 0 mkdir("./4717", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10353 ./strace-static-x86_64: Process 10353 attached [pid 10353] set_robust_list(0x55558abad660, 24) = 0 [pid 10353] chdir("./4717") = 0 [pid 10353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10353] setpgid(0, 0) = 0 [pid 10353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10353] write(3, "1000", 4) = 4 [pid 10353] close(3) = 0 [pid 10353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10353] write(1, "executing program\n", 18executing program ) = 18 [pid 10353] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10353] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10353] memfd_create("syzkaller", 0) = 3 [pid 10353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10353] munmap(0x7ff698483000, 138412032) = 0 [pid 10353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 579.512303][T10351] loop0: detected capacity change from 0 to 512 [ 579.519873][T10351] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 579.530629][T10351] EXT4-fs (loop0): 1 truncate cleaned up [ 579.537569][T10351] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10353] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10353] close(3) = 0 [pid 10353] close(4) = 0 [pid 10353] mkdir("./file0", 0777) = 0 [pid 10353] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10353] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10353] chdir("./file0") = 0 [pid 10353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10353] ioctl(4, LOOP_CLR_FD) = 0 [pid 10353] close(4) = 0 [pid 10353] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10353] truncate("./file2", 0) = 0 [pid 10353] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10353] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10353] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10353, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4717", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4717", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4717/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4717/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4717/binderfs") = 0 umount2("./4717/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4717/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4717/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4717/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4717/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4717/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4717") = 0 mkdir("./4718", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10355 ./strace-static-x86_64: Process 10355 attached [pid 10355] set_robust_list(0x55558abad660, 24) = 0 [pid 10355] chdir("./4718") = 0 [pid 10355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10355] setpgid(0, 0) = 0 [pid 10355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10355] write(3, "1000", 4) = 4 [pid 10355] close(3) = 0 [pid 10355] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10355] write(1, "executing program\n", 18) = 18 [pid 10355] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10355] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10355] memfd_create("syzkaller", 0) = 3 [pid 10355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10355] munmap(0x7ff698483000, 138412032) = 0 [pid 10355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 579.577467][T10353] loop0: detected capacity change from 0 to 512 [ 579.585075][T10353] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 579.595756][T10353] EXT4-fs (loop0): 1 truncate cleaned up [ 579.603747][T10353] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10355] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10355] close(3) = 0 [pid 10355] close(4) = 0 [pid 10355] mkdir("./file0", 0777) = 0 [pid 10355] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10355] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10355] chdir("./file0") = 0 [pid 10355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10355] ioctl(4, LOOP_CLR_FD) = 0 [pid 10355] close(4) = 0 [pid 10355] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10355] truncate("./file2", 0) = 0 [pid 10355] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10355] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10355] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10355, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4718", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4718", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4718/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4718/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4718/binderfs") = 0 umount2("./4718/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4718/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4718/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4718/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4718/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4718/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4718") = 0 mkdir("./4719", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10357 ./strace-static-x86_64: Process 10357 attached [pid 10357] set_robust_list(0x55558abad660, 24) = 0 [pid 10357] chdir("./4719") = 0 [pid 10357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10357] setpgid(0, 0) = 0 [pid 10357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 10357] write(3, "1000", 4) = 4 [pid 10357] close(3) = 0 [pid 10357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10357] write(1, "executing program\n", 18) = 18 [pid 10357] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10357] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10357] memfd_create("syzkaller", 0) = 3 [pid 10357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10357] munmap(0x7ff698483000, 138412032) = 0 [pid 10357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 579.640485][T10355] loop0: detected capacity change from 0 to 512 [ 579.648308][T10355] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 579.659001][T10355] EXT4-fs (loop0): 1 truncate cleaned up [ 579.665866][T10355] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10357] close(3) = 0 [pid 10357] close(4) = 0 [pid 10357] mkdir("./file0", 0777) = 0 [pid 10357] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10357] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10357] chdir("./file0") = 0 [pid 10357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10357] ioctl(4, LOOP_CLR_FD) = 0 [pid 10357] close(4) = 0 [pid 10357] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10357] truncate("./file2", 0) = 0 [pid 10357] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10357] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10357] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10357, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4719", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4719", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4719/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4719/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4719/binderfs") = 0 umount2("./4719/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4719/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4719/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4719/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4719/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4719/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4719") = 0 mkdir("./4720", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10359 ./strace-static-x86_64: Process 10359 attached [pid 10359] set_robust_list(0x55558abad660, 24) = 0 [pid 10359] chdir("./4720") = 0 [pid 10359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10359] setpgid(0, 0) = 0 [pid 10359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10359] write(3, "1000", 4) = 4 [pid 10359] close(3) = 0 [pid 10359] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10359] write(1, "executing program\n", 18) = 18 [pid 10359] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10359] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10359] memfd_create("syzkaller", 0) = 3 [pid 10359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 579.693466][T10357] loop0: detected capacity change from 0 to 512 [ 579.701116][T10357] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 579.711631][T10357] EXT4-fs (loop0): 1 truncate cleaned up [ 579.718973][T10357] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10359] munmap(0x7ff698483000, 138412032) = 0 [pid 10359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10359] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10359] close(3) = 0 [pid 10359] close(4) = 0 [pid 10359] mkdir("./file0", 0777) = 0 [pid 10359] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10359] chdir("./file0") = 0 [pid 10359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10359] ioctl(4, LOOP_CLR_FD) = 0 [pid 10359] close(4) = 0 [pid 10359] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10359] truncate("./file2", 0) = 0 [pid 10359] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10359] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10359] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10359, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4720", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4720", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4720/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4720/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4720/binderfs") = 0 umount2("./4720/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4720/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4720/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4720/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4720/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4720/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4720") = 0 mkdir("./4721", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10361 ./strace-static-x86_64: Process 10361 attached [pid 10361] set_robust_list(0x55558abad660, 24) = 0 [pid 10361] chdir("./4721") = 0 [pid 10361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10361] setpgid(0, 0) = 0 [pid 10361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10361] write(3, "1000", 4) = 4 [pid 10361] close(3) = 0 [pid 10361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10361] write(1, "executing program\n", 18) = 18 [pid 10361] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10361] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10361] memfd_create("syzkaller", 0) = 3 [pid 10361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10361] munmap(0x7ff698483000, 138412032) = 0 [pid 10361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 579.759566][T10359] loop0: detected capacity change from 0 to 512 [ 579.767036][T10359] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 579.777781][T10359] EXT4-fs (loop0): 1 truncate cleaned up [ 579.784775][T10359] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10361] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10361] close(3) = 0 [pid 10361] close(4) = 0 [pid 10361] mkdir("./file0", 0777) = 0 [pid 10361] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10361] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10361] chdir("./file0") = 0 [pid 10361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10361] ioctl(4, LOOP_CLR_FD) = 0 [pid 10361] close(4) = 0 [pid 10361] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10361] truncate("./file2", 0) = 0 [pid 10361] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10361] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10361] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10361, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4721", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4721", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4721/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4721/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4721/binderfs") = 0 umount2("./4721/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4721/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4721/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4721/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4721/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4721/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4721") = 0 mkdir("./4722", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10363 ./strace-static-x86_64: Process 10363 attached [pid 10363] set_robust_list(0x55558abad660, 24) = 0 [pid 10363] chdir("./4722") = 0 [pid 10363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10363] setpgid(0, 0) = 0 [pid 10363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10363] write(3, "1000", 4) = 4 [pid 10363] close(3) = 0 [pid 10363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10363] write(1, "executing program\n", 18executing program ) = 18 [pid 10363] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10363] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10363] memfd_create("syzkaller", 0) = 3 [pid 10363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10363] munmap(0x7ff698483000, 138412032) = 0 [pid 10363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 579.824028][T10361] loop0: detected capacity change from 0 to 512 [ 579.831375][T10361] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 579.842738][T10361] EXT4-fs (loop0): 1 truncate cleaned up [ 579.850062][T10361] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10363] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10363] close(3) = 0 [pid 10363] close(4) = 0 [pid 10363] mkdir("./file0", 0777) = 0 [pid 10363] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10363] chdir("./file0") = 0 [pid 10363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10363] ioctl(4, LOOP_CLR_FD) = 0 [pid 10363] close(4) = 0 [pid 10363] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10363] truncate("./file2", 0) = 0 [pid 10363] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10363] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10363] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10363, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4722", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4722", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4722/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4722/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4722/binderfs") = 0 umount2("./4722/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4722/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4722/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4722/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4722/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4722/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4722") = 0 mkdir("./4723", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10365 ./strace-static-x86_64: Process 10365 attached [pid 10365] set_robust_list(0x55558abad660, 24) = 0 executing program [pid 10365] chdir("./4723") = 0 [pid 10365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10365] setpgid(0, 0) = 0 [pid 10365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10365] write(3, "1000", 4) = 4 [pid 10365] close(3) = 0 [pid 10365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10365] write(1, "executing program\n", 18) = 18 [pid 10365] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10365] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10365] memfd_create("syzkaller", 0) = 3 [pid 10365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10365] munmap(0x7ff698483000, 138412032) = 0 [pid 10365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 579.891857][T10363] loop0: detected capacity change from 0 to 512 [ 579.899432][T10363] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 579.910089][T10363] EXT4-fs (loop0): 1 truncate cleaned up [ 579.917489][T10363] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10365] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10365] close(3) = 0 [pid 10365] close(4) = 0 [pid 10365] mkdir("./file0", 0777) = 0 [pid 10365] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10365] chdir("./file0") = 0 [pid 10365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10365] ioctl(4, LOOP_CLR_FD) = 0 [pid 10365] close(4) = 0 [pid 10365] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10365] truncate("./file2", 0) = 0 [pid 10365] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10365] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10365] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10365, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4723", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4723", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4723/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4723/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4723/binderfs") = 0 umount2("./4723/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4723/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4723/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4723/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4723/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4723/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4723") = 0 mkdir("./4724", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10367 ./strace-static-x86_64: Process 10367 attached [pid 10367] set_robust_list(0x55558abad660, 24) = 0 [pid 10367] chdir("./4724") = 0 [pid 10367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10367] setpgid(0, 0) = 0 [pid 10367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10367] write(3, "1000", 4) = 4 [pid 10367] close(3) = 0 [pid 10367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10367] write(1, "executing program\n", 18) = 18 [pid 10367] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10367] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10367] memfd_create("syzkaller", 0) = 3 [pid 10367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10367] munmap(0x7ff698483000, 138412032) = 0 [pid 10367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 579.950469][T10365] loop0: detected capacity change from 0 to 512 [ 579.957952][T10365] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 579.968694][T10365] EXT4-fs (loop0): 1 truncate cleaned up [ 579.975434][T10365] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10367] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10367] close(3) = 0 [pid 10367] close(4) = 0 [pid 10367] mkdir("./file0", 0777) = 0 [pid 10367] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10367] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10367] chdir("./file0") = 0 [pid 10367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10367] ioctl(4, LOOP_CLR_FD) = 0 [pid 10367] close(4) = 0 [pid 10367] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10367] truncate("./file2", 0) = 0 [pid 10367] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10367] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10367] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10367, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4724", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4724", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4724/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4724/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4724/binderfs") = 0 umount2("./4724/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4724/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4724/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4724/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4724/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4724/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4724") = 0 mkdir("./4725", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10369 ./strace-static-x86_64: Process 10369 attached [pid 10369] set_robust_list(0x55558abad660, 24) = 0 [pid 10369] chdir("./4725") = 0 [pid 10369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10369] setpgid(0, 0) = 0 [pid 10369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10369] write(3, "1000", 4) = 4 [pid 10369] close(3) = 0 [pid 10369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10369] write(1, "executing program\n", 18executing program ) = 18 [pid 10369] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10369] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10369] memfd_create("syzkaller", 0) = 3 [pid 10369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10369] munmap(0x7ff698483000, 138412032) = 0 [pid 10369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 580.008204][T10367] loop0: detected capacity change from 0 to 512 [ 580.015654][T10367] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 580.026374][T10367] EXT4-fs (loop0): 1 truncate cleaned up [ 580.033167][T10367] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10369] close(3) = 0 [pid 10369] close(4) = 0 [pid 10369] mkdir("./file0", 0777) = 0 [pid 10369] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10369] chdir("./file0") = 0 [pid 10369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10369] ioctl(4, LOOP_CLR_FD) = 0 [pid 10369] close(4) = 0 [pid 10369] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10369] truncate("./file2", 0) = 0 [pid 10369] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10369] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10369] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10369, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4725", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4725", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4725/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4725/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4725/binderfs") = 0 umount2("./4725/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4725/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4725/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4725/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4725/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4725/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4725") = 0 mkdir("./4726", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10371 ./strace-static-x86_64: Process 10371 attached [pid 10371] set_robust_list(0x55558abad660, 24) = 0 [pid 10371] chdir("./4726") = 0 [pid 10371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10371] setpgid(0, 0) = 0 [pid 10371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10371] write(3, "1000", 4) = 4 [pid 10371] close(3) = 0 [pid 10371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10371] write(1, "executing program\n", 18executing program ) = 18 [pid 10371] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10371] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10371] memfd_create("syzkaller", 0) = 3 [pid 10371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10371] munmap(0x7ff698483000, 138412032) = 0 [pid 10371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 580.064869][T10369] loop0: detected capacity change from 0 to 512 [ 580.072538][T10369] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 580.083498][T10369] EXT4-fs (loop0): 1 truncate cleaned up [ 580.090157][T10369] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10371] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10371] close(3) = 0 [pid 10371] close(4) = 0 [pid 10371] mkdir("./file0", 0777) = 0 [pid 10371] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10371] chdir("./file0") = 0 [pid 10371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10371] ioctl(4, LOOP_CLR_FD) = 0 [pid 10371] close(4) = 0 [pid 10371] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10371] truncate("./file2", 0) = 0 [pid 10371] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10371] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10371] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10371, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4726", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4726", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4726/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4726/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4726/binderfs") = 0 umount2("./4726/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4726/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4726/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4726/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4726/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4726/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4726") = 0 mkdir("./4727", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10373 ./strace-static-x86_64: Process 10373 attached [pid 10373] set_robust_list(0x55558abad660, 24) = 0 [pid 10373] chdir("./4727") = 0 [pid 10373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10373] setpgid(0, 0) = 0 [pid 10373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10373] write(3, "1000", 4) = 4 [pid 10373] close(3) = 0 [pid 10373] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10373] write(1, "executing program\n", 18) = 18 [pid 10373] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10373] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10373] memfd_create("syzkaller", 0) = 3 [pid 10373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10373] munmap(0x7ff698483000, 138412032) = 0 [pid 10373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 580.132535][T10371] loop0: detected capacity change from 0 to 512 [ 580.140042][T10371] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 580.150737][T10371] EXT4-fs (loop0): 1 truncate cleaned up [ 580.157536][T10371] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10373] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10373] close(3) = 0 [pid 10373] close(4) = 0 [pid 10373] mkdir("./file0", 0777) = 0 [pid 10373] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10373] chdir("./file0") = 0 [pid 10373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10373] ioctl(4, LOOP_CLR_FD) = 0 [pid 10373] close(4) = 0 [pid 10373] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10373] truncate("./file2", 0) = 0 [pid 10373] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10373] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10373] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10373, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4727", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4727", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4727/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4727/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4727/binderfs") = 0 umount2("./4727/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4727/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4727/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4727/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4727/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4727/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4727") = 0 mkdir("./4728", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10375 ./strace-static-x86_64: Process 10375 attached [pid 10375] set_robust_list(0x55558abad660, 24) = 0 [pid 10375] chdir("./4728") = 0 [pid 10375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10375] setpgid(0, 0) = 0 [pid 10375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10375] write(3, "1000", 4) = 4 [pid 10375] close(3) = 0 [pid 10375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10375] write(1, "executing program\n", 18executing program ) = 18 [pid 10375] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10375] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10375] memfd_create("syzkaller", 0) = 3 [pid 10375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10375] munmap(0x7ff698483000, 138412032) = 0 [pid 10375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 580.187436][T10373] loop0: detected capacity change from 0 to 512 [ 580.194681][T10373] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 580.205236][T10373] EXT4-fs (loop0): 1 truncate cleaned up [ 580.212352][T10373] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10375] close(3) = 0 [pid 10375] close(4) = 0 [pid 10375] mkdir("./file0", 0777) = 0 [pid 10375] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10375] chdir("./file0") = 0 [pid 10375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10375] ioctl(4, LOOP_CLR_FD) = 0 [pid 10375] close(4) = 0 [pid 10375] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10375] truncate("./file2", 0) = 0 [pid 10375] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10375] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10375] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10375, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4728", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4728", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4728/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4728/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4728/binderfs") = 0 umount2("./4728/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4728/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4728/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4728/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4728/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4728/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4728") = 0 mkdir("./4729", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10378 ./strace-static-x86_64: Process 10378 attached [pid 10378] set_robust_list(0x55558abad660, 24) = 0 [pid 10378] chdir("./4729") = 0 [pid 10378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10378] setpgid(0, 0) = 0 [pid 10378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10378] write(3, "1000", 4) = 4 [pid 10378] close(3) = 0 [pid 10378] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10378] write(1, "executing program\n", 18) = 18 [pid 10378] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10378] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10378] memfd_create("syzkaller", 0) = 3 [pid 10378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 580.244823][T10375] loop0: detected capacity change from 0 to 512 [ 580.252620][T10375] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 580.263508][T10375] EXT4-fs (loop0): 1 truncate cleaned up [ 580.270437][T10375] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10378] munmap(0x7ff698483000, 138412032) = 0 [pid 10378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10378] close(3) = 0 [pid 10378] close(4) = 0 [pid 10378] mkdir("./file0", 0777) = 0 [pid 10378] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10378] chdir("./file0") = 0 [pid 10378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10378] ioctl(4, LOOP_CLR_FD) = 0 [pid 10378] close(4) = 0 [pid 10378] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10378] truncate("./file2", 0) = 0 [pid 10378] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10378] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10378] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10378, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4729", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4729", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4729/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4729/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4729/binderfs") = 0 umount2("./4729/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4729/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4729/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4729/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4729/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4729/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4729") = 0 mkdir("./4730", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10380 ./strace-static-x86_64: Process 10380 attached [pid 10380] set_robust_list(0x55558abad660, 24) = 0 [pid 10380] chdir("./4730") = 0 [pid 10380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10380] setpgid(0, 0) = 0 [pid 10380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10380] write(3, "1000", 4) = 4 [pid 10380] close(3) = 0 [pid 10380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10380] write(1, "executing program\n", 18executing program ) = 18 [pid 10380] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10380] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10380] memfd_create("syzkaller", 0) = 3 [pid 10380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10380] munmap(0x7ff698483000, 138412032) = 0 [pid 10380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 580.309606][T10378] loop0: detected capacity change from 0 to 512 [ 580.317659][T10378] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 580.328439][T10378] EXT4-fs (loop0): 1 truncate cleaned up [ 580.335260][T10378] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10380] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10380] close(3) = 0 [pid 10380] close(4) = 0 [pid 10380] mkdir("./file0", 0777) = 0 [pid 10380] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10380] chdir("./file0") = 0 [pid 10380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10380] ioctl(4, LOOP_CLR_FD) = 0 [pid 10380] close(4) = 0 [pid 10380] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10380] truncate("./file2", 0) = 0 [pid 10380] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10380] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10380] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10380, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- umount2("./4730", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4730", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4730/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4730/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4730/binderfs") = 0 umount2("./4730/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4730/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4730/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4730/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4730/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4730/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4730") = 0 mkdir("./4731", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10382 ./strace-static-x86_64: Process 10382 attached [pid 10382] set_robust_list(0x55558abad660, 24) = 0 [pid 10382] chdir("./4731") = 0 [pid 10382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10382] setpgid(0, 0) = 0 [pid 10382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10382] write(3, "1000", 4) = 4 [pid 10382] close(3) = 0 [pid 10382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10382] write(1, "executing program\n", 18executing program ) = 18 [pid 10382] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10382] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10382] memfd_create("syzkaller", 0) = 3 [pid 10382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10382] munmap(0x7ff698483000, 138412032) = 0 [pid 10382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 580.371462][T10380] loop0: detected capacity change from 0 to 512 [ 580.378786][T10380] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 580.389340][T10380] EXT4-fs (loop0): 1 truncate cleaned up [ 580.396253][T10380] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10382] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10382] close(3) = 0 [pid 10382] close(4) = 0 [pid 10382] mkdir("./file0", 0777) = 0 [pid 10382] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10382] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10382] chdir("./file0") = 0 [pid 10382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10382] ioctl(4, LOOP_CLR_FD) = 0 [pid 10382] close(4) = 0 [pid 10382] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10382] truncate("./file2", 0) = 0 [pid 10382] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10382] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10382] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10382, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4731", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4731", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4731/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4731/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4731/binderfs") = 0 umount2("./4731/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4731/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4731/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4731/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4731/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, executing program 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4731/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4731") = 0 mkdir("./4732", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10384 ./strace-static-x86_64: Process 10384 attached [pid 10384] set_robust_list(0x55558abad660, 24) = 0 [pid 10384] chdir("./4732") = 0 [pid 10384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10384] setpgid(0, 0) = 0 [pid 10384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10384] write(3, "1000", 4) = 4 [pid 10384] close(3) = 0 [pid 10384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10384] write(1, "executing program\n", 18) = 18 [pid 10384] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10384] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10384] memfd_create("syzkaller", 0) = 3 [pid 10384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10384] munmap(0x7ff698483000, 138412032) = 0 [ 580.425460][T10382] loop0: detected capacity change from 0 to 512 [ 580.432813][T10382] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 580.443764][T10382] EXT4-fs (loop0): 1 truncate cleaned up [ 580.451247][T10382] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10384] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10384] close(3) = 0 [pid 10384] close(4) = 0 [pid 10384] mkdir("./file0", 0777) = 0 [pid 10384] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10384] chdir("./file0") = 0 [pid 10384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10384] ioctl(4, LOOP_CLR_FD) = 0 [pid 10384] close(4) = 0 [pid 10384] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10384] truncate("./file2", 0) = 0 [pid 10384] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10384] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10384] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10384, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4732", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4732", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4732/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4732/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4732/binderfs") = 0 umount2("./4732/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4732/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4732/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4732/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4732/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4732/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4732") = 0 mkdir("./4733", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10386 ./strace-static-x86_64: Process 10386 attached [pid 10386] set_robust_list(0x55558abad660, 24) = 0 [pid 10386] chdir("./4733") = 0 [pid 10386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10386] setpgid(0, 0) = 0 [pid 10386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10386] write(3, "1000", 4) = 4 [pid 10386] close(3) = 0 [pid 10386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10386] write(1, "executing program\n", 18executing program ) = 18 [pid 10386] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10386] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10386] memfd_create("syzkaller", 0) = 3 [pid 10386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10386] munmap(0x7ff698483000, 138412032) = 0 [pid 10386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 580.489292][T10384] loop0: detected capacity change from 0 to 512 [ 580.497274][T10384] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 580.507937][T10384] EXT4-fs (loop0): 1 truncate cleaned up [ 580.515040][T10384] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10386] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10386] close(3) = 0 [pid 10386] close(4) = 0 [pid 10386] mkdir("./file0", 0777) = 0 [pid 10386] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10386] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10386] chdir("./file0") = 0 [pid 10386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10386] ioctl(4, LOOP_CLR_FD) = 0 [pid 10386] close(4) = 0 [pid 10386] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10386] truncate("./file2", 0) = 0 [pid 10386] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10386] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10386] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10386, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4733", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4733", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4733/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4733/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4733/binderfs") = 0 umount2("./4733/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4733/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4733/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4733/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4733/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4733/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4733") = 0 mkdir("./4734", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10388 ./strace-static-x86_64: Process 10388 attached [pid 10388] set_robust_list(0x55558abad660, 24) = 0 [pid 10388] chdir("./4734") = 0 [pid 10388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10388] setpgid(0, 0) = 0 [pid 10388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10388] write(3, "1000", 4) = 4 [pid 10388] close(3) = 0 [pid 10388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10388] write(1, "executing program\n", 18executing program ) = 18 [pid 10388] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10388] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10388] memfd_create("syzkaller", 0) = 3 [pid 10388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10388] munmap(0x7ff698483000, 138412032) = 0 [pid 10388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 580.556595][T10386] loop0: detected capacity change from 0 to 512 [ 580.564253][T10386] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 580.574951][T10386] EXT4-fs (loop0): 1 truncate cleaned up [ 580.582018][T10386] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10388] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10388] close(3) = 0 [pid 10388] close(4) = 0 [pid 10388] mkdir("./file0", 0777) = 0 [pid 10388] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10388] chdir("./file0") = 0 [pid 10388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10388] ioctl(4, LOOP_CLR_FD) = 0 [pid 10388] close(4) = 0 [pid 10388] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10388] truncate("./file2", 0) = 0 [pid 10388] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10388] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10388] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10388, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4734", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4734", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4734/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4734/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4734/binderfs") = 0 umount2("./4734/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4734/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4734/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4734/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4734/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4734/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4734") = 0 mkdir("./4735", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10390 ./strace-static-x86_64: Process 10390 attached [pid 10390] set_robust_list(0x55558abad660, 24) = 0 [pid 10390] chdir("./4735") = 0 [pid 10390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10390] setpgid(0, 0) = 0 [pid 10390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10390] write(3, "1000", 4) = 4 [pid 10390] close(3) = 0 [pid 10390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10390] write(1, "executing program\n", 18) = 18 [pid 10390] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10390] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10390] memfd_create("syzkaller", 0) = 3 [pid 10390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10390] munmap(0x7ff698483000, 138412032) = 0 [pid 10390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 580.616839][T10388] loop0: detected capacity change from 0 to 512 [ 580.624578][T10388] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 580.635300][T10388] EXT4-fs (loop0): 1 truncate cleaned up [ 580.642023][T10388] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10390] close(3) = 0 [pid 10390] close(4) = 0 [pid 10390] mkdir("./file0", 0777) = 0 [pid 10390] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10390] chdir("./file0") = 0 [pid 10390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10390] ioctl(4, LOOP_CLR_FD) = 0 [pid 10390] close(4) = 0 [pid 10390] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10390] truncate("./file2", 0) = 0 [pid 10390] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10390] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10390] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10390, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4735", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4735", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4735/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4735/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4735/binderfs") = 0 umount2("./4735/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4735/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4735/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4735/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4735/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4735/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4735") = 0 mkdir("./4736", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10392 ./strace-static-x86_64: Process 10392 attached [pid 10392] set_robust_list(0x55558abad660, 24) = 0 [pid 10392] chdir("./4736") = 0 [pid 10392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10392] setpgid(0, 0) = 0 [pid 10392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10392] write(3, "1000", 4) = 4 [pid 10392] close(3) = 0 [pid 10392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10392] write(1, "executing program\n", 18) = 18 [pid 10392] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10392] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10392] memfd_create("syzkaller", 0) = 3 [pid 10392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10392] munmap(0x7ff698483000, 138412032) = 0 [pid 10392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 580.682971][T10390] loop0: detected capacity change from 0 to 512 [ 580.690816][T10390] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 580.701394][T10390] EXT4-fs (loop0): 1 truncate cleaned up [ 580.709083][T10390] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10392] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10392] close(3) = 0 [pid 10392] close(4) = 0 [pid 10392] mkdir("./file0", 0777) = 0 [pid 10392] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10392] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10392] chdir("./file0") = 0 [pid 10392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10392] ioctl(4, LOOP_CLR_FD) = 0 [pid 10392] close(4) = 0 [pid 10392] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10392] truncate("./file2", 0) = 0 [pid 10392] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10392] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10392] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10392, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4736", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4736", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4736/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4736/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4736/binderfs") = 0 umount2("./4736/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4736/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4736/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4736/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4736/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4736/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4736") = 0 mkdir("./4737", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10394 ./strace-static-x86_64: Process 10394 attached [pid 10394] set_robust_list(0x55558abad660, 24) = 0 [pid 10394] chdir("./4737") = 0 [pid 10394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10394] setpgid(0, 0) = 0 [pid 10394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10394] write(3, "1000", 4) = 4 [pid 10394] close(3) = 0 [pid 10394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10394] write(1, "executing program\n", 18) = 18 [pid 10394] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10394] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10394] memfd_create("syzkaller", 0) = 3 [pid 10394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10394] munmap(0x7ff698483000, 138412032) = 0 [ 580.735529][T10392] loop0: detected capacity change from 0 to 512 [ 580.742930][T10392] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 580.753496][T10392] EXT4-fs (loop0): 1 truncate cleaned up [ 580.760304][T10392] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10394] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10394] close(3) = 0 [pid 10394] close(4) = 0 [pid 10394] mkdir("./file0", 0777) = 0 [pid 10394] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10394] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10394] chdir("./file0") = 0 [pid 10394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10394] ioctl(4, LOOP_CLR_FD) = 0 [pid 10394] close(4) = 0 [pid 10394] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10394] truncate("./file2", 0) = 0 [pid 10394] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10394] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10394] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10394, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4737", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4737", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4737/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4737/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4737/binderfs") = 0 umount2("./4737/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4737/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4737/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4737/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4737/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4737/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4737") = 0 mkdir("./4738", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10396 ./strace-static-x86_64: Process 10396 attached [pid 10396] set_robust_list(0x55558abad660, 24) = 0 [pid 10396] chdir("./4738") = 0 [pid 10396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10396] setpgid(0, 0) = 0 [pid 10396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10396] write(3, "1000", 4) = 4 [pid 10396] close(3) = 0 [pid 10396] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10396] write(1, "executing program\n", 18) = 18 [pid 10396] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10396] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10396] memfd_create("syzkaller", 0) = 3 [pid 10396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10396] munmap(0x7ff698483000, 138412032) = 0 [pid 10396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 580.796856][T10394] loop0: detected capacity change from 0 to 512 [ 580.804363][T10394] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 580.815053][T10394] EXT4-fs (loop0): 1 truncate cleaned up [ 580.822590][T10394] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10396] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10396] close(3) = 0 [pid 10396] close(4) = 0 [pid 10396] mkdir("./file0", 0777) = 0 [pid 10396] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10396] chdir("./file0") = 0 [pid 10396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10396] ioctl(4, LOOP_CLR_FD) = 0 [pid 10396] close(4) = 0 [pid 10396] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10396] truncate("./file2", 0) = 0 [pid 10396] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10396] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10396] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10396, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4738", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4738", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4738/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4738/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4738/binderfs") = 0 umount2("./4738/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4738/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4738/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4738/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4738/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4738/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4738") = 0 mkdir("./4739", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10398 ./strace-static-x86_64: Process 10398 attached [pid 10398] set_robust_list(0x55558abad660, 24) = 0 [pid 10398] chdir("./4739") = 0 [pid 10398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10398] setpgid(0, 0) = 0 [pid 10398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10398] write(3, "1000", 4) = 4 [pid 10398] close(3) = 0 [pid 10398] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10398] write(1, "executing program\n", 18) = 18 [pid 10398] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10398] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10398] memfd_create("syzkaller", 0) = 3 [pid 10398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10398] munmap(0x7ff698483000, 138412032) = 0 [pid 10398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 580.861558][T10396] loop0: detected capacity change from 0 to 512 [ 580.869433][T10396] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 580.879979][T10396] EXT4-fs (loop0): 1 truncate cleaned up [ 580.887243][T10396] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10398] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10398] close(3) = 0 [pid 10398] close(4) = 0 [pid 10398] mkdir("./file0", 0777) = 0 [pid 10398] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10398] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10398] chdir("./file0") = 0 [pid 10398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10398] ioctl(4, LOOP_CLR_FD) = 0 [pid 10398] close(4) = 0 [pid 10398] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10398] truncate("./file2", 0) = 0 [pid 10398] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10398] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10398] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10398, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4739", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4739", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4739/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4739/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4739/binderfs") = 0 umount2("./4739/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4739/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4739/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4739/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4739/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4739/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4739") = 0 mkdir("./4740", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10400 ./strace-static-x86_64: Process 10400 attached [pid 10400] set_robust_list(0x55558abad660, 24) = 0 [pid 10400] chdir("./4740") = 0 [pid 10400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10400] setpgid(0, 0) = 0 [pid 10400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10400] write(3, "1000", 4) = 4 [pid 10400] close(3) = 0 [pid 10400] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10400] write(1, "executing program\n", 18) = 18 [pid 10400] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10400] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10400] memfd_create("syzkaller", 0) = 3 [pid 10400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10400] munmap(0x7ff698483000, 138412032) = 0 [pid 10400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 580.921070][T10398] loop0: detected capacity change from 0 to 512 [ 580.928489][T10398] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 580.939594][T10398] EXT4-fs (loop0): 1 truncate cleaned up [ 580.946524][T10398] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10400] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10400] close(3) = 0 [pid 10400] close(4) = 0 [pid 10400] mkdir("./file0", 0777) = 0 [pid 10400] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10400] chdir("./file0") = 0 [pid 10400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10400] ioctl(4, LOOP_CLR_FD) = 0 [pid 10400] close(4) = 0 [pid 10400] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10400] truncate("./file2", 0) = 0 [pid 10400] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10400] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10400] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10400, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4740", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4740", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4740/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4740/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4740/binderfs") = 0 umount2("./4740/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4740/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4740/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4740/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4740/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4740/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4740") = 0 mkdir("./4741", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10402 ./strace-static-x86_64: Process 10402 attached [pid 10402] set_robust_list(0x55558abad660, 24) = 0 [pid 10402] chdir("./4741") = 0 [pid 10402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10402] setpgid(0, 0) = 0 [pid 10402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10402] write(3, "1000", 4) = 4 [pid 10402] close(3) = 0 [pid 10402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10402] write(1, "executing program\n", 18executing program ) = 18 [pid 10402] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10402] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10402] memfd_create("syzkaller", 0) = 3 [pid 10402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10402] munmap(0x7ff698483000, 138412032) = 0 [pid 10402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 580.977041][T10400] loop0: detected capacity change from 0 to 512 [ 580.984238][T10400] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 580.994794][T10400] EXT4-fs (loop0): 1 truncate cleaned up [ 581.001982][T10400] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10402] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10402] close(3) = 0 [pid 10402] close(4) = 0 [pid 10402] mkdir("./file0", 0777) = 0 [pid 10402] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10402] chdir("./file0") = 0 [pid 10402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10402] ioctl(4, LOOP_CLR_FD) = 0 [pid 10402] close(4) = 0 [pid 10402] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10402] truncate("./file2", 0) = 0 [pid 10402] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10402] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10402] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10402, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4741", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4741", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4741/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4741/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4741/binderfs") = 0 umount2("./4741/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4741/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4741/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4741/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4741/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4741/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4741") = 0 mkdir("./4742", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10404 ./strace-static-x86_64: Process 10404 attached [pid 10404] set_robust_list(0x55558abad660, 24) = 0 [pid 10404] chdir("./4742") = 0 [pid 10404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10404] setpgid(0, 0) = 0 executing program [pid 10404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10404] write(3, "1000", 4) = 4 [pid 10404] close(3) = 0 [pid 10404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10404] write(1, "executing program\n", 18) = 18 [pid 10404] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10404] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10404] memfd_create("syzkaller", 0) = 3 [pid 10404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10404] munmap(0x7ff698483000, 138412032) = 0 [pid 10404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 581.044701][T10402] loop0: detected capacity change from 0 to 512 [ 581.052115][T10402] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 581.062755][T10402] EXT4-fs (loop0): 1 truncate cleaned up [ 581.069951][T10402] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10404] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10404] close(3) = 0 [pid 10404] close(4) = 0 [pid 10404] mkdir("./file0", 0777) = 0 [pid 10404] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10404] chdir("./file0") = 0 [pid 10404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10404] ioctl(4, LOOP_CLR_FD) = 0 [pid 10404] close(4) = 0 [pid 10404] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10404] truncate("./file2", 0) = 0 [pid 10404] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10404] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10404] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10404, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4742", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4742", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4742/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4742/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4742/binderfs") = 0 umount2("./4742/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4742/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4742/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4742/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4742/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4742/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4742") = 0 mkdir("./4743", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10406 ./strace-static-x86_64: Process 10406 attached [pid 10406] set_robust_list(0x55558abad660, 24) = 0 [pid 10406] chdir("./4743") = 0 [pid 10406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10406] setpgid(0, 0) = 0 [pid 10406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10406] write(3, "1000", 4) = 4 [pid 10406] close(3) = 0 [pid 10406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10406] write(1, "executing program\n", 18) = 18 [pid 10406] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10406] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10406] memfd_create("syzkaller", 0) = 3 [pid 10406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10406] munmap(0x7ff698483000, 138412032) = 0 [pid 10406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 581.113109][T10404] loop0: detected capacity change from 0 to 512 [ 581.120391][T10404] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 581.131367][T10404] EXT4-fs (loop0): 1 truncate cleaned up [ 581.138179][T10404] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10406] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10406] close(3) = 0 [pid 10406] close(4) = 0 [pid 10406] mkdir("./file0", 0777) = 0 [pid 10406] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10406] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10406] chdir("./file0") = 0 [pid 10406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10406] ioctl(4, LOOP_CLR_FD) = 0 [pid 10406] close(4) = 0 [pid 10406] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10406] truncate("./file2", 0) = 0 [pid 10406] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10406] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10406] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10406, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4743", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4743", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4743/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4743/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4743/binderfs") = 0 umount2("./4743/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4743/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4743/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4743/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4743/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4743/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4743") = 0 mkdir("./4744", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10408 ./strace-static-x86_64: Process 10408 attached [pid 10408] set_robust_list(0x55558abad660, 24) = 0 [pid 10408] chdir("./4744") = 0 [pid 10408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10408] setpgid(0, 0) = 0 [pid 10408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10408] write(3, "1000", 4) = 4 [pid 10408] close(3) = 0 [pid 10408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10408] write(1, "executing program\n", 18) = 18 [pid 10408] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10408] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10408] memfd_create("syzkaller", 0) = 3 [pid 10408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10408] munmap(0x7ff698483000, 138412032) = 0 [pid 10408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 581.178582][T10406] loop0: detected capacity change from 0 to 512 [ 581.185868][T10406] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 581.196723][T10406] EXT4-fs (loop0): 1 truncate cleaned up [ 581.203337][T10406] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10408] close(3) = 0 [pid 10408] close(4) = 0 [pid 10408] mkdir("./file0", 0777) = 0 [pid 10408] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10408] chdir("./file0") = 0 [pid 10408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10408] ioctl(4, LOOP_CLR_FD) = 0 [pid 10408] close(4) = 0 [pid 10408] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10408] truncate("./file2", 0) = 0 [pid 10408] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10408] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10408] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10408, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4744", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4744", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4744/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4744/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4744/binderfs") = 0 umount2("./4744/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4744/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4744/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4744/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4744/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4744/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4744") = 0 mkdir("./4745", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10411 ./strace-static-x86_64: Process 10411 attached [pid 10411] set_robust_list(0x55558abad660, 24) = 0 [pid 10411] chdir("./4745") = 0 [pid 10411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10411] setpgid(0, 0) = 0 [pid 10411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10411] write(3, "1000", 4) = 4 [pid 10411] close(3) = 0 [pid 10411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10411] write(1, "executing program\n", 18) = 18 [pid 10411] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10411] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10411] memfd_create("syzkaller", 0) = 3 [pid 10411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10411] munmap(0x7ff698483000, 138412032) = 0 [ 581.241784][T10408] loop0: detected capacity change from 0 to 512 [ 581.249110][T10408] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 581.260007][T10408] EXT4-fs (loop0): 1 truncate cleaned up [ 581.267333][T10408] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10411] close(3) = 0 [pid 10411] close(4) = 0 [pid 10411] mkdir("./file0", 0777) = 0 [pid 10411] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10411] chdir("./file0") = 0 [pid 10411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10411] ioctl(4, LOOP_CLR_FD) = 0 [pid 10411] close(4) = 0 [pid 10411] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10411] truncate("./file2", 0) = 0 [pid 10411] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10411] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10411] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10411, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4745", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4745", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4745/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4745/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4745/binderfs") = 0 umount2("./4745/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4745/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4745/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4745/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4745/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4745/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4745") = 0 mkdir("./4746", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10413 ./strace-static-x86_64: Process 10413 attached [pid 10413] set_robust_list(0x55558abad660, 24) = 0 [pid 10413] chdir("./4746") = 0 [pid 10413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10413] setpgid(0, 0) = 0 [pid 10413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10413] write(3, "1000", 4) = 4 [pid 10413] close(3) = 0 [pid 10413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10413] write(1, "executing program\n", 18executing program ) = 18 [pid 10413] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10413] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10413] memfd_create("syzkaller", 0) = 3 [pid 10413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [ 581.304672][T10411] loop0: detected capacity change from 0 to 512 [ 581.312200][T10411] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 581.323114][T10411] EXT4-fs (loop0): 1 truncate cleaned up [ 581.330727][T10411] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10413] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10413] munmap(0x7ff698483000, 138412032) = 0 [pid 10413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10413] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10413] close(3) = 0 [pid 10413] close(4) = 0 [pid 10413] mkdir("./file0", 0777) = 0 [pid 10413] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10413] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10413] chdir("./file0") = 0 [pid 10413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10413] ioctl(4, LOOP_CLR_FD) = 0 [pid 10413] close(4) = 0 [pid 10413] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10413] truncate("./file2", 0) = 0 [pid 10413] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10413] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10413] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10413, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4746", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4746", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4746/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4746/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4746/binderfs") = 0 umount2("./4746/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4746/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4746/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4746/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4746/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4746/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4746") = 0 mkdir("./4747", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10415 ./strace-static-x86_64: Process 10415 attached [pid 10415] set_robust_list(0x55558abad660, 24) = 0 [pid 10415] chdir("./4747") = 0 [pid 10415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10415] setpgid(0, 0) = 0 [pid 10415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10415] write(3, "1000", 4) = 4 [pid 10415] close(3) = 0 [pid 10415] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10415] write(1, "executing program\n", 18executing program ) = 18 [pid 10415] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10415] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10415] memfd_create("syzkaller", 0) = 3 [pid 10415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10415] munmap(0x7ff698483000, 138412032) = 0 [pid 10415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 581.366907][T10413] loop0: detected capacity change from 0 to 512 [ 581.374186][T10413] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 581.384952][T10413] EXT4-fs (loop0): 1 truncate cleaned up [ 581.392376][T10413] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10415] close(3) = 0 [pid 10415] close(4) = 0 [pid 10415] mkdir("./file0", 0777) = 0 [pid 10415] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10415] chdir("./file0") = 0 [pid 10415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10415] ioctl(4, LOOP_CLR_FD) = 0 [pid 10415] close(4) = 0 [pid 10415] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10415] truncate("./file2", 0) = 0 [pid 10415] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10415] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10415] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10415, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4747", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4747", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4747/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4747/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4747/binderfs") = 0 umount2("./4747/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4747/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4747/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4747/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4747/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4747/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4747") = 0 mkdir("./4748", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10417 ./strace-static-x86_64: Process 10417 attached [pid 10417] set_robust_list(0x55558abad660, 24) = 0 [pid 10417] chdir("./4748") = 0 [pid 10417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10417] setpgid(0, 0) = 0 [pid 10417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10417] write(3, "1000", 4) = 4 [pid 10417] close(3) = 0 [pid 10417] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10417] write(1, "executing program\n", 18) = 18 [pid 10417] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10417] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10417] memfd_create("syzkaller", 0) = 3 [pid 10417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 581.435886][T10415] loop0: detected capacity change from 0 to 512 [ 581.443093][T10415] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 581.453552][T10415] EXT4-fs (loop0): 1 truncate cleaned up [ 581.460226][T10415] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10417] munmap(0x7ff698483000, 138412032) = 0 [pid 10417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10417] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10417] close(3) = 0 [pid 10417] close(4) = 0 [pid 10417] mkdir("./file0", 0777) = 0 [pid 10417] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10417] chdir("./file0") = 0 [pid 10417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10417] ioctl(4, LOOP_CLR_FD) = 0 [pid 10417] close(4) = 0 [pid 10417] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10417] truncate("./file2", 0) = 0 [pid 10417] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10417] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10417] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10417, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4748", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4748", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4748/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4748/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4748/binderfs") = 0 umount2("./4748/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4748/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4748/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4748/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4748/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4748/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4748") = 0 mkdir("./4749", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10419 ./strace-static-x86_64: Process 10419 attached [pid 10419] set_robust_list(0x55558abad660, 24) = 0 [pid 10419] chdir("./4749") = 0 [pid 10419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10419] setpgid(0, 0) = 0 [pid 10419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10419] write(3, "1000", 4) = 4 [pid 10419] close(3) = 0 [pid 10419] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10419] write(1, "executing program\n", 18) = 18 [pid 10419] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10419] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10419] memfd_create("syzkaller", 0) = 3 [pid 10419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10419] munmap(0x7ff698483000, 138412032) = 0 [pid 10419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 581.499753][T10417] loop0: detected capacity change from 0 to 512 [ 581.507377][T10417] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 581.518014][T10417] EXT4-fs (loop0): 1 truncate cleaned up [ 581.525666][T10417] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10419] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10419] close(3) = 0 [pid 10419] close(4) = 0 [pid 10419] mkdir("./file0", 0777) = 0 [pid 10419] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10419] chdir("./file0") = 0 [pid 10419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10419] ioctl(4, LOOP_CLR_FD) = 0 [pid 10419] close(4) = 0 [pid 10419] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10419] truncate("./file2", 0) = 0 [pid 10419] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10419] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10419] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10419, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4749", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4749", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4749/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4749/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4749/binderfs") = 0 umount2("./4749/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4749/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4749/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4749/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4749/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4749/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4749") = 0 mkdir("./4750", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10421 attached , child_tidptr=0x55558abad650) = 10421 [pid 10421] set_robust_list(0x55558abad660, 24) = 0 [pid 10421] chdir("./4750") = 0 [pid 10421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10421] setpgid(0, 0) = 0 [pid 10421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10421] write(3, "1000", 4) = 4 [pid 10421] close(3) = 0 [pid 10421] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10421] write(1, "executing program\n", 18executing program ) = 18 [pid 10421] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10421] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10421] memfd_create("syzkaller", 0) = 3 [pid 10421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10421] munmap(0x7ff698483000, 138412032) = 0 [ 581.566673][T10419] loop0: detected capacity change from 0 to 512 [ 581.574003][T10419] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 581.584520][T10419] EXT4-fs (loop0): 1 truncate cleaned up [ 581.591390][T10419] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10421] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10421] close(3) = 0 [pid 10421] close(4) = 0 [pid 10421] mkdir("./file0", 0777) = 0 [pid 10421] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10421] chdir("./file0") = 0 [pid 10421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10421] ioctl(4, LOOP_CLR_FD) = 0 [pid 10421] close(4) = 0 [pid 10421] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10421] truncate("./file2", 0) = 0 [pid 10421] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10421] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10421] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10421, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4750", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4750", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4750/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4750/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4750/binderfs") = 0 umount2("./4750/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4750/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4750/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4750/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4750/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4750/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4750") = 0 mkdir("./4751", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10423 ./strace-static-x86_64: Process 10423 attached [pid 10423] set_robust_list(0x55558abad660, 24) = 0 [pid 10423] chdir("./4751") = 0 [pid 10423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10423] setpgid(0, 0) = 0 [pid 10423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10423] write(3, "1000", 4) = 4 [pid 10423] close(3) = 0 [pid 10423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10423] write(1, "executing program\n", 18executing program ) = 18 [pid 10423] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10423] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10423] memfd_create("syzkaller", 0) = 3 [pid 10423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10423] munmap(0x7ff698483000, 138412032) = 0 [pid 10423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 581.631432][T10421] loop0: detected capacity change from 0 to 512 [ 581.639452][T10421] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 581.650066][T10421] EXT4-fs (loop0): 1 truncate cleaned up [ 581.657551][T10421] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10423] close(3) = 0 [pid 10423] close(4) = 0 [pid 10423] mkdir("./file0", 0777) = 0 [pid 10423] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10423] chdir("./file0") = 0 [pid 10423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10423] ioctl(4, LOOP_CLR_FD) = 0 [pid 10423] close(4) = 0 [pid 10423] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10423] truncate("./file2", 0) = 0 [pid 10423] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10423] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10423] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10423, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4751", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4751", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4751/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4751/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4751/binderfs") = 0 umount2("./4751/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4751/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4751/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4751/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4751/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4751/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4751") = 0 mkdir("./4752", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10425 ./strace-static-x86_64: Process 10425 attached [pid 10425] set_robust_list(0x55558abad660, 24) = 0 [pid 10425] chdir("./4752") = 0 [pid 10425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10425] setpgid(0, 0) = 0 [pid 10425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10425] write(3, "1000", 4) = 4 [pid 10425] close(3) = 0 [pid 10425] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10425] write(1, "executing program\n", 18executing program ) = 18 [pid 10425] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10425] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10425] memfd_create("syzkaller", 0) = 3 [pid 10425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10425] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10425] munmap(0x7ff698483000, 138412032) = 0 [pid 10425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 581.696341][T10423] loop0: detected capacity change from 0 to 512 [ 581.704094][T10423] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 581.714651][T10423] EXT4-fs (loop0): 1 truncate cleaned up [ 581.721535][T10423] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10425] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10425] close(3) = 0 [pid 10425] close(4) = 0 [pid 10425] mkdir("./file0", 0777) = 0 [pid 10425] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10425] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10425] chdir("./file0") = 0 [pid 10425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10425] ioctl(4, LOOP_CLR_FD) = 0 [pid 10425] close(4) = 0 [pid 10425] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10425] truncate("./file2", 0) = 0 [pid 10425] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10425] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10425] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10425, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4752", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4752", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4752/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4752/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4752/binderfs") = 0 umount2("./4752/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4752/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4752/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4752/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4752/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4752/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4752") = 0 mkdir("./4753", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10427 ./strace-static-x86_64: Process 10427 attached [pid 10427] set_robust_list(0x55558abad660, 24) = 0 [pid 10427] chdir("./4753") = 0 [pid 10427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10427] setpgid(0, 0) = 0 [pid 10427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10427] write(3, "1000", 4) = 4 [pid 10427] close(3) = 0 [pid 10427] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10427] write(1, "executing program\n", 18) = 18 [pid 10427] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10427] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10427] memfd_create("syzkaller", 0) = 3 [pid 10427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10427] munmap(0x7ff698483000, 138412032) = 0 [pid 10427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 581.763041][T10425] loop0: detected capacity change from 0 to 512 [ 581.770541][T10425] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 581.781632][T10425] EXT4-fs (loop0): 1 truncate cleaned up [ 581.788217][T10425] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10427] close(3) = 0 [pid 10427] close(4) = 0 [pid 10427] mkdir("./file0", 0777) = 0 [pid 10427] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10427] chdir("./file0") = 0 [pid 10427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10427] ioctl(4, LOOP_CLR_FD) = 0 [pid 10427] close(4) = 0 [pid 10427] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10427] truncate("./file2", 0) = 0 [pid 10427] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10427] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10427] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10427, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4753", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4753", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4753/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4753/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4753/binderfs") = 0 umount2("./4753/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4753/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4753/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4753/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4753/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4753/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4753") = 0 mkdir("./4754", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10429 ./strace-static-x86_64: Process 10429 attached [pid 10429] set_robust_list(0x55558abad660, 24) = 0 [pid 10429] chdir("./4754") = 0 [pid 10429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10429] setpgid(0, 0) = 0 [pid 10429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10429] write(3, "1000", 4) = 4 [pid 10429] close(3) = 0 [pid 10429] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10429] write(1, "executing program\n", 18) = 18 [pid 10429] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10429] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10429] memfd_create("syzkaller", 0) = 3 [pid 10429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10429] munmap(0x7ff698483000, 138412032) = 0 [pid 10429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 581.820215][T10427] loop0: detected capacity change from 0 to 512 [ 581.827622][T10427] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 581.838173][T10427] EXT4-fs (loop0): 1 truncate cleaned up [ 581.844872][T10427] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10429] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10429] close(3) = 0 [pid 10429] close(4) = 0 [pid 10429] mkdir("./file0", 0777) = 0 [pid 10429] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10429] chdir("./file0") = 0 [pid 10429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10429] ioctl(4, LOOP_CLR_FD) = 0 [pid 10429] close(4) = 0 [pid 10429] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10429] truncate("./file2", 0) = 0 [pid 10429] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10429] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10429] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10429, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4754", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4754", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4754/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4754/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4754/binderfs") = 0 umount2("./4754/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4754/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4754/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4754/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4754/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4754/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4754") = 0 mkdir("./4755", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10431 ./strace-static-x86_64: Process 10431 attached [pid 10431] set_robust_list(0x55558abad660, 24) = 0 [pid 10431] chdir("./4755") = 0 [pid 10431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10431] setpgid(0, 0) = 0 [pid 10431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10431] write(3, "1000", 4) = 4 [pid 10431] close(3) = 0 [pid 10431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10431] write(1, "executing program\n", 18) = 18 [pid 10431] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10431] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10431] memfd_create("syzkaller", 0) = 3 [pid 10431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10431] munmap(0x7ff698483000, 138412032) = 0 [pid 10431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 581.871950][T10429] loop0: detected capacity change from 0 to 512 [ 581.880123][T10429] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 581.891111][T10429] EXT4-fs (loop0): 1 truncate cleaned up [ 581.897819][T10429] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10431] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10431] close(3) = 0 [pid 10431] close(4) = 0 [pid 10431] mkdir("./file0", 0777) = 0 [pid 10431] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10431] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10431] chdir("./file0") = 0 [pid 10431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10431] ioctl(4, LOOP_CLR_FD) = 0 [pid 10431] close(4) = 0 [pid 10431] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10431] truncate("./file2", 0) = 0 [pid 10431] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10431] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10431] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10431, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4755", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4755", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4755/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4755/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4755/binderfs") = 0 umount2("./4755/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4755/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4755/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4755/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4755/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4755/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4755") = 0 mkdir("./4756", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10433 ./strace-static-x86_64: Process 10433 attached [pid 10433] set_robust_list(0x55558abad660, 24) = 0 [pid 10433] chdir("./4756") = 0 [pid 10433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10433] setpgid(0, 0) = 0 [pid 10433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10433] write(3, "1000", 4) = 4 [pid 10433] close(3) = 0 [pid 10433] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10433] write(1, "executing program\n", 18) = 18 [pid 10433] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10433] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10433] memfd_create("syzkaller", 0) = 3 [pid 10433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10433] munmap(0x7ff698483000, 138412032) = 0 [pid 10433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 581.934373][T10431] loop0: detected capacity change from 0 to 512 [ 581.941698][T10431] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 581.952375][T10431] EXT4-fs (loop0): 1 truncate cleaned up [ 581.959576][T10431] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10433] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10433] close(3) = 0 [pid 10433] close(4) = 0 [pid 10433] mkdir("./file0", 0777) = 0 [pid 10433] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10433] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10433] chdir("./file0") = 0 [pid 10433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10433] ioctl(4, LOOP_CLR_FD) = 0 [pid 10433] close(4) = 0 [pid 10433] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10433] truncate("./file2", 0) = 0 [pid 10433] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10433] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10433] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10433, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4756", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4756", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4756/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4756/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4756/binderfs") = 0 umount2("./4756/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4756/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4756/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4756/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4756/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4756/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4756") = 0 mkdir("./4757", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10435 ./strace-static-x86_64: Process 10435 attached [pid 10435] set_robust_list(0x55558abad660, 24) = 0 [pid 10435] chdir("./4757") = 0 [pid 10435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10435] setpgid(0, 0) = 0 [pid 10435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10435] write(3, "1000", 4) = 4 [pid 10435] close(3) = 0 [pid 10435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10435] write(1, "executing program\n", 18) = 18 [pid 10435] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10435] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10435] memfd_create("syzkaller", 0) = 3 [pid 10435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10435] munmap(0x7ff698483000, 138412032) = 0 [ 581.992307][T10433] loop0: detected capacity change from 0 to 512 [ 581.999884][T10433] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 582.010572][T10433] EXT4-fs (loop0): 1 truncate cleaned up [ 582.018594][T10433] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10435] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10435] close(3) = 0 [pid 10435] close(4) = 0 [pid 10435] mkdir("./file0", 0777) = 0 [pid 10435] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10435] chdir("./file0") = 0 [pid 10435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10435] ioctl(4, LOOP_CLR_FD) = 0 [pid 10435] close(4) = 0 [pid 10435] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10435] truncate("./file2", 0) = 0 [pid 10435] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10435] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10435] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10435, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4757", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4757", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4757/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4757/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4757/binderfs") = 0 umount2("./4757/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4757/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4757/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4757/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4757/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4757/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4757") = 0 mkdir("./4758", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10437 ./strace-static-x86_64: Process 10437 attached [pid 10437] set_robust_list(0x55558abad660, 24) = 0 [pid 10437] chdir("./4758") = 0 [pid 10437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10437] setpgid(0, 0) = 0 [pid 10437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10437] write(3, "1000", 4) = 4 [pid 10437] close(3) = 0 [pid 10437] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10437] write(1, "executing program\n", 18) = 18 [pid 10437] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10437] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10437] memfd_create("syzkaller", 0) = 3 [pid 10437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10437] munmap(0x7ff698483000, 138412032) = 0 [pid 10437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 582.054906][T10435] loop0: detected capacity change from 0 to 512 [ 582.062586][T10435] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 582.073189][T10435] EXT4-fs (loop0): 1 truncate cleaned up [ 582.079826][T10435] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10437] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10437] close(3) = 0 [pid 10437] close(4) = 0 [pid 10437] mkdir("./file0", 0777) = 0 [pid 10437] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10437] chdir("./file0") = 0 [pid 10437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10437] ioctl(4, LOOP_CLR_FD) = 0 [pid 10437] close(4) = 0 [pid 10437] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10437] truncate("./file2", 0) = 0 [pid 10437] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10437] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10437] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10437, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4758", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4758", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4758/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4758/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4758/binderfs") = 0 umount2("./4758/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4758/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4758/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4758/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4758/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4758/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4758") = 0 mkdir("./4759", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10439 ./strace-static-x86_64: Process 10439 attached [pid 10439] set_robust_list(0x55558abad660, 24) = 0 [pid 10439] chdir("./4759") = 0 [pid 10439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10439] setpgid(0, 0) = 0 [pid 10439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10439] write(3, "1000", 4) = 4 [pid 10439] close(3) = 0 [pid 10439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10439] write(1, "executing program\n", 18executing program ) = 18 [pid 10439] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10439] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10439] memfd_create("syzkaller", 0) = 3 [pid 10439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10439] munmap(0x7ff698483000, 138412032) = 0 [pid 10439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 582.119253][T10437] loop0: detected capacity change from 0 to 512 [ 582.126789][T10437] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 582.137611][T10437] EXT4-fs (loop0): 1 truncate cleaned up [ 582.144205][T10437] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10439] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10439] close(3) = 0 [pid 10439] close(4) = 0 [pid 10439] mkdir("./file0", 0777) = 0 [pid 10439] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10439] chdir("./file0") = 0 [pid 10439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10439] ioctl(4, LOOP_CLR_FD) = 0 [pid 10439] close(4) = 0 [pid 10439] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10439] truncate("./file2", 0) = 0 [pid 10439] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10439] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10439] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10439, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4759", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4759", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4759/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4759/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4759/binderfs") = 0 umount2("./4759/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4759/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4759/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4759/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4759/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4759/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4759") = 0 mkdir("./4760", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10441 ./strace-static-x86_64: Process 10441 attached [pid 10441] set_robust_list(0x55558abad660, 24) = 0 [pid 10441] chdir("./4760") = 0 [pid 10441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10441] setpgid(0, 0) = 0 [pid 10441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10441] write(3, "1000", 4) = 4 [pid 10441] close(3) = 0 [pid 10441] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10441] write(1, "executing program\n", 18) = 18 [pid 10441] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10441] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10441] memfd_create("syzkaller", 0) = 3 [pid 10441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10441] munmap(0x7ff698483000, 138412032) = 0 [pid 10441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 582.187702][T10439] loop0: detected capacity change from 0 to 512 [ 582.195033][T10439] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 582.205765][T10439] EXT4-fs (loop0): 1 truncate cleaned up [ 582.212888][T10439] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10441] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10441] close(3) = 0 [pid 10441] close(4) = 0 [pid 10441] mkdir("./file0", 0777) = 0 [pid 10441] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10441] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10441] chdir("./file0") = 0 [pid 10441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10441] ioctl(4, LOOP_CLR_FD) = 0 [pid 10441] close(4) = 0 [pid 10441] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10441] truncate("./file2", 0) = 0 [pid 10441] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10441] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10441] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10441, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4760", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4760", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4760/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4760/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4760/binderfs") = 0 umount2("./4760/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4760/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4760/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4760/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4760/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4760/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4760") = 0 mkdir("./4761", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10444 ./strace-static-x86_64: Process 10444 attached [pid 10444] set_robust_list(0x55558abad660, 24) = 0 [pid 10444] chdir("./4761") = 0 [pid 10444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10444] setpgid(0, 0) = 0 [pid 10444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10444] write(3, "1000", 4) = 4 [pid 10444] close(3) = 0 [pid 10444] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10444] write(1, "executing program\n", 18) = 18 [pid 10444] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10444] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10444] memfd_create("syzkaller", 0) = 3 [pid 10444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10444] munmap(0x7ff698483000, 138412032) = 0 [pid 10444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 582.247057][T10441] loop0: detected capacity change from 0 to 512 [ 582.254889][T10441] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 582.265604][T10441] EXT4-fs (loop0): 1 truncate cleaned up [ 582.272800][T10441] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10444] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10444] close(3) = 0 [pid 10444] close(4) = 0 [pid 10444] mkdir("./file0", 0777) = 0 [pid 10444] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10444] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10444] chdir("./file0") = 0 [pid 10444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10444] ioctl(4, LOOP_CLR_FD) = 0 [pid 10444] close(4) = 0 [pid 10444] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10444] truncate("./file2", 0) = 0 [pid 10444] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10444] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10444] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10444, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4761", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4761", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4761/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4761/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4761/binderfs") = 0 umount2("./4761/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4761/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4761/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4761/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4761/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4761/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4761") = 0 mkdir("./4762", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10446 ./strace-static-x86_64: Process 10446 attached [pid 10446] set_robust_list(0x55558abad660, 24) = 0 [pid 10446] chdir("./4762") = 0 [pid 10446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10446] setpgid(0, 0) = 0 [pid 10446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10446] write(3, "1000", 4) = 4 [pid 10446] close(3) = 0 [pid 10446] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10446] write(1, "executing program\n", 18) = 18 [pid 10446] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10446] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10446] memfd_create("syzkaller", 0) = 3 [pid 10446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10446] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10446] munmap(0x7ff698483000, 138412032) = 0 [pid 10446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 582.310843][T10444] loop0: detected capacity change from 0 to 512 [ 582.318247][T10444] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 582.328766][T10444] EXT4-fs (loop0): 1 truncate cleaned up [ 582.335400][T10444] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10446] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10446] close(3) = 0 [pid 10446] close(4) = 0 [pid 10446] mkdir("./file0", 0777) = 0 [pid 10446] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10446] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10446] chdir("./file0") = 0 [pid 10446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10446] ioctl(4, LOOP_CLR_FD) = 0 [pid 10446] close(4) = 0 [pid 10446] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10446] truncate("./file2", 0) = 0 [pid 10446] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10446] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10446] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10446, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4762", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4762", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4762/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4762/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4762/binderfs") = 0 umount2("./4762/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4762/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4762/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4762/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4762/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4762/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4762") = 0 mkdir("./4763", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10448 ./strace-static-x86_64: Process 10448 attached [pid 10448] set_robust_list(0x55558abad660, 24) = 0 [pid 10448] chdir("./4763") = 0 [pid 10448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10448] setpgid(0, 0) = 0 [pid 10448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10448] write(3, "1000", 4) = 4 [pid 10448] close(3) = 0 [pid 10448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10448] write(1, "executing program\n", 18executing program ) = 18 [pid 10448] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10448] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10448] memfd_create("syzkaller", 0) = 3 [pid 10448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10448] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10448] munmap(0x7ff698483000, 138412032) = 0 [pid 10448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 582.375896][T10446] loop0: detected capacity change from 0 to 512 [ 582.383266][T10446] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 582.394213][T10446] EXT4-fs (loop0): 1 truncate cleaned up [ 582.401420][T10446] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10448] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10448] close(3) = 0 [pid 10448] close(4) = 0 [pid 10448] mkdir("./file0", 0777) = 0 [pid 10448] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10448] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10448] chdir("./file0") = 0 [pid 10448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10448] ioctl(4, LOOP_CLR_FD) = 0 [pid 10448] close(4) = 0 [pid 10448] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10448] truncate("./file2", 0) = 0 [pid 10448] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10448] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10448] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10448, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4763", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4763", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4763/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4763/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4763/binderfs") = 0 umount2("./4763/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4763/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4763/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4763/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4763/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4763/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4763") = 0 mkdir("./4764", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10450 ./strace-static-x86_64: Process 10450 attached [pid 10450] set_robust_list(0x55558abad660, 24) = 0 [pid 10450] chdir("./4764") = 0 [pid 10450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10450] setpgid(0, 0) = 0 [pid 10450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10450] write(3, "1000", 4) = 4 [pid 10450] close(3) = 0 [pid 10450] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10450] write(1, "executing program\n", 18) = 18 [pid 10450] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10450] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10450] memfd_create("syzkaller", 0) = 3 [pid 10450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10450] munmap(0x7ff698483000, 138412032) = 0 [pid 10450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 582.443095][T10448] loop0: detected capacity change from 0 to 512 [ 582.450797][T10448] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 582.462295][T10448] EXT4-fs (loop0): 1 truncate cleaned up [ 582.468972][T10448] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10450] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10450] close(3) = 0 [pid 10450] close(4) = 0 [pid 10450] mkdir("./file0", 0777) = 0 [pid 10450] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10450] chdir("./file0") = 0 [pid 10450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10450] ioctl(4, LOOP_CLR_FD) = 0 [pid 10450] close(4) = 0 [pid 10450] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10450] truncate("./file2", 0) = 0 [pid 10450] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10450] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10450] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10450, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4764", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4764", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4764/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4764/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4764/binderfs") = 0 umount2("./4764/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4764/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4764/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4764/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4764/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4764/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4764") = 0 mkdir("./4765", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10452 ./strace-static-x86_64: Process 10452 attached [pid 10452] set_robust_list(0x55558abad660, 24) = 0 [pid 10452] chdir("./4765") = 0 [pid 10452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10452] setpgid(0, 0) = 0 [pid 10452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10452] write(3, "1000", 4) = 4 [pid 10452] close(3) = 0 [pid 10452] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10452] write(1, "executing program\n", 18) = 18 [pid 10452] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10452] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10452] memfd_create("syzkaller", 0) = 3 [pid 10452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10452] munmap(0x7ff698483000, 138412032) = 0 [pid 10452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 582.500255][T10450] loop0: detected capacity change from 0 to 512 [ 582.508123][T10450] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 582.518775][T10450] EXT4-fs (loop0): 1 truncate cleaned up [ 582.525693][T10450] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10452] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10452] close(3) = 0 [pid 10452] close(4) = 0 [pid 10452] mkdir("./file0", 0777) = 0 [pid 10452] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10452] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10452] chdir("./file0") = 0 [pid 10452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10452] ioctl(4, LOOP_CLR_FD) = 0 [pid 10452] close(4) = 0 [pid 10452] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10452] truncate("./file2", 0) = 0 [pid 10452] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10452] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10452] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10452, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4765", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4765", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4765/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4765/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4765/binderfs") = 0 umount2("./4765/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4765/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4765/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4765/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4765/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4765/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4765") = 0 mkdir("./4766", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10454 ./strace-static-x86_64: Process 10454 attached [pid 10454] set_robust_list(0x55558abad660, 24) = 0 [pid 10454] chdir("./4766") = 0 [pid 10454] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10454] setpgid(0, 0) = 0 [pid 10454] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10454] write(3, "1000", 4) = 4 [pid 10454] close(3) = 0 [pid 10454] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10454] write(1, "executing program\n", 18executing program ) = 18 [pid 10454] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10454] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10454] memfd_create("syzkaller", 0) = 3 [pid 10454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10454] munmap(0x7ff698483000, 138412032) = 0 [ 582.565006][T10452] loop0: detected capacity change from 0 to 512 [ 582.572639][T10452] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 582.583270][T10452] EXT4-fs (loop0): 1 truncate cleaned up [ 582.590738][T10452] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10454] close(3) = 0 [pid 10454] close(4) = 0 [pid 10454] mkdir("./file0", 0777) = 0 [pid 10454] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10454] chdir("./file0") = 0 [pid 10454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10454] ioctl(4, LOOP_CLR_FD) = 0 [pid 10454] close(4) = 0 [pid 10454] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10454] truncate("./file2", 0) = 0 [pid 10454] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10454] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10454] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10454, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4766", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4766", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4766/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4766/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4766/binderfs") = 0 umount2("./4766/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4766/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4766/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4766/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4766/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4766/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4766") = 0 mkdir("./4767", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10456 ./strace-static-x86_64: Process 10456 attached [pid 10456] set_robust_list(0x55558abad660, 24) = 0 [pid 10456] chdir("./4767") = 0 [pid 10456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10456] setpgid(0, 0) = 0 [pid 10456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10456] write(3, "1000", 4) = 4 [pid 10456] close(3) = 0 [pid 10456] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10456] write(1, "executing program\n", 18) = 18 [pid 10456] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10456] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10456] memfd_create("syzkaller", 0) = 3 [pid 10456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10456] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10456] munmap(0x7ff698483000, 138412032) = 0 [ 582.630382][T10454] loop0: detected capacity change from 0 to 512 [ 582.637823][T10454] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 582.648408][T10454] EXT4-fs (loop0): 1 truncate cleaned up [ 582.655043][T10454] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10456] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10456] close(3) = 0 [pid 10456] close(4) = 0 [pid 10456] mkdir("./file0", 0777) = 0 [pid 10456] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10456] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10456] chdir("./file0") = 0 [pid 10456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10456] ioctl(4, LOOP_CLR_FD) = 0 [pid 10456] close(4) = 0 [pid 10456] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10456] truncate("./file2", 0) = 0 [pid 10456] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10456] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10456] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10456, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4767", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4767", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4767/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4767/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4767/binderfs") = 0 umount2("./4767/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4767/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4767/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4767/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4767/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4767/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4767") = 0 mkdir("./4768", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10458 ./strace-static-x86_64: Process 10458 attached [pid 10458] set_robust_list(0x55558abad660, 24) = 0 [pid 10458] chdir("./4768") = 0 [pid 10458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10458] setpgid(0, 0) = 0 [pid 10458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10458] write(3, "1000", 4) = 4 [pid 10458] close(3) = 0 [pid 10458] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10458] write(1, "executing program\n", 18) = 18 [pid 10458] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10458] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10458] memfd_create("syzkaller", 0) = 3 [pid 10458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10458] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10458] munmap(0x7ff698483000, 138412032) = 0 [pid 10458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 582.693839][T10456] loop0: detected capacity change from 0 to 512 [ 582.701826][T10456] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 582.712387][T10456] EXT4-fs (loop0): 1 truncate cleaned up [ 582.719115][T10456] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10458] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10458] close(3) = 0 [pid 10458] close(4) = 0 [pid 10458] mkdir("./file0", 0777) = 0 [pid 10458] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10458] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10458] chdir("./file0") = 0 [pid 10458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10458] ioctl(4, LOOP_CLR_FD) = 0 [pid 10458] close(4) = 0 [pid 10458] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10458] truncate("./file2", 0) = 0 [pid 10458] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10458] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10458] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10458, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4768", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4768", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4768/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4768/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4768/binderfs") = 0 umount2("./4768/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4768/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4768/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4768/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4768/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4768/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4768") = 0 mkdir("./4769", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10461 ./strace-static-x86_64: Process 10461 attached [pid 10461] set_robust_list(0x55558abad660, 24) = 0 [pid 10461] chdir("./4769") = 0 [pid 10461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10461] setpgid(0, 0) = 0 [pid 10461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10461] write(3, "1000", 4executing program ) = 4 [pid 10461] close(3) = 0 [pid 10461] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10461] write(1, "executing program\n", 18) = 18 [pid 10461] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10461] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10461] memfd_create("syzkaller", 0) = 3 [pid 10461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10461] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10461] munmap(0x7ff698483000, 138412032) = 0 [pid 10461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 582.751361][T10458] loop0: detected capacity change from 0 to 512 [ 582.758685][T10458] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 582.769405][T10458] EXT4-fs (loop0): 1 truncate cleaned up [ 582.776298][T10458] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10461] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10461] close(3) = 0 [pid 10461] close(4) = 0 [pid 10461] mkdir("./file0", 0777) = 0 [pid 10461] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10461] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10461] chdir("./file0") = 0 [pid 10461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10461] ioctl(4, LOOP_CLR_FD) = 0 [pid 10461] close(4) = 0 [pid 10461] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10461] truncate("./file2", 0) = 0 [pid 10461] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10461] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10461] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10461, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4769", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4769", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4769/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4769/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4769/binderfs") = 0 umount2("./4769/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4769/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4769/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4769/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4769/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4769/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4769") = 0 mkdir("./4770", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10463 ./strace-static-x86_64: Process 10463 attached [pid 10463] set_robust_list(0x55558abad660, 24) = 0 [pid 10463] chdir("./4770") = 0 [pid 10463] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10463] setpgid(0, 0) = 0 [pid 10463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10463] write(3, "1000", 4) = 4 [pid 10463] close(3) = 0 [pid 10463] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10463] write(1, "executing program\n", 18) = 18 [pid 10463] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10463] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10463] memfd_create("syzkaller", 0) = 3 [pid 10463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10463] munmap(0x7ff698483000, 138412032) = 0 [ 582.808609][T10461] loop0: detected capacity change from 0 to 512 [ 582.815884][T10461] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 582.826757][T10461] EXT4-fs (loop0): 1 truncate cleaned up [ 582.833628][T10461] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10463] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10463] close(3) = 0 [pid 10463] close(4) = 0 [pid 10463] mkdir("./file0", 0777) = 0 [pid 10463] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10463] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10463] chdir("./file0") = 0 [pid 10463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10463] ioctl(4, LOOP_CLR_FD) = 0 [pid 10463] close(4) = 0 [pid 10463] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10463] truncate("./file2", 0) = 0 [pid 10463] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10463] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10463] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10463, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4770", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4770", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4770/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4770/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4770/binderfs") = 0 umount2("./4770/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4770/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4770/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4770/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4770/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4770/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4770") = 0 mkdir("./4771", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10465 ./strace-static-x86_64: Process 10465 attached [pid 10465] set_robust_list(0x55558abad660, 24) = 0 [pid 10465] chdir("./4771") = 0 [pid 10465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10465] setpgid(0, 0) = 0 [pid 10465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10465] write(3, "1000", 4) = 4 [pid 10465] close(3) = 0 [pid 10465] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10465] write(1, "executing program\n", 18executing program ) = 18 [pid 10465] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10465] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10465] memfd_create("syzkaller", 0) = 3 [pid 10465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10465] munmap(0x7ff698483000, 138412032) = 0 [pid 10465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 582.865621][T10463] loop0: detected capacity change from 0 to 512 [ 582.873336][T10463] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 582.883749][T10463] EXT4-fs (loop0): 1 truncate cleaned up [ 582.890786][T10463] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10465] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10465] close(3) = 0 [pid 10465] close(4) = 0 [pid 10465] mkdir("./file0", 0777) = 0 [pid 10465] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10465] chdir("./file0") = 0 [pid 10465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10465] ioctl(4, LOOP_CLR_FD) = 0 [pid 10465] close(4) = 0 [pid 10465] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10465] truncate("./file2", 0) = 0 [pid 10465] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10465] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10465] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10465, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4771", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4771", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4771/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4771/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4771/binderfs") = 0 umount2("./4771/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4771/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4771/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4771/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4771/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4771/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4771") = 0 mkdir("./4772", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10467 ./strace-static-x86_64: Process 10467 attached [pid 10467] set_robust_list(0x55558abad660, 24) = 0 [pid 10467] chdir("./4772") = 0 [pid 10467] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10467] setpgid(0, 0) = 0 [pid 10467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10467] write(3, "1000", 4) = 4 [pid 10467] close(3) = 0 [pid 10467] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10467] write(1, "executing program\n", 18) = 18 [pid 10467] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10467] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10467] memfd_create("syzkaller", 0) = 3 [pid 10467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10467] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 582.929326][T10465] loop0: detected capacity change from 0 to 512 [ 582.937114][T10465] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 582.947616][T10465] EXT4-fs (loop0): 1 truncate cleaned up [ 582.954448][T10465] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10467] munmap(0x7ff698483000, 138412032) = 0 [pid 10467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10467] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10467] close(3) = 0 [pid 10467] close(4) = 0 [pid 10467] mkdir("./file0", 0777) = 0 [pid 10467] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10467] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10467] chdir("./file0") = 0 [pid 10467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10467] ioctl(4, LOOP_CLR_FD) = 0 [pid 10467] close(4) = 0 [pid 10467] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10467] truncate("./file2", 0) = 0 [pid 10467] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10467] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10467] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10467, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4772", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4772", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4772/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4772/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4772/binderfs") = 0 umount2("./4772/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4772/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4772/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4772/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4772/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4772/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4772") = 0 mkdir("./4773", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10469 ./strace-static-x86_64: Process 10469 attached [pid 10469] set_robust_list(0x55558abad660, 24) = 0 [pid 10469] chdir("./4773") = 0 [ 582.994160][T10467] loop0: detected capacity change from 0 to 512 [ 583.001975][T10467] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 583.012503][T10467] EXT4-fs (loop0): 1 truncate cleaned up [ 583.020208][T10467] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10469] setpgid(0, 0) = 0 [pid 10469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10469] write(3, "1000", 4) = 4 executing program [pid 10469] close(3) = 0 [pid 10469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10469] write(1, "executing program\n", 18) = 18 [pid 10469] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10469] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10469] memfd_create("syzkaller", 0) = 3 [pid 10469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10469] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10469] munmap(0x7ff698483000, 138412032) = 0 [pid 10469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10469] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10469] close(3) = 0 [pid 10469] close(4) = 0 [pid 10469] mkdir("./file0", 0777) = 0 [pid 10469] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10469] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10469] chdir("./file0") = 0 [pid 10469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10469] ioctl(4, LOOP_CLR_FD) = 0 [pid 10469] close(4) = 0 [pid 10469] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10469] truncate("./file2", 0) = 0 [pid 10469] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10469] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10469] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10469, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4773", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4773", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4773/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4773/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4773/binderfs") = 0 umount2("./4773/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4773/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4773/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4773/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4773/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4773/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4773") = 0 mkdir("./4774", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10471 ./strace-static-x86_64: Process 10471 attached [pid 10471] set_robust_list(0x55558abad660, 24) = 0 [pid 10471] chdir("./4774") = 0 [pid 10471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10471] setpgid(0, 0) = 0 [pid 10471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10471] write(3, "1000", 4) = 4 [pid 10471] close(3) = 0 [pid 10471] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10471] write(1, "executing program\n", 18) = 18 [pid 10471] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10471] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10471] memfd_create("syzkaller", 0) = 3 [pid 10471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10471] munmap(0x7ff698483000, 138412032) = 0 [ 583.080362][T10469] loop0: detected capacity change from 0 to 512 [ 583.087906][T10469] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 583.098716][T10469] EXT4-fs (loop0): 1 truncate cleaned up [ 583.105976][T10469] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10471] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10471] close(3) = 0 [pid 10471] close(4) = 0 [pid 10471] mkdir("./file0", 0777) = 0 [pid 10471] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10471] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10471] chdir("./file0") = 0 [pid 10471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10471] ioctl(4, LOOP_CLR_FD) = 0 [pid 10471] close(4) = 0 [pid 10471] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10471] truncate("./file2", 0) = 0 [pid 10471] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10471] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10471] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10471, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4774", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4774", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4774/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4774/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4774/binderfs") = 0 umount2("./4774/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4774/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4774/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4774/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4774/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4774/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4774") = 0 mkdir("./4775", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10473 ./strace-static-x86_64: Process 10473 attached [pid 10473] set_robust_list(0x55558abad660, 24) = 0 [pid 10473] chdir("./4775") = 0 [pid 10473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10473] setpgid(0, 0) = 0 [pid 10473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10473] write(3, "1000", 4) = 4 [pid 10473] close(3) = 0 [pid 10473] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10473] write(1, "executing program\n", 18executing program ) = 18 [pid 10473] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10473] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10473] memfd_create("syzkaller", 0) = 3 [pid 10473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10473] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10473] munmap(0x7ff698483000, 138412032) = 0 [ 583.140698][T10471] loop0: detected capacity change from 0 to 512 [ 583.148825][T10471] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 583.159481][T10471] EXT4-fs (loop0): 1 truncate cleaned up [ 583.166269][T10471] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10473] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10473] close(3) = 0 [pid 10473] close(4) = 0 [pid 10473] mkdir("./file0", 0777) = 0 [pid 10473] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10473] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10473] chdir("./file0") = 0 [pid 10473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10473] ioctl(4, LOOP_CLR_FD) = 0 [pid 10473] close(4) = 0 [pid 10473] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10473] truncate("./file2", 0) = 0 [pid 10473] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10473] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10473] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10473, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4775", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4775", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4775/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4775/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4775/binderfs") = 0 umount2("./4775/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4775/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4775/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4775/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4775/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4775/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4775") = 0 mkdir("./4776", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10476 ./strace-static-x86_64: Process 10476 attached [pid 10476] set_robust_list(0x55558abad660, 24) = 0 [pid 10476] chdir("./4776") = 0 [pid 10476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10476] setpgid(0, 0) = 0 [pid 10476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10476] write(3, "1000", 4) = 4 [pid 10476] close(3) = 0 [pid 10476] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10476] write(1, "executing program\n", 18) = 18 [pid 10476] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10476] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10476] memfd_create("syzkaller", 0) = 3 [pid 10476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10476] munmap(0x7ff698483000, 138412032) = 0 [pid 10476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 583.205957][T10473] loop0: detected capacity change from 0 to 512 [ 583.213454][T10473] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 583.224201][T10473] EXT4-fs (loop0): 1 truncate cleaned up [ 583.231336][T10473] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10476] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10476] close(3) = 0 [pid 10476] close(4) = 0 [pid 10476] mkdir("./file0", 0777) = 0 [pid 10476] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10476] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10476] chdir("./file0") = 0 [pid 10476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10476] ioctl(4, LOOP_CLR_FD) = 0 [pid 10476] close(4) = 0 [pid 10476] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10476] truncate("./file2", 0) = 0 [pid 10476] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10476] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10476] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10476, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4776", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4776", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4776/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4776/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4776/binderfs") = 0 umount2("./4776/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4776/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4776/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4776/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4776/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4776/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4776") = 0 mkdir("./4777", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10478 ./strace-static-x86_64: Process 10478 attached [pid 10478] set_robust_list(0x55558abad660, 24) = 0 [pid 10478] chdir("./4777") = 0 [pid 10478] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10478] setpgid(0, 0) = 0 [pid 10478] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10478] write(3, "1000", 4) = 4 [pid 10478] close(3) = 0 [pid 10478] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10478] write(1, "executing program\n", 18) = 18 [pid 10478] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10478] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10478] memfd_create("syzkaller", 0) = 3 [pid 10478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10478] munmap(0x7ff698483000, 138412032) = 0 [pid 10478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 583.267173][T10476] loop0: detected capacity change from 0 to 512 [ 583.274445][T10476] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 583.285051][T10476] EXT4-fs (loop0): 1 truncate cleaned up [ 583.292253][T10476] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10478] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10478] close(3) = 0 [pid 10478] close(4) = 0 [pid 10478] mkdir("./file0", 0777) = 0 [pid 10478] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10478] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10478] chdir("./file0") = 0 [pid 10478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10478] ioctl(4, LOOP_CLR_FD) = 0 [pid 10478] close(4) = 0 [pid 10478] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10478] truncate("./file2", 0) = 0 [pid 10478] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10478] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10478] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10478, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4777", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4777", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4777/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4777/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4777/binderfs") = 0 umount2("./4777/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4777/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4777/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4777/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4777/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4777/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4777") = 0 mkdir("./4778", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10480 ./strace-static-x86_64: Process 10480 attached [pid 10480] set_robust_list(0x55558abad660, 24) = 0 [pid 10480] chdir("./4778") = 0 [pid 10480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10480] setpgid(0, 0) = 0 [pid 10480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10480] write(3, "1000", 4) = 4 [pid 10480] close(3) = 0 [pid 10480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10480] write(1, "executing program\n", 18executing program ) = 18 [pid 10480] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10480] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10480] memfd_create("syzkaller", 0) = 3 [pid 10480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10480] munmap(0x7ff698483000, 138412032) = 0 [pid 10480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 583.328842][T10478] loop0: detected capacity change from 0 to 512 [ 583.336169][T10478] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 583.346974][T10478] EXT4-fs (loop0): 1 truncate cleaned up [ 583.354228][T10478] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10480] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10480] close(3) = 0 [pid 10480] close(4) = 0 [pid 10480] mkdir("./file0", 0777) = 0 [pid 10480] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10480] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10480] chdir("./file0") = 0 [pid 10480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10480] ioctl(4, LOOP_CLR_FD) = 0 [pid 10480] close(4) = 0 [pid 10480] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10480] truncate("./file2", 0) = 0 [pid 10480] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10480] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10480] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10480, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4778", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4778", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4778/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4778/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4778/binderfs") = 0 umount2("./4778/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4778/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4778/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4778/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4778/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4778/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4778") = 0 mkdir("./4779", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10482 ./strace-static-x86_64: Process 10482 attached [pid 10482] set_robust_list(0x55558abad660, 24) = 0 executing program [pid 10482] chdir("./4779") = 0 [pid 10482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10482] setpgid(0, 0) = 0 [pid 10482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10482] write(3, "1000", 4) = 4 [pid 10482] close(3) = 0 [pid 10482] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10482] write(1, "executing program\n", 18) = 18 [pid 10482] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10482] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10482] memfd_create("syzkaller", 0) = 3 [pid 10482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10482] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10482] munmap(0x7ff698483000, 138412032) = 0 [pid 10482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 583.394402][T10480] loop0: detected capacity change from 0 to 512 [ 583.402024][T10480] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 583.412863][T10480] EXT4-fs (loop0): 1 truncate cleaned up [ 583.419931][T10480] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10482] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10482] close(3) = 0 [pid 10482] close(4) = 0 [pid 10482] mkdir("./file0", 0777) = 0 [pid 10482] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10482] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10482] chdir("./file0") = 0 [pid 10482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10482] ioctl(4, LOOP_CLR_FD) = 0 [pid 10482] close(4) = 0 [pid 10482] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10482] truncate("./file2", 0) = 0 [pid 10482] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10482] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10482] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10482, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4779", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4779", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4779/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4779/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4779/binderfs") = 0 umount2("./4779/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4779/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4779/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4779/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4779/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4779/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4779") = 0 mkdir("./4780", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10484 ./strace-static-x86_64: Process 10484 attached [pid 10484] set_robust_list(0x55558abad660, 24) = 0 [pid 10484] chdir("./4780") = 0 [pid 10484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10484] setpgid(0, 0) = 0 [pid 10484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10484] write(3, "1000", 4) = 4 [pid 10484] close(3) = 0 [pid 10484] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10484] write(1, "executing program\n", 18) = 18 [pid 10484] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10484] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10484] memfd_create("syzkaller", 0) = 3 [pid 10484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10484] munmap(0x7ff698483000, 138412032) = 0 [ 583.447575][T10482] loop0: detected capacity change from 0 to 512 [ 583.455164][T10482] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 583.465722][T10482] EXT4-fs (loop0): 1 truncate cleaned up [ 583.472941][T10482] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10484] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10484] close(3) = 0 [pid 10484] close(4) = 0 [pid 10484] mkdir("./file0", 0777) = 0 [pid 10484] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10484] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10484] chdir("./file0") = 0 [pid 10484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10484] ioctl(4, LOOP_CLR_FD) = 0 [pid 10484] close(4) = 0 [pid 10484] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10484] truncate("./file2", 0) = 0 [pid 10484] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10484] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10484] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10484, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4780", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4780", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4780/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4780/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4780/binderfs") = 0 umount2("./4780/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4780/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4780/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4780/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4780/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4780/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4780") = 0 mkdir("./4781", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10486 ./strace-static-x86_64: Process 10486 attached [pid 10486] set_robust_list(0x55558abad660, 24) = 0 [pid 10486] chdir("./4781") = 0 [pid 10486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10486] setpgid(0, 0) = 0 [pid 10486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10486] write(3, "1000", 4) = 4 [pid 10486] close(3) = 0 [pid 10486] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10486] write(1, "executing program\n", 18) = 18 [pid 10486] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10486] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10486] memfd_create("syzkaller", 0) = 3 [pid 10486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10486] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10486] munmap(0x7ff698483000, 138412032) = 0 [pid 10486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 583.513372][T10484] loop0: detected capacity change from 0 to 512 [ 583.520867][T10484] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 583.531579][T10484] EXT4-fs (loop0): 1 truncate cleaned up [ 583.538424][T10484] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10486] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10486] close(3) = 0 [pid 10486] close(4) = 0 [pid 10486] mkdir("./file0", 0777) = 0 [pid 10486] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10486] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10486] chdir("./file0") = 0 [pid 10486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10486] ioctl(4, LOOP_CLR_FD) = 0 [pid 10486] close(4) = 0 [pid 10486] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10486] truncate("./file2", 0) = 0 [pid 10486] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10486] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10486] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10486, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- umount2("./4781", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4781", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4781/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4781/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4781/binderfs") = 0 umount2("./4781/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4781/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4781/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4781/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4781/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4781/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4781") = 0 mkdir("./4782", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10488 ./strace-static-x86_64: Process 10488 attached [pid 10488] set_robust_list(0x55558abad660, 24) = 0 [pid 10488] chdir("./4782") = 0 [pid 10488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10488] setpgid(0, 0) = 0 [pid 10488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10488] write(3, "1000", 4) = 4 [pid 10488] close(3) = 0 [pid 10488] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10488] write(1, "executing program\n", 18) = 18 [pid 10488] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10488] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10488] memfd_create("syzkaller", 0) = 3 [pid 10488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10488] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10488] munmap(0x7ff698483000, 138412032) = 0 [pid 10488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10488] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10488] close(3) = 0 [pid 10488] close(4) = 0 [pid 10488] mkdir("./file0", 0777) = 0 [ 583.577929][T10486] loop0: detected capacity change from 0 to 512 [ 583.585188][T10486] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 583.595770][T10486] EXT4-fs (loop0): 1 truncate cleaned up [ 583.602803][T10486] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10488] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10488] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10488] chdir("./file0") = 0 [pid 10488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10488] ioctl(4, LOOP_CLR_FD) = 0 [pid 10488] close(4) = 0 [pid 10488] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10488] truncate("./file2", 0) = 0 [pid 10488] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10488] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10488] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10488, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4782", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4782", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4782/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4782/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4782/binderfs") = 0 umount2("./4782/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4782/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4782/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4782/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4782/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4782/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4782") = 0 mkdir("./4783", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10490 ./strace-static-x86_64: Process 10490 attached [pid 10490] set_robust_list(0x55558abad660, 24) = 0 [pid 10490] chdir("./4783") = 0 [pid 10490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10490] setpgid(0, 0) = 0 [pid 10490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10490] write(3, "1000", 4) = 4 [pid 10490] close(3) = 0 [pid 10490] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10490] write(1, "executing program\n", 18) = 18 [pid 10490] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10490] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10490] memfd_create("syzkaller", 0) = 3 [pid 10490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10490] munmap(0x7ff698483000, 138412032) = 0 [pid 10490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 583.629634][T10488] loop0: detected capacity change from 0 to 512 [ 583.637417][T10488] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 583.648499][T10488] EXT4-fs (loop0): 1 truncate cleaned up [ 583.655417][T10488] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10490] close(3) = 0 [pid 10490] close(4) = 0 [pid 10490] mkdir("./file0", 0777) = 0 [pid 10490] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10490] chdir("./file0") = 0 [pid 10490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10490] ioctl(4, LOOP_CLR_FD) = 0 [pid 10490] close(4) = 0 [pid 10490] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10490] truncate("./file2", 0) = 0 [pid 10490] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10490] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10490] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10490, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4783", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4783", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4783/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4783/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4783/binderfs") = 0 umount2("./4783/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4783/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4783/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4783/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4783/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4783/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4783") = 0 mkdir("./4784", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10492 ./strace-static-x86_64: Process 10492 attached [pid 10492] set_robust_list(0x55558abad660, 24) = 0 [pid 10492] chdir("./4784") = 0 [pid 10492] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10492] setpgid(0, 0) = 0 [pid 10492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10492] write(3, "1000", 4) = 4 [pid 10492] close(3) = 0 [pid 10492] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10492] write(1, "executing program\n", 18) = 18 [pid 10492] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10492] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10492] memfd_create("syzkaller", 0) = 3 [pid 10492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10492] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10492] munmap(0x7ff698483000, 138412032) = 0 [pid 10492] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 583.685288][T10490] loop0: detected capacity change from 0 to 512 [ 583.692487][T10490] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 583.703110][T10490] EXT4-fs (loop0): 1 truncate cleaned up [ 583.709883][T10490] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10492] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10492] close(3) = 0 [pid 10492] close(4) = 0 [pid 10492] mkdir("./file0", 0777) = 0 [pid 10492] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10492] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10492] chdir("./file0") = 0 [pid 10492] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10492] ioctl(4, LOOP_CLR_FD) = 0 [pid 10492] close(4) = 0 [pid 10492] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10492] truncate("./file2", 0) = 0 [pid 10492] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10492] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10492] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10492, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4784", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4784", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4784/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4784/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4784/binderfs") = 0 umount2("./4784/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4784/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4784/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4784/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4784/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4784/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4784") = 0 mkdir("./4785", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10494 ./strace-static-x86_64: Process 10494 attached [pid 10494] set_robust_list(0x55558abad660, 24) = 0 [pid 10494] chdir("./4785") = 0 [pid 10494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10494] setpgid(0, 0) = 0 [pid 10494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10494] write(3, "1000", 4) = 4 [pid 10494] close(3) = 0 [pid 10494] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10494] write(1, "executing program\n", 18) = 18 [pid 10494] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10494] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10494] memfd_create("syzkaller", 0) = 3 [pid 10494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10494] munmap(0x7ff698483000, 138412032) = 0 [pid 10494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 583.752888][T10492] loop0: detected capacity change from 0 to 512 [ 583.760203][T10492] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 583.771019][T10492] EXT4-fs (loop0): 1 truncate cleaned up [ 583.778160][T10492] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10494] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10494] close(3) = 0 [pid 10494] close(4) = 0 [pid 10494] mkdir("./file0", 0777) = 0 [pid 10494] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10494] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10494] chdir("./file0") = 0 [pid 10494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10494] ioctl(4, LOOP_CLR_FD) = 0 [pid 10494] close(4) = 0 [pid 10494] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10494] truncate("./file2", 0) = 0 [pid 10494] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10494] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10494] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10494, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- umount2("./4785", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4785", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4785/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4785/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4785/binderfs") = 0 umount2("./4785/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4785/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4785/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4785/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4785/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4785/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4785") = 0 mkdir("./4786", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10496 ./strace-static-x86_64: Process 10496 attached [pid 10496] set_robust_list(0x55558abad660, 24) = 0 [pid 10496] chdir("./4786") = 0 [pid 10496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10496] setpgid(0, 0) = 0 [pid 10496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10496] write(3, "1000", 4) = 4 [pid 10496] close(3) = 0 [pid 10496] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10496] write(1, "executing program\n", 18executing program ) = 18 [pid 10496] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10496] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10496] memfd_create("syzkaller", 0) = 3 [pid 10496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10496] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10496] munmap(0x7ff698483000, 138412032) = 0 [pid 10496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 583.809396][T10494] loop0: detected capacity change from 0 to 512 [ 583.817483][T10494] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 583.828189][T10494] EXT4-fs (loop0): 1 truncate cleaned up [ 583.834917][T10494] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10496] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10496] close(3) = 0 [pid 10496] close(4) = 0 [pid 10496] mkdir("./file0", 0777) = 0 [pid 10496] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10496] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10496] chdir("./file0") = 0 [pid 10496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10496] ioctl(4, LOOP_CLR_FD) = 0 [pid 10496] close(4) = 0 [pid 10496] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10496] truncate("./file2", 0) = 0 [pid 10496] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10496] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10496] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10496, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4786", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4786", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4786/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4786/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4786/binderfs") = 0 umount2("./4786/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4786/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4786/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4786/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4786/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4786/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4786") = 0 mkdir("./4787", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10498 ./strace-static-x86_64: Process 10498 attached [pid 10498] set_robust_list(0x55558abad660, 24) = 0 [pid 10498] chdir("./4787") = 0 [pid 10498] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10498] setpgid(0, 0) = 0 [pid 10498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 10498] write(3, "1000", 4) = 4 [pid 10498] close(3) = 0 [pid 10498] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10498] write(1, "executing program\n", 18) = 18 [pid 10498] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10498] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10498] memfd_create("syzkaller", 0) = 3 [pid 10498] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10498] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10498] munmap(0x7ff698483000, 138412032) = 0 [pid 10498] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 583.866642][T10496] loop0: detected capacity change from 0 to 512 [ 583.873975][T10496] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 583.884517][T10496] EXT4-fs (loop0): 1 truncate cleaned up [ 583.891831][T10496] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10498] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10498] close(3) = 0 [pid 10498] close(4) = 0 [pid 10498] mkdir("./file0", 0777) = 0 [pid 10498] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10498] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10498] chdir("./file0") = 0 [pid 10498] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10498] ioctl(4, LOOP_CLR_FD) = 0 [pid 10498] close(4) = 0 [pid 10498] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10498] truncate("./file2", 0) = 0 [pid 10498] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10498] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10498] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10498, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4787", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4787", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4787/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4787/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4787/binderfs") = 0 umount2("./4787/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4787/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4787/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4787/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4787/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4787/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4787") = 0 mkdir("./4788", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10500 ./strace-static-x86_64: Process 10500 attached [pid 10500] set_robust_list(0x55558abad660, 24) = 0 [pid 10500] chdir("./4788") = 0 [pid 10500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10500] setpgid(0, 0) = 0 [pid 10500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10500] write(3, "1000", 4) = 4 [pid 10500] close(3) = 0 [pid 10500] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10500] write(1, "executing program\n", 18) = 18 [pid 10500] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10500] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10500] memfd_create("syzkaller", 0) = 3 [pid 10500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10500] munmap(0x7ff698483000, 138412032) = 0 [pid 10500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 583.925938][T10498] loop0: detected capacity change from 0 to 512 [ 583.934295][T10498] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 583.945133][T10498] EXT4-fs (loop0): 1 truncate cleaned up [ 583.952132][T10498] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10500] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10500] close(3) = 0 [pid 10500] close(4) = 0 [pid 10500] mkdir("./file0", 0777) = 0 [pid 10500] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10500] chdir("./file0") = 0 [pid 10500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10500] ioctl(4, LOOP_CLR_FD) = 0 [pid 10500] close(4) = 0 [pid 10500] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10500] truncate("./file2", 0) = 0 [pid 10500] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10500] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10500] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10500, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4788", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4788", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4788/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4788/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4788/binderfs") = 0 umount2("./4788/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4788/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4788/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4788/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4788/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4788/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4788") = 0 mkdir("./4789", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10502 ./strace-static-x86_64: Process 10502 attached [pid 10502] set_robust_list(0x55558abad660, 24) = 0 [pid 10502] chdir("./4789") = 0 [pid 10502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10502] setpgid(0, 0) = 0 [pid 10502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10502] write(3, "1000", 4) = 4 [pid 10502] close(3) = 0 [pid 10502] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10502] write(1, "executing program\n", 18executing program ) = 18 [pid 10502] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10502] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10502] memfd_create("syzkaller", 0) = 3 [pid 10502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10502] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10502] munmap(0x7ff698483000, 138412032) = 0 [pid 10502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 583.991275][T10500] loop0: detected capacity change from 0 to 512 [ 583.999046][T10500] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 584.009762][T10500] EXT4-fs (loop0): 1 truncate cleaned up [ 584.017126][T10500] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10502] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10502] close(3) = 0 [pid 10502] close(4) = 0 [pid 10502] mkdir("./file0", 0777) = 0 [pid 10502] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10502] chdir("./file0") = 0 [pid 10502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10502] ioctl(4, LOOP_CLR_FD) = 0 [pid 10502] close(4) = 0 [pid 10502] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10502] truncate("./file2", 0) = 0 [pid 10502] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10502] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10502] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10502, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4789", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4789", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4789/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4789/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4789/binderfs") = 0 umount2("./4789/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4789/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4789/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4789/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4789/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4789/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4789") = 0 mkdir("./4790", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10504 ./strace-static-x86_64: Process 10504 attached [pid 10504] set_robust_list(0x55558abad660, 24) = 0 [pid 10504] chdir("./4790") = 0 [pid 10504] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10504] setpgid(0, 0) = 0 [pid 10504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10504] write(3, "1000", 4) = 4 [pid 10504] close(3) = 0 [pid 10504] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10504] write(1, "executing program\n", 18executing program ) = 18 [pid 10504] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10504] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10504] memfd_create("syzkaller", 0) = 3 [pid 10504] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10504] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10504] munmap(0x7ff698483000, 138412032) = 0 [ 584.050277][T10502] loop0: detected capacity change from 0 to 512 [ 584.057785][T10502] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 584.068807][T10502] EXT4-fs (loop0): 1 truncate cleaned up [ 584.075938][T10502] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10504] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10504] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10504] close(3) = 0 [pid 10504] close(4) = 0 [pid 10504] mkdir("./file0", 0777) = 0 [pid 10504] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10504] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10504] chdir("./file0") = 0 [pid 10504] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10504] ioctl(4, LOOP_CLR_FD) = 0 [pid 10504] close(4) = 0 [pid 10504] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10504] truncate("./file2", 0) = 0 [pid 10504] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10504] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10504] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10504, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4790", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4790", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4790/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4790/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4790/binderfs") = 0 umount2("./4790/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4790/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4790/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4790/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4790/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4790/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4790") = 0 mkdir("./4791", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10506 ./strace-static-x86_64: Process 10506 attached [pid 10506] set_robust_list(0x55558abad660, 24) = 0 [pid 10506] chdir("./4791") = 0 [pid 10506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10506] setpgid(0, 0) = 0 [pid 10506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10506] write(3, "1000", 4) = 4 [pid 10506] close(3) = 0 [pid 10506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10506] write(1, "executing program\n", 18executing program ) = 18 [pid 10506] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10506] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10506] memfd_create("syzkaller", 0) = 3 [pid 10506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10506] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10506] munmap(0x7ff698483000, 138412032) = 0 [pid 10506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 584.114718][T10504] loop0: detected capacity change from 0 to 512 [ 584.122277][T10504] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 584.132851][T10504] EXT4-fs (loop0): 1 truncate cleaned up [ 584.139876][T10504] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10506] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10506] close(3) = 0 [pid 10506] close(4) = 0 [pid 10506] mkdir("./file0", 0777) = 0 [pid 10506] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10506] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10506] chdir("./file0") = 0 [pid 10506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10506] ioctl(4, LOOP_CLR_FD) = 0 [pid 10506] close(4) = 0 [pid 10506] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10506] truncate("./file2", 0) = 0 [pid 10506] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10506] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10506] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10506, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4791", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4791", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4791/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4791/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4791/binderfs") = 0 umount2("./4791/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4791/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4791/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4791/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4791/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4791/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4791") = 0 mkdir("./4792", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10508 ./strace-static-x86_64: Process 10508 attached [pid 10508] set_robust_list(0x55558abad660, 24) = 0 [pid 10508] chdir("./4792") = 0 [pid 10508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10508] setpgid(0, 0) = 0 [pid 10508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10508] write(3, "1000", 4) = 4 [pid 10508] close(3) = 0 [pid 10508] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10508] write(1, "executing program\n", 18) = 18 [pid 10508] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10508] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10508] memfd_create("syzkaller", 0) = 3 [pid 10508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10508] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10508] munmap(0x7ff698483000, 138412032) = 0 [pid 10508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 584.174345][T10506] loop0: detected capacity change from 0 to 512 [ 584.181965][T10506] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 584.193023][T10506] EXT4-fs (loop0): 1 truncate cleaned up [ 584.199682][T10506] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10508] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10508] close(3) = 0 [pid 10508] close(4) = 0 [pid 10508] mkdir("./file0", 0777) = 0 [pid 10508] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10508] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10508] chdir("./file0") = 0 [pid 10508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10508] ioctl(4, LOOP_CLR_FD) = 0 [pid 10508] close(4) = 0 [pid 10508] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10508] truncate("./file2", 0) = 0 [pid 10508] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10508] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10508] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10508, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4792", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4792", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4792/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4792/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4792/binderfs") = 0 umount2("./4792/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4792/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4792/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4792/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4792/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4792/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4792") = 0 mkdir("./4793", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10511 ./strace-static-x86_64: Process 10511 attached [pid 10511] set_robust_list(0x55558abad660, 24) = 0 [pid 10511] chdir("./4793") = 0 [pid 10511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10511] setpgid(0, 0) = 0 [pid 10511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10511] write(3, "1000", 4) = 4 [pid 10511] close(3) = 0 [pid 10511] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10511] write(1, "executing program\n", 18executing program ) = 18 [pid 10511] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10511] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10511] memfd_create("syzkaller", 0) = 3 [pid 10511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10511] munmap(0x7ff698483000, 138412032) = 0 [pid 10511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 584.227047][T10508] loop0: detected capacity change from 0 to 512 [ 584.234349][T10508] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 584.245104][T10508] EXT4-fs (loop0): 1 truncate cleaned up [ 584.252076][T10508] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10511] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10511] close(3) = 0 [pid 10511] close(4) = 0 [pid 10511] mkdir("./file0", 0777) = 0 [pid 10511] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10511] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10511] chdir("./file0") = 0 [pid 10511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10511] ioctl(4, LOOP_CLR_FD) = 0 [pid 10511] close(4) = 0 [pid 10511] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10511] truncate("./file2", 0) = 0 [pid 10511] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10511] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10511] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10511, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4793", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4793", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4793/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4793/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4793/binderfs") = 0 umount2("./4793/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4793/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4793/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4793/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4793/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4793/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4793") = 0 mkdir("./4794", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10513 ./strace-static-x86_64: Process 10513 attached [pid 10513] set_robust_list(0x55558abad660, 24) = 0 [pid 10513] chdir("./4794") = 0 [pid 10513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10513] setpgid(0, 0) = 0 [pid 10513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 10513] write(3, "1000", 4) = 4 [pid 10513] close(3) = 0 [pid 10513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10513] write(1, "executing program\n", 18) = 18 [pid 10513] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10513] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10513] memfd_create("syzkaller", 0) = 3 [pid 10513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10513] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10513] munmap(0x7ff698483000, 138412032) = 0 [pid 10513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 584.291024][T10511] loop0: detected capacity change from 0 to 512 [ 584.298838][T10511] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 584.309606][T10511] EXT4-fs (loop0): 1 truncate cleaned up [ 584.316567][T10511] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10513] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10513] close(3) = 0 [pid 10513] close(4) = 0 [pid 10513] mkdir("./file0", 0777) = 0 [pid 10513] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10513] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10513] chdir("./file0") = 0 [pid 10513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10513] ioctl(4, LOOP_CLR_FD) = 0 [pid 10513] close(4) = 0 [pid 10513] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10513] truncate("./file2", 0) = 0 [pid 10513] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10513] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10513] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10513, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4794", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4794", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4794/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4794/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4794/binderfs") = 0 umount2("./4794/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4794/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4794/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4794/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4794/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4794/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4794") = 0 mkdir("./4795", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10515 ./strace-static-x86_64: Process 10515 attached [pid 10515] set_robust_list(0x55558abad660, 24) = 0 [pid 10515] chdir("./4795") = 0 [pid 10515] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10515] setpgid(0, 0) = 0 [pid 10515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10515] write(3, "1000", 4) = 4 [pid 10515] close(3) = 0 [pid 10515] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10515] write(1, "executing program\n", 18) = 18 [pid 10515] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10515] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10515] memfd_create("syzkaller", 0) = 3 [pid 10515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10515] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10515] munmap(0x7ff698483000, 138412032) = 0 [pid 10515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 584.350270][T10513] loop0: detected capacity change from 0 to 512 [ 584.358325][T10513] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 584.369150][T10513] EXT4-fs (loop0): 1 truncate cleaned up [ 584.375959][T10513] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10515] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10515] close(3) = 0 [pid 10515] close(4) = 0 [pid 10515] mkdir("./file0", 0777) = 0 [pid 10515] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10515] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10515] chdir("./file0") = 0 [pid 10515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10515] ioctl(4, LOOP_CLR_FD) = 0 [pid 10515] close(4) = 0 [pid 10515] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10515] truncate("./file2", 0) = 0 [pid 10515] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10515] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10515] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10515, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4795", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4795", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4795/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4795/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4795/binderfs") = 0 umount2("./4795/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4795/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4795/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4795/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4795/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4795/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4795") = 0 mkdir("./4796", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10517 ./strace-static-x86_64: Process 10517 attached [pid 10517] set_robust_list(0x55558abad660, 24) = 0 [pid 10517] chdir("./4796") = 0 [pid 10517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10517] setpgid(0, 0) = 0 [pid 10517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10517] write(3, "1000", 4) = 4 [pid 10517] close(3) = 0 [pid 10517] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10517] write(1, "executing program\n", 18) = 18 [pid 10517] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10517] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10517] memfd_create("syzkaller", 0) = 3 [pid 10517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10517] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10517] munmap(0x7ff698483000, 138412032) = 0 [pid 10517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 584.407953][T10515] loop0: detected capacity change from 0 to 512 [ 584.415630][T10515] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 584.427076][T10515] EXT4-fs (loop0): 1 truncate cleaned up [ 584.433713][T10515] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10517] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10517] close(3) = 0 [pid 10517] close(4) = 0 [pid 10517] mkdir("./file0", 0777) = 0 [pid 10517] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10517] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10517] chdir("./file0") = 0 [pid 10517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10517] ioctl(4, LOOP_CLR_FD) = 0 [pid 10517] close(4) = 0 [pid 10517] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10517] truncate("./file2", 0) = 0 [pid 10517] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10517] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10517] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10517, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4796", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4796", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4796/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4796/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4796/binderfs") = 0 umount2("./4796/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4796/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4796/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4796/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4796/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4796/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4796") = 0 mkdir("./4797", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10519 ./strace-static-x86_64: Process 10519 attached [pid 10519] set_robust_list(0x55558abad660, 24) = 0 [pid 10519] chdir("./4797") = 0 [pid 10519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10519] setpgid(0, 0) = 0 [pid 10519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10519] write(3, "1000", 4) = 4 [pid 10519] close(3) = 0 [pid 10519] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10519] write(1, "executing program\n", 18executing program ) = 18 [pid 10519] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10519] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10519] memfd_create("syzkaller", 0) = 3 [pid 10519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10519] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10519] munmap(0x7ff698483000, 138412032) = 0 [pid 10519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 584.476256][T10517] loop0: detected capacity change from 0 to 512 [ 584.484178][T10517] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 584.494730][T10517] EXT4-fs (loop0): 1 truncate cleaned up [ 584.501803][T10517] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10519] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10519] close(3) = 0 [pid 10519] close(4) = 0 [pid 10519] mkdir("./file0", 0777) = 0 [pid 10519] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10519] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10519] chdir("./file0") = 0 [pid 10519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10519] ioctl(4, LOOP_CLR_FD) = 0 [pid 10519] close(4) = 0 [pid 10519] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10519] truncate("./file2", 0) = 0 [pid 10519] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10519] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10519] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10519, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4797", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4797", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4797/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4797/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4797/binderfs") = 0 umount2("./4797/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4797/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4797/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4797/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4797/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4797/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4797") = 0 mkdir("./4798", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10521 ./strace-static-x86_64: Process 10521 attached [pid 10521] set_robust_list(0x55558abad660, 24) = 0 [pid 10521] chdir("./4798") = 0 [pid 10521] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10521] setpgid(0, 0) = 0 [pid 10521] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10521] write(3, "1000", 4) = 4 [pid 10521] close(3) = 0 [pid 10521] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10521] write(1, "executing program\n", 18) = 18 [pid 10521] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10521] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10521] memfd_create("syzkaller", 0) = 3 [pid 10521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10521] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10521] munmap(0x7ff698483000, 138412032) = 0 [pid 10521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 584.544242][T10519] loop0: detected capacity change from 0 to 512 [ 584.551681][T10519] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 584.562372][T10519] EXT4-fs (loop0): 1 truncate cleaned up [ 584.569775][T10519] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10521] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10521] close(3) = 0 [pid 10521] close(4) = 0 [pid 10521] mkdir("./file0", 0777) = 0 [pid 10521] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10521] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10521] chdir("./file0") = 0 [pid 10521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10521] ioctl(4, LOOP_CLR_FD) = 0 [pid 10521] close(4) = 0 [pid 10521] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10521] truncate("./file2", 0) = 0 [pid 10521] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10521] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10521] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10521, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4798", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4798", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4798/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4798/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4798/binderfs") = 0 umount2("./4798/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4798/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4798/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4798/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4798/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4798/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4798") = 0 mkdir("./4799", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10523 ./strace-static-x86_64: Process 10523 attached [pid 10523] set_robust_list(0x55558abad660, 24) = 0 [pid 10523] chdir("./4799") = 0 [pid 10523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10523] setpgid(0, 0) = 0 executing program [pid 10523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10523] write(3, "1000", 4) = 4 [pid 10523] close(3) = 0 [pid 10523] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10523] write(1, "executing program\n", 18) = 18 [pid 10523] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10523] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10523] memfd_create("syzkaller", 0) = 3 [pid 10523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10523] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10523] munmap(0x7ff698483000, 138412032) = 0 [pid 10523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 584.606390][T10521] loop0: detected capacity change from 0 to 512 [ 584.613717][T10521] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 584.624393][T10521] EXT4-fs (loop0): 1 truncate cleaned up [ 584.631654][T10521] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10523] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10523] close(3) = 0 [pid 10523] close(4) = 0 [pid 10523] mkdir("./file0", 0777) = 0 [pid 10523] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10523] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10523] chdir("./file0") = 0 [pid 10523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10523] ioctl(4, LOOP_CLR_FD) = 0 [pid 10523] close(4) = 0 [pid 10523] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10523] truncate("./file2", 0) = 0 [pid 10523] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10523] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10523] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10523, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4799", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4799", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4799/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4799/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4799/binderfs") = 0 umount2("./4799/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4799/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4799/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4799/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4799/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4799/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4799") = 0 mkdir("./4800", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10525 ./strace-static-x86_64: Process 10525 attached [pid 10525] set_robust_list(0x55558abad660, 24) = 0 [pid 10525] chdir("./4800") = 0 [pid 10525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10525] setpgid(0, 0) = 0 [pid 10525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10525] write(3, "1000", 4) = 4 [pid 10525] close(3) = 0 [pid 10525] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10525] write(1, "executing program\n", 18executing program ) = 18 [pid 10525] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10525] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10525] memfd_create("syzkaller", 0) = 3 [pid 10525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10525] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10525] munmap(0x7ff698483000, 138412032) = 0 [pid 10525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 584.669782][T10523] loop0: detected capacity change from 0 to 512 [ 584.677393][T10523] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 584.687955][T10523] EXT4-fs (loop0): 1 truncate cleaned up [ 584.694787][T10523] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10525] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10525] close(3) = 0 [pid 10525] close(4) = 0 [pid 10525] mkdir("./file0", 0777) = 0 [pid 10525] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10525] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10525] chdir("./file0") = 0 [pid 10525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10525] ioctl(4, LOOP_CLR_FD) = 0 [pid 10525] close(4) = 0 [pid 10525] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10525] truncate("./file2", 0) = 0 [pid 10525] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10525] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10525] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10525, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4800", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4800", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4800/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4800/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4800/binderfs") = 0 umount2("./4800/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4800/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4800/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4800/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4800/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4800/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4800") = 0 mkdir("./4801", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10527 ./strace-static-x86_64: Process 10527 attached [pid 10527] set_robust_list(0x55558abad660, 24) = 0 [pid 10527] chdir("./4801") = 0 [pid 10527] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10527] setpgid(0, 0) = 0 [pid 10527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10527] write(3, "1000", 4) = 4 [pid 10527] close(3) = 0 [pid 10527] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10527] write(1, "executing program\n", 18) = 18 [pid 10527] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10527] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10527] memfd_create("syzkaller", 0) = 3 [pid 10527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10527] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10527] munmap(0x7ff698483000, 138412032) = 0 [pid 10527] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 584.734445][T10525] loop0: detected capacity change from 0 to 512 [ 584.741731][T10525] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 584.752366][T10525] EXT4-fs (loop0): 1 truncate cleaned up [ 584.760225][T10525] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10527] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10527] close(3) = 0 [pid 10527] close(4) = 0 [pid 10527] mkdir("./file0", 0777) = 0 [pid 10527] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10527] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10527] chdir("./file0") = 0 [pid 10527] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10527] ioctl(4, LOOP_CLR_FD) = 0 [pid 10527] close(4) = 0 [pid 10527] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10527] truncate("./file2", 0) = 0 [pid 10527] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10527] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10527] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10527, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4801", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4801", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4801/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4801/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4801/binderfs") = 0 umount2("./4801/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4801/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4801/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4801/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4801/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4801/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4801") = 0 mkdir("./4802", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10529 ./strace-static-x86_64: Process 10529 attached [pid 10529] set_robust_list(0x55558abad660, 24) = 0 [pid 10529] chdir("./4802") = 0 [pid 10529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10529] setpgid(0, 0) = 0 [pid 10529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10529] write(3, "1000", 4) = 4 [pid 10529] close(3) = 0 [pid 10529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10529] write(1, "executing program\n", 18executing program ) = 18 [pid 10529] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10529] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10529] memfd_create("syzkaller", 0) = 3 [pid 10529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10529] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10529] munmap(0x7ff698483000, 138412032) = 0 [pid 10529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 584.799456][T10527] loop0: detected capacity change from 0 to 512 [ 584.807393][T10527] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 584.818181][T10527] EXT4-fs (loop0): 1 truncate cleaned up [ 584.825922][T10527] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10529] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10529] close(3) = 0 [pid 10529] close(4) = 0 [pid 10529] mkdir("./file0", 0777) = 0 [pid 10529] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10529] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10529] chdir("./file0") = 0 [pid 10529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10529] ioctl(4, LOOP_CLR_FD) = 0 [pid 10529] close(4) = 0 [pid 10529] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10529] truncate("./file2", 0) = 0 [pid 10529] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10529] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10529] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10529, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4802", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4802", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4802/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4802/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4802/binderfs") = 0 umount2("./4802/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4802/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4802/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4802/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4802/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4802/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4802") = 0 mkdir("./4803", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10531 ./strace-static-x86_64: Process 10531 attached [pid 10531] set_robust_list(0x55558abad660, 24) = 0 [pid 10531] chdir("./4803") = 0 [pid 10531] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10531] setpgid(0, 0) = 0 [pid 10531] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10531] write(3, "1000", 4executing program ) = 4 [pid 10531] close(3) = 0 [pid 10531] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10531] write(1, "executing program\n", 18) = 18 [pid 10531] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10531] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10531] memfd_create("syzkaller", 0) = 3 [pid 10531] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10531] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10531] munmap(0x7ff698483000, 138412032) = 0 [pid 10531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 584.867050][T10529] loop0: detected capacity change from 0 to 512 [ 584.874684][T10529] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 584.885898][T10529] EXT4-fs (loop0): 1 truncate cleaned up [ 584.892551][T10529] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10531] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10531] close(3) = 0 [pid 10531] close(4) = 0 [pid 10531] mkdir("./file0", 0777) = 0 [pid 10531] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10531] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10531] chdir("./file0") = 0 [pid 10531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10531] ioctl(4, LOOP_CLR_FD) = 0 [pid 10531] close(4) = 0 [pid 10531] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10531] truncate("./file2", 0) = 0 [pid 10531] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10531] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10531] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10531, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4803", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4803", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4803/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4803/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4803/binderfs") = 0 umount2("./4803/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4803/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4803/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4803/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4803/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4803/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4803") = 0 mkdir("./4804", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10533 ./strace-static-x86_64: Process 10533 attached [pid 10533] set_robust_list(0x55558abad660, 24) = 0 [pid 10533] chdir("./4804") = 0 [pid 10533] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10533] setpgid(0, 0) = 0 [pid 10533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10533] write(3, "1000", 4) = 4 [pid 10533] close(3) = 0 [pid 10533] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10533] write(1, "executing program\n", 18executing program ) = 18 [pid 10533] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10533] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10533] memfd_create("syzkaller", 0) = 3 [pid 10533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10533] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10533] munmap(0x7ff698483000, 138412032) = 0 [ 584.925749][T10531] loop0: detected capacity change from 0 to 512 [ 584.933110][T10531] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 584.943727][T10531] EXT4-fs (loop0): 1 truncate cleaned up [ 584.950934][T10531] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10533] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10533] close(3) = 0 [pid 10533] close(4) = 0 [pid 10533] mkdir("./file0", 0777) = 0 [pid 10533] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10533] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10533] chdir("./file0") = 0 [pid 10533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10533] ioctl(4, LOOP_CLR_FD) = 0 [pid 10533] close(4) = 0 [pid 10533] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10533] truncate("./file2", 0) = 0 [pid 10533] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10533] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10533] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10533, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4804", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4804", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4804/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4804/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4804/binderfs") = 0 umount2("./4804/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4804/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4804/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4804/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4804/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4804/file0"executing program ) = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4804") = 0 mkdir("./4805", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10535 ./strace-static-x86_64: Process 10535 attached [pid 10535] set_robust_list(0x55558abad660, 24) = 0 [pid 10535] chdir("./4805") = 0 [pid 10535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10535] setpgid(0, 0) = 0 [pid 10535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10535] write(3, "1000", 4) = 4 [pid 10535] close(3) = 0 [pid 10535] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10535] write(1, "executing program\n", 18) = 18 [pid 10535] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10535] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10535] memfd_create("syzkaller", 0) = 3 [pid 10535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10535] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10535] munmap(0x7ff698483000, 138412032) = 0 [pid 10535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 584.992217][T10533] loop0: detected capacity change from 0 to 512 [ 584.999760][T10533] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 585.010510][T10533] EXT4-fs (loop0): 1 truncate cleaned up [ 585.017989][T10533] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10535] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10535] close(3) = 0 [pid 10535] close(4) = 0 [pid 10535] mkdir("./file0", 0777) = 0 [pid 10535] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10535] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10535] chdir("./file0") = 0 [pid 10535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10535] ioctl(4, LOOP_CLR_FD) = 0 [pid 10535] close(4) = 0 [pid 10535] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10535] truncate("./file2", 0) = 0 [pid 10535] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10535] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10535] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10535, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4805", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4805", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4805/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4805/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4805/binderfs") = 0 umount2("./4805/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4805/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4805/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4805/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4805/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4805/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4805") = 0 mkdir("./4806", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10537 attached , child_tidptr=0x55558abad650) = 10537 [pid 10537] set_robust_list(0x55558abad660, 24) = 0 [pid 10537] chdir("./4806") = 0 [pid 10537] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10537] setpgid(0, 0) = 0 [pid 10537] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10537] write(3, "1000", 4) = 4 [pid 10537] close(3) = 0 [pid 10537] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10537] write(1, "executing program\n", 18) = 18 [pid 10537] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10537] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10537] memfd_create("syzkaller", 0) = 3 [pid 10537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10537] munmap(0x7ff698483000, 138412032) = 0 [pid 10537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 585.046213][T10535] loop0: detected capacity change from 0 to 512 [ 585.053602][T10535] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 585.064618][T10535] EXT4-fs (loop0): 1 truncate cleaned up [ 585.071326][T10535] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10537] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10537] close(3) = 0 [pid 10537] close(4) = 0 [pid 10537] mkdir("./file0", 0777) = 0 [pid 10537] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10537] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10537] chdir("./file0") = 0 [pid 10537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10537] ioctl(4, LOOP_CLR_FD) = 0 [pid 10537] close(4) = 0 [pid 10537] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10537] truncate("./file2", 0) = 0 [pid 10537] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10537] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10537] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10537, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4806", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4806", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4806/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4806/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4806/binderfs") = 0 umount2("./4806/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4806/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4806/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4806/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4806/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4806/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4806") = 0 mkdir("./4807", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10539 ./strace-static-x86_64: Process 10539 attached [pid 10539] set_robust_list(0x55558abad660, 24) = 0 [pid 10539] chdir("./4807") = 0 [pid 10539] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10539] setpgid(0, 0) = 0 [pid 10539] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10539] write(3, "1000", 4) = 4 [pid 10539] close(3) = 0 [pid 10539] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10539] write(1, "executing program\n", 18) = 18 [pid 10539] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10539] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10539] memfd_create("syzkaller", 0) = 3 [pid 10539] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10539] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10539] munmap(0x7ff698483000, 138412032) = 0 [ 585.102016][T10537] loop0: detected capacity change from 0 to 512 [ 585.109418][T10537] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 585.120036][T10537] EXT4-fs (loop0): 1 truncate cleaned up [ 585.126859][T10537] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10539] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10539] close(3) = 0 [pid 10539] close(4) = 0 [pid 10539] mkdir("./file0", 0777) = 0 [pid 10539] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10539] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10539] chdir("./file0") = 0 [pid 10539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10539] ioctl(4, LOOP_CLR_FD) = 0 [pid 10539] close(4) = 0 [pid 10539] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10539] truncate("./file2", 0) = 0 [pid 10539] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10539] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10539] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10539, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4807", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4807", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4807/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4807/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4807/binderfs") = 0 umount2("./4807/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4807/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4807/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4807/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4807/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4807/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4807") = 0 mkdir("./4808", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10541 ./strace-static-x86_64: Process 10541 attached [pid 10541] set_robust_list(0x55558abad660, 24) = 0 [pid 10541] chdir("./4808") = 0 [pid 10541] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10541] setpgid(0, 0) = 0 [pid 10541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10541] write(3, "1000", 4) = 4 [pid 10541] close(3) = 0 [pid 10541] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10541] write(1, "executing program\n", 18) = 18 [pid 10541] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10541] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10541] memfd_create("syzkaller", 0) = 3 [pid 10541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10541] munmap(0x7ff698483000, 138412032) = 0 [pid 10541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 585.167232][T10539] loop0: detected capacity change from 0 to 512 [ 585.174513][T10539] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 585.185240][T10539] EXT4-fs (loop0): 1 truncate cleaned up [ 585.191914][T10539] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10541] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10541] close(3) = 0 [pid 10541] close(4) = 0 [pid 10541] mkdir("./file0", 0777) = 0 [pid 10541] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10541] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10541] chdir("./file0") = 0 [pid 10541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10541] ioctl(4, LOOP_CLR_FD) = 0 [pid 10541] close(4) = 0 [pid 10541] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10541] truncate("./file2", 0) = 0 [pid 10541] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10541] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10541] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10541, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4808", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4808", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4808/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4808/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4808/binderfs") = 0 umount2("./4808/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4808/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4808/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4808/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4808/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4808/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4808") = 0 mkdir("./4809", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10544 ./strace-static-x86_64: Process 10544 attached [pid 10544] set_robust_list(0x55558abad660, 24) = 0 [pid 10544] chdir("./4809") = 0 [pid 10544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10544] setpgid(0, 0) = 0 [pid 10544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10544] write(3, "1000", 4) = 4 [pid 10544] close(3) = 0 [pid 10544] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10544] write(1, "executing program\n", 18) = 18 [pid 10544] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10544] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10544] memfd_create("syzkaller", 0) = 3 [pid 10544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10544] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10544] munmap(0x7ff698483000, 138412032) = 0 [pid 10544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 585.230973][T10541] loop0: detected capacity change from 0 to 512 [ 585.238377][T10541] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 585.249019][T10541] EXT4-fs (loop0): 1 truncate cleaned up [ 585.255643][T10541] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10544] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10544] close(3) = 0 [pid 10544] close(4) = 0 [pid 10544] mkdir("./file0", 0777) = 0 [pid 10544] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10544] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10544] chdir("./file0") = 0 [pid 10544] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10544] ioctl(4, LOOP_CLR_FD) = 0 [pid 10544] close(4) = 0 [pid 10544] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10544] truncate("./file2", 0) = 0 [pid 10544] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10544] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10544] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10544, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- umount2("./4809", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4809", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4809/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4809/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4809/binderfs") = 0 umount2("./4809/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4809/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4809/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4809/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4809/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4809/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4809") = 0 mkdir("./4810", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10546 ./strace-static-x86_64: Process 10546 attached [pid 10546] set_robust_list(0x55558abad660, 24) = 0 [pid 10546] chdir("./4810") = 0 [pid 10546] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10546] setpgid(0, 0) = 0 [pid 10546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10546] write(3, "1000", 4) = 4 [pid 10546] close(3) = 0 [pid 10546] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10546] write(1, "executing program\n", 18) = 18 [pid 10546] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10546] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10546] memfd_create("syzkaller", 0) = 3 [pid 10546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10546] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10546] munmap(0x7ff698483000, 138412032) = 0 [pid 10546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 585.297079][T10544] loop0: detected capacity change from 0 to 512 [ 585.304552][T10544] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 585.315282][T10544] EXT4-fs (loop0): 1 truncate cleaned up [ 585.322586][T10544] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10546] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10546] close(3) = 0 [pid 10546] close(4) = 0 [pid 10546] mkdir("./file0", 0777) = 0 [pid 10546] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10546] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10546] chdir("./file0") = 0 [pid 10546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10546] ioctl(4, LOOP_CLR_FD) = 0 [pid 10546] close(4) = 0 [pid 10546] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10546] truncate("./file2", 0) = 0 [pid 10546] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10546] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10546] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10546, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- umount2("./4810", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4810", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4810/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4810/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4810/binderfs") = 0 umount2("./4810/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4810/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4810/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4810/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4810/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4810/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4810") = 0 mkdir("./4811", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10548 ./strace-static-x86_64: Process 10548 attached [pid 10548] set_robust_list(0x55558abad660, 24) = 0 [pid 10548] chdir("./4811") = 0 [pid 10548] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10548] setpgid(0, 0) = 0 [pid 10548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10548] write(3, "1000", 4) = 4 [pid 10548] close(3) = 0 [pid 10548] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10548] write(1, "executing program\n", 18) = 18 [pid 10548] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10548] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10548] memfd_create("syzkaller", 0) = 3 [pid 10548] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10548] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10548] munmap(0x7ff698483000, 138412032) = 0 [ 585.352173][T10546] loop0: detected capacity change from 0 to 512 [ 585.359826][T10546] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 585.370401][T10546] EXT4-fs (loop0): 1 truncate cleaned up [ 585.377506][T10546] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10548] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10548] close(3) = 0 [pid 10548] close(4) = 0 [pid 10548] mkdir("./file0", 0777) = 0 [pid 10548] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10548] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10548] chdir("./file0") = 0 [pid 10548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10548] ioctl(4, LOOP_CLR_FD) = 0 [pid 10548] close(4) = 0 [pid 10548] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10548] truncate("./file2", 0) = 0 [pid 10548] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10548] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10548] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10548, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4811", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4811", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4811/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4811/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4811/binderfs") = 0 umount2("./4811/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4811/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4811/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4811/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4811/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4811/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4811") = 0 mkdir("./4812", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10550 ./strace-static-x86_64: Process 10550 attached [pid 10550] set_robust_list(0x55558abad660, 24) = 0 [pid 10550] chdir("./4812") = 0 [pid 10550] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10550] setpgid(0, 0) = 0 [pid 10550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10550] write(3, "1000", 4) = 4 [pid 10550] close(3) = 0 [pid 10550] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10550] write(1, "executing program\n", 18) = 18 [pid 10550] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10550] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10550] memfd_create("syzkaller", 0) = 3 [pid 10550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10550] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10550] munmap(0x7ff698483000, 138412032) = 0 [pid 10550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 585.409339][T10548] loop0: detected capacity change from 0 to 512 [ 585.416740][T10548] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 585.427662][T10548] EXT4-fs (loop0): 1 truncate cleaned up [ 585.434384][T10548] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10550] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10550] close(3) = 0 [pid 10550] close(4) = 0 [pid 10550] mkdir("./file0", 0777) = 0 [pid 10550] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10550] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10550] chdir("./file0") = 0 [pid 10550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10550] ioctl(4, LOOP_CLR_FD) = 0 [pid 10550] close(4) = 0 [pid 10550] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10550] truncate("./file2", 0) = 0 [pid 10550] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10550] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10550] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10550, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4812", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4812", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4812/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4812/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4812/binderfs") = 0 umount2("./4812/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4812/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4812/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4812/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4812/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4812/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4812") = 0 mkdir("./4813", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10552 ./strace-static-x86_64: Process 10552 attached [pid 10552] set_robust_list(0x55558abad660, 24) = 0 [pid 10552] chdir("./4813") = 0 [pid 10552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10552] setpgid(0, 0) = 0 [pid 10552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10552] write(3, "1000", 4) = 4 [pid 10552] close(3) = 0 [pid 10552] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10552] write(1, "executing program\n", 18) = 18 [pid 10552] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10552] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10552] memfd_create("syzkaller", 0) = 3 [pid 10552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10552] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10552] munmap(0x7ff698483000, 138412032) = 0 [ 585.463131][T10550] loop0: detected capacity change from 0 to 512 [ 585.470916][T10550] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 585.481596][T10550] EXT4-fs (loop0): 1 truncate cleaned up [ 585.489282][T10550] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10552] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10552] close(3) = 0 [pid 10552] close(4) = 0 [pid 10552] mkdir("./file0", 0777) = 0 [pid 10552] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10552] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10552] chdir("./file0") = 0 [pid 10552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10552] ioctl(4, LOOP_CLR_FD) = 0 [pid 10552] close(4) = 0 [pid 10552] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10552] truncate("./file2", 0) = 0 [pid 10552] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10552] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10552] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10552, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4813", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4813", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4813/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4813/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4813/binderfs") = 0 umount2("./4813/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4813/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4813/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4813/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4813/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4813/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4813") = 0 mkdir("./4814", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10554 executing program ./strace-static-x86_64: Process 10554 attached [pid 10554] set_robust_list(0x55558abad660, 24) = 0 [pid 10554] chdir("./4814") = 0 [pid 10554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10554] setpgid(0, 0) = 0 [pid 10554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10554] write(3, "1000", 4) = 4 [pid 10554] close(3) = 0 [pid 10554] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10554] write(1, "executing program\n", 18) = 18 [pid 10554] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10554] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10554] memfd_create("syzkaller", 0) = 3 [pid 10554] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10554] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10554] munmap(0x7ff698483000, 138412032) = 0 [pid 10554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 585.526271][T10552] loop0: detected capacity change from 0 to 512 [ 585.533650][T10552] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 585.544292][T10552] EXT4-fs (loop0): 1 truncate cleaned up [ 585.551298][T10552] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10554] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10554] close(3) = 0 [pid 10554] close(4) = 0 [pid 10554] mkdir("./file0", 0777) = 0 [pid 10554] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10554] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10554] chdir("./file0") = 0 [pid 10554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10554] ioctl(4, LOOP_CLR_FD) = 0 [pid 10554] close(4) = 0 [pid 10554] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10554] truncate("./file2", 0) = 0 [pid 10554] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10554] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10554] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10554, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4814", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4814", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4814/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4814/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4814/binderfs") = 0 umount2("./4814/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4814/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4814/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4814/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4814/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4814/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4814") = 0 mkdir("./4815", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10556 ./strace-static-x86_64: Process 10556 attached [pid 10556] set_robust_list(0x55558abad660, 24) = 0 [pid 10556] chdir("./4815") = 0 [pid 10556] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10556] setpgid(0, 0) = 0 [pid 10556] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10556] write(3, "1000", 4) = 4 [pid 10556] close(3) = 0 [pid 10556] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10556] write(1, "executing program\n", 18executing program ) = 18 [pid 10556] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10556] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10556] memfd_create("syzkaller", 0) = 3 [pid 10556] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10556] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10556] munmap(0x7ff698483000, 138412032) = 0 [pid 10556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 585.587256][T10554] loop0: detected capacity change from 0 to 512 [ 585.594574][T10554] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 585.605450][T10554] EXT4-fs (loop0): 1 truncate cleaned up [ 585.612203][T10554] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10556] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10556] close(3) = 0 [pid 10556] close(4) = 0 [pid 10556] mkdir("./file0", 0777) = 0 [pid 10556] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10556] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10556] chdir("./file0") = 0 [pid 10556] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10556] ioctl(4, LOOP_CLR_FD) = 0 [pid 10556] close(4) = 0 [pid 10556] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10556] truncate("./file2", 0) = 0 [pid 10556] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10556] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10556] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10556, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4815", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4815", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4815/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4815/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4815/binderfs") = 0 umount2("./4815/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4815/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4815/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4815/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4815/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4815/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4815") = 0 mkdir("./4816", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10558 ./strace-static-x86_64: Process 10558 attached [pid 10558] set_robust_list(0x55558abad660, 24) = 0 [pid 10558] chdir("./4816") = 0 [pid 10558] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10558] setpgid(0, 0) = 0 [pid 10558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10558] write(3, "1000", 4) = 4 [pid 10558] close(3) = 0 executing program [pid 10558] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10558] write(1, "executing program\n", 18) = 18 [pid 10558] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10558] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10558] memfd_create("syzkaller", 0) = 3 [pid 10558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10558] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10558] munmap(0x7ff698483000, 138412032) = 0 [pid 10558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 585.642875][T10556] loop0: detected capacity change from 0 to 512 [ 585.650329][T10556] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 585.661201][T10556] EXT4-fs (loop0): 1 truncate cleaned up [ 585.668519][T10556] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10558] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10558] close(3) = 0 [pid 10558] close(4) = 0 [pid 10558] mkdir("./file0", 0777) = 0 [pid 10558] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10558] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10558] chdir("./file0") = 0 [pid 10558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10558] ioctl(4, LOOP_CLR_FD) = 0 [pid 10558] close(4) = 0 [pid 10558] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10558] truncate("./file2", 0) = 0 [pid 10558] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10558] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10558] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10558, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4816", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4816", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4816/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4816/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4816/binderfs") = 0 umount2("./4816/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4816/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4816/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4816/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4816/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4816/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4816") = 0 mkdir("./4817", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10560 ./strace-static-x86_64: Process 10560 attached [pid 10560] set_robust_list(0x55558abad660, 24) = 0 [pid 10560] chdir("./4817") = 0 [pid 10560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10560] setpgid(0, 0) = 0 [pid 10560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10560] write(3, "1000", 4) = 4 [pid 10560] close(3) = 0 [pid 10560] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10560] write(1, "executing program\n", 18) = 18 [pid 10560] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10560] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10560] memfd_create("syzkaller", 0) = 3 [pid 10560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10560] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10560] munmap(0x7ff698483000, 138412032) = 0 [pid 10560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 585.707475][T10558] loop0: detected capacity change from 0 to 512 [ 585.715359][T10558] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 585.726107][T10558] EXT4-fs (loop0): 1 truncate cleaned up [ 585.733245][T10558] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10560] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10560] close(3) = 0 [pid 10560] close(4) = 0 [pid 10560] mkdir("./file0", 0777) = 0 [pid 10560] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10560] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10560] chdir("./file0") = 0 [pid 10560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10560] ioctl(4, LOOP_CLR_FD) = 0 [pid 10560] close(4) = 0 [pid 10560] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10560] truncate("./file2", 0) = 0 [pid 10560] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10560] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10560] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10560, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4817", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4817", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4817/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4817/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4817/binderfs") = 0 umount2("./4817/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4817/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4817/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4817/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4817/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4817/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4817") = 0 mkdir("./4818", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10562 ./strace-static-x86_64: Process 10562 attached [pid 10562] set_robust_list(0x55558abad660, 24) = 0 [pid 10562] chdir("./4818") = 0 [pid 10562] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10562] setpgid(0, 0) = 0 [pid 10562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10562] write(3, "1000", 4) = 4 [pid 10562] close(3) = 0 [pid 10562] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10562] write(1, "executing program\n", 18) = 18 [pid 10562] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10562] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10562] memfd_create("syzkaller", 0) = 3 [pid 10562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10562] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10562] munmap(0x7ff698483000, 138412032) = 0 [pid 10562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 585.773906][T10560] loop0: detected capacity change from 0 to 512 [ 585.781429][T10560] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 585.791868][T10560] EXT4-fs (loop0): 1 truncate cleaned up [ 585.799675][T10560] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10562] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10562] close(3) = 0 [pid 10562] close(4) = 0 [pid 10562] mkdir("./file0", 0777) = 0 [pid 10562] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10562] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10562] chdir("./file0") = 0 [pid 10562] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10562] ioctl(4, LOOP_CLR_FD) = 0 [pid 10562] close(4) = 0 [pid 10562] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10562] truncate("./file2", 0) = 0 [pid 10562] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10562] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10562] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10562, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4818", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4818", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4818/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4818/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4818/binderfs") = 0 umount2("./4818/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4818/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4818/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4818/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4818/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4818/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4818") = 0 mkdir("./4819", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10564 ./strace-static-x86_64: Process 10564 attached [pid 10564] set_robust_list(0x55558abad660, 24) = 0 [pid 10564] chdir("./4819") = 0 [pid 10564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10564] setpgid(0, 0) = 0 [pid 10564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10564] write(3, "1000", 4) = 4 [pid 10564] close(3) = 0 [pid 10564] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10564] write(1, "executing program\n", 18) = 18 [pid 10564] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10564] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10564] memfd_create("syzkaller", 0) = 3 [pid 10564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10564] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10564] munmap(0x7ff698483000, 138412032) = 0 [pid 10564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 585.840230][T10562] loop0: detected capacity change from 0 to 512 [ 585.848045][T10562] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 585.858979][T10562] EXT4-fs (loop0): 1 truncate cleaned up [ 585.867193][T10562] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10564] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10564] close(3) = 0 [pid 10564] close(4) = 0 [pid 10564] mkdir("./file0", 0777) = 0 [pid 10564] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10564] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10564] chdir("./file0") = 0 [pid 10564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10564] ioctl(4, LOOP_CLR_FD) = 0 [pid 10564] close(4) = 0 [pid 10564] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10564] truncate("./file2", 0) = 0 [pid 10564] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10564] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10564] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10564, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4819", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4819", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4819/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4819/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4819/binderfs") = 0 umount2("./4819/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4819/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4819/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4819/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4819/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4819/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4819") = 0 mkdir("./4820", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10566 ./strace-static-x86_64: Process 10566 attached [pid 10566] set_robust_list(0x55558abad660, 24) = 0 [pid 10566] chdir("./4820") = 0 [pid 10566] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10566] setpgid(0, 0) = 0 [pid 10566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10566] write(3, "1000", 4) = 4 [pid 10566] close(3) = 0 [pid 10566] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10566] write(1, "executing program\n", 18executing program ) = 18 [pid 10566] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10566] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10566] memfd_create("syzkaller", 0) = 3 [pid 10566] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10566] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10566] munmap(0x7ff698483000, 138412032) = 0 [pid 10566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 585.907672][T10564] loop0: detected capacity change from 0 to 512 [ 585.915190][T10564] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 585.926145][T10564] EXT4-fs (loop0): 1 truncate cleaned up [ 585.933063][T10564] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10566] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10566] close(3) = 0 [pid 10566] close(4) = 0 [pid 10566] mkdir("./file0", 0777) = 0 [pid 10566] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10566] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10566] chdir("./file0") = 0 [pid 10566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10566] ioctl(4, LOOP_CLR_FD) = 0 [pid 10566] close(4) = 0 [pid 10566] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10566] truncate("./file2", 0) = 0 [pid 10566] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10566] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10566] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10566, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4820", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4820", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4820/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4820/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4820/binderfs") = 0 umount2("./4820/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4820/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4820/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4820/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4820/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4820/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4820") = 0 mkdir("./4821", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10568 ./strace-static-x86_64: Process 10568 attached [pid 10568] set_robust_list(0x55558abad660, 24) = 0 [pid 10568] chdir("./4821") = 0 [pid 10568] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10568] setpgid(0, 0) = 0 [pid 10568] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10568] write(3, "1000", 4) = 4 [pid 10568] close(3) = 0 [pid 10568] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10568] write(1, "executing program\n", 18executing program ) = 18 [pid 10568] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10568] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10568] memfd_create("syzkaller", 0) = 3 [pid 10568] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10568] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10568] munmap(0x7ff698483000, 138412032) = 0 [pid 10568] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 585.960596][T10566] loop0: detected capacity change from 0 to 512 [ 585.967955][T10566] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 585.978597][T10566] EXT4-fs (loop0): 1 truncate cleaned up [ 585.985577][T10566] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10568] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10568] close(3) = 0 [pid 10568] close(4) = 0 [pid 10568] mkdir("./file0", 0777) = 0 [pid 10568] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10568] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10568] chdir("./file0") = 0 [pid 10568] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10568] ioctl(4, LOOP_CLR_FD) = 0 [pid 10568] close(4) = 0 [pid 10568] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10568] truncate("./file2", 0) = 0 [pid 10568] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10568] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10568] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10568, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4821", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4821", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4821/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4821/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4821/binderfs") = 0 umount2("./4821/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4821/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4821/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4821/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4821/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4821/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4821") = 0 mkdir("./4822", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10570 ./strace-static-x86_64: Process 10570 attached [pid 10570] set_robust_list(0x55558abad660, 24) = 0 [pid 10570] chdir("./4822") = 0 [pid 10570] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10570] setpgid(0, 0) = 0 [pid 10570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10570] write(3, "1000", 4) = 4 [pid 10570] close(3) = 0 [pid 10570] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 10570] write(1, "executing program\n", 18) = 18 [pid 10570] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10570] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10570] memfd_create("syzkaller", 0) = 3 [pid 10570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10570] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10570] munmap(0x7ff698483000, 138412032) = 0 [pid 10570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 586.020313][T10568] loop0: detected capacity change from 0 to 512 [ 586.027756][T10568] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 586.038580][T10568] EXT4-fs (loop0): 1 truncate cleaned up [ 586.045577][T10568] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10570] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10570] close(3) = 0 [pid 10570] close(4) = 0 [pid 10570] mkdir("./file0", 0777) = 0 [pid 10570] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10570] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10570] chdir("./file0") = 0 [pid 10570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10570] ioctl(4, LOOP_CLR_FD) = 0 [pid 10570] close(4) = 0 [pid 10570] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10570] truncate("./file2", 0) = 0 [pid 10570] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10570] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10570] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10570, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4822", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4822", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4822/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4822/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4822/binderfs") = 0 umount2("./4822/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4822/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4822/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4822/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4822/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4822/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4822") = 0 mkdir("./4823", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10572 ./strace-static-x86_64: Process 10572 attached [pid 10572] set_robust_list(0x55558abad660, 24) = 0 [pid 10572] chdir("./4823") = 0 [pid 10572] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10572] setpgid(0, 0) = 0 [pid 10572] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10572] write(3, "1000", 4) = 4 [pid 10572] close(3) = 0 [pid 10572] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10572] write(1, "executing program\n", 18) = 18 [pid 10572] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10572] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10572] memfd_create("syzkaller", 0) = 3 [pid 10572] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10572] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10572] munmap(0x7ff698483000, 138412032) = 0 [pid 10572] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 586.079877][T10570] loop0: detected capacity change from 0 to 512 [ 586.087600][T10570] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 586.098712][T10570] EXT4-fs (loop0): 1 truncate cleaned up [ 586.105464][T10570] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10572] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10572] close(3) = 0 [pid 10572] close(4) = 0 [pid 10572] mkdir("./file0", 0777) = 0 [pid 10572] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10572] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10572] chdir("./file0") = 0 [pid 10572] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10572] ioctl(4, LOOP_CLR_FD) = 0 [pid 10572] close(4) = 0 [pid 10572] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10572] truncate("./file2", 0) = 0 [pid 10572] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10572] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10572] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10572, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4823", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4823", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4823/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4823/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4823/binderfs") = 0 umount2("./4823/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4823/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4823/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4823/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4823/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4823/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4823") = 0 mkdir("./4824", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55558abad650) = 10574 ./strace-static-x86_64: Process 10574 attached [pid 10574] set_robust_list(0x55558abad660, 24) = 0 [pid 10574] chdir("./4824") = 0 [pid 10574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10574] setpgid(0, 0) = 0 [pid 10574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10574] write(3, "1000", 4) = 4 [pid 10574] close(3) = 0 [pid 10574] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10574] write(1, "executing program\n", 18) = 18 [pid 10574] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10574] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10574] memfd_create("syzkaller", 0) = 3 [pid 10574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10574] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10574] munmap(0x7ff698483000, 138412032) = 0 [pid 10574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 586.135182][T10572] loop0: detected capacity change from 0 to 512 [ 586.142433][T10572] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 586.153119][T10572] EXT4-fs (loop0): 1 truncate cleaned up [ 586.160314][T10572] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10574] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10574] close(3) = 0 [pid 10574] close(4) = 0 [pid 10574] mkdir("./file0", 0777) = 0 [pid 10574] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10574] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10574] chdir("./file0") = 0 [pid 10574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10574] ioctl(4, LOOP_CLR_FD) = 0 [pid 10574] close(4) = 0 [pid 10574] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10574] truncate("./file2", 0) = 0 [pid 10574] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10574] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10574] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10574, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4824", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4824", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4824/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4824/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4824/binderfs") = 0 umount2("./4824/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4824/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4824/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4824/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4824/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4824/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4824") = 0 mkdir("./4825", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10577 ./strace-static-x86_64: Process 10577 attached [pid 10577] set_robust_list(0x55558abad660, 24) = 0 [pid 10577] chdir("./4825") = 0 [pid 10577] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10577] setpgid(0, 0) = 0 [pid 10577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10577] write(3, "1000", 4executing program ) = 4 [pid 10577] close(3) = 0 [pid 10577] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10577] write(1, "executing program\n", 18) = 18 [pid 10577] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10577] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10577] memfd_create("syzkaller", 0) = 3 [pid 10577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10577] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10577] munmap(0x7ff698483000, 138412032) = 0 [pid 10577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 586.201288][T10574] loop0: detected capacity change from 0 to 512 [ 586.208609][T10574] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 586.219376][T10574] EXT4-fs (loop0): 1 truncate cleaned up [ 586.226232][T10574] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10577] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10577] close(3) = 0 [pid 10577] close(4) = 0 [pid 10577] mkdir("./file0", 0777) = 0 [pid 10577] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10577] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10577] chdir("./file0") = 0 [pid 10577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10577] ioctl(4, LOOP_CLR_FD) = 0 [pid 10577] close(4) = 0 [pid 10577] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10577] truncate("./file2", 0) = 0 [pid 10577] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10577] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10577] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10577, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4825", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4825", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4825/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4825/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4825/binderfs") = 0 umount2("./4825/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4825/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4825/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4825/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4825/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4825/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4825") = 0 mkdir("./4826", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10579 ./strace-static-x86_64: Process 10579 attached [pid 10579] set_robust_list(0x55558abad660, 24) = 0 [pid 10579] chdir("./4826") = 0 [pid 10579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10579] setpgid(0, 0) = 0 [pid 10579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10579] write(3, "1000", 4) = 4 [pid 10579] close(3) = 0 [pid 10579] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10579] write(1, "executing program\n", 18) = 18 [pid 10579] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10579] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10579] memfd_create("syzkaller", 0) = 3 [pid 10579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10579] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10579] munmap(0x7ff698483000, 138412032) = 0 [pid 10579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 586.267146][T10577] loop0: detected capacity change from 0 to 512 [ 586.274544][T10577] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 586.285129][T10577] EXT4-fs (loop0): 1 truncate cleaned up [ 586.292375][T10577] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10579] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10579] close(3) = 0 [pid 10579] close(4) = 0 [pid 10579] mkdir("./file0", 0777) = 0 [pid 10579] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10579] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10579] chdir("./file0") = 0 [pid 10579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10579] ioctl(4, LOOP_CLR_FD) = 0 [pid 10579] close(4) = 0 [pid 10579] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10579] truncate("./file2", 0) = 0 [pid 10579] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10579] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10579] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10579, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4826", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4826", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4826/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4826/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4826/binderfs") = 0 umount2("./4826/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4826/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4826/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4826/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4826/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4826/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4826") = 0 mkdir("./4827", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10581 ./strace-static-x86_64: Process 10581 attached [pid 10581] set_robust_list(0x55558abad660, 24) = 0 [pid 10581] chdir("./4827") = 0 [pid 10581] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10581] setpgid(0, 0) = 0 [pid 10581] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10581] write(3, "1000", 4) = 4 [pid 10581] close(3) = 0 [pid 10581] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10581] write(1, "executing program\n", 18executing program ) = 18 [pid 10581] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10581] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10581] memfd_create("syzkaller", 0) = 3 [pid 10581] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10581] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10581] munmap(0x7ff698483000, 138412032) = 0 [pid 10581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 586.333776][T10579] loop0: detected capacity change from 0 to 512 [ 586.341115][T10579] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 586.351708][T10579] EXT4-fs (loop0): 1 truncate cleaned up [ 586.359000][T10579] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10581] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10581] close(3) = 0 [pid 10581] close(4) = 0 [pid 10581] mkdir("./file0", 0777) = 0 [pid 10581] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10581] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10581] chdir("./file0") = 0 [pid 10581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10581] ioctl(4, LOOP_CLR_FD) = 0 [pid 10581] close(4) = 0 [pid 10581] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10581] truncate("./file2", 0) = 0 [pid 10581] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10581] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10581] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10581, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4827", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4827", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4827/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4827/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4827/binderfs") = 0 umount2("./4827/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4827/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4827/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4827/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4827/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4827/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4827") = 0 mkdir("./4828", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10583 ./strace-static-x86_64: Process 10583 attached [pid 10583] set_robust_list(0x55558abad660, 24) = 0 [pid 10583] chdir("./4828") = 0 [pid 10583] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10583] setpgid(0, 0) = 0 [pid 10583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10583] write(3, "1000", 4) = 4 [pid 10583] close(3) = 0 [pid 10583] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10583] write(1, "executing program\n", 18executing program ) = 18 [pid 10583] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10583] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10583] memfd_create("syzkaller", 0) = 3 [pid 10583] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10583] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10583] munmap(0x7ff698483000, 138412032) = 0 [pid 10583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10583] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10583] close(3) = 0 [pid 10583] close(4) = 0 [pid 10583] mkdir("./file0", 0777) = 0 [pid 10583] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10583] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10583] chdir("./file0") = 0 [pid 10583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10583] ioctl(4, LOOP_CLR_FD) = 0 [pid 10583] close(4) = 0 [pid 10583] creat(NULL, 000) = -1 EFAULT (Bad address) [ 586.392590][T10581] loop0: detected capacity change from 0 to 512 [ 586.400211][T10581] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 586.410869][T10581] EXT4-fs (loop0): 1 truncate cleaned up [ 586.417892][T10581] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10583] truncate("./file2", 0) = 0 [pid 10583] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10583] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10583] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10583, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4828", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4828", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4828/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4828/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4828/binderfs") = 0 umount2("./4828/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4828/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4828/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4828/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4828/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4828/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4828") = 0 mkdir("./4829", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10585 ./strace-static-x86_64: Process 10585 attached [pid 10585] set_robust_list(0x55558abad660, 24) = 0 [pid 10585] chdir("./4829") = 0 [pid 10585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10585] setpgid(0, 0) = 0 [pid 10585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10585] write(3, "1000", 4) = 4 [pid 10585] close(3) = 0 [pid 10585] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 10585] write(1, "executing program\n", 18) = 18 [pid 10585] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10585] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10585] memfd_create("syzkaller", 0) = 3 [pid 10585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10585] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10585] munmap(0x7ff698483000, 138412032) = 0 [pid 10585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 586.453382][T10583] loop0: detected capacity change from 0 to 512 [ 586.460608][T10583] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 586.471237][T10583] EXT4-fs (loop0): 1 truncate cleaned up [ 586.478287][T10583] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [pid 10585] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10585] close(3) = 0 [pid 10585] close(4) = 0 [pid 10585] mkdir("./file0", 0777) = 0 [pid 10585] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC, "init_itable,commit=0x0000000000000000,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000"...) = 0 [pid 10585] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10585] chdir("./file0") = 0 [pid 10585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10585] ioctl(4, LOOP_CLR_FD) = 0 [pid 10585] close(4) = 0 [pid 10585] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 10585] truncate("./file2", 0) = 0 [pid 10585] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOSPC (No space left on device) [pid 10585] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 10585] +++ killed by SIGSEGV +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=10585, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4829", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4829", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558abae6f0 /* 4 entries */, 32768) = 112 umount2("./4829/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4829/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4829/binderfs") = 0 umount2("./4829/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4829/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4829/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4829/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4829/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558abb6730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558abb6730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4829/file0") = 0 getdents64(3, 0x55558abae6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4829") = 0 mkdir("./4830", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558abad650) = 10587 ./strace-static-x86_64: Process 10587 attached [pid 10587] set_robust_list(0x55558abad660, 24) = 0 [pid 10587] chdir("./4830") = 0 [pid 10587] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10587] setpgid(0, 0) = 0 [pid 10587] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10587] write(3, "1000", 4) = 4 [pid 10587] close(3) = 0 [pid 10587] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10587] write(1, "executing program\n", 18executing program ) = 18 [pid 10587] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=139}, NULL) = 0 [pid 10587] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 10587] memfd_create("syzkaller", 0) = 3 [pid 10587] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff698483000 [pid 10587] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 10587] munmap(0x7ff698483000, 138412032) = 0 [pid 10587] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 586.512682][T10585] loop0: detected capacity change from 0 to 512 [ 586.520181][T10585] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 586.530814][T10585] EXT4-fs (loop0): 1 truncate cleaned up [ 586.537722][T10585] EXT4-fs error (device loop0): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt.