./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor21137921 <...> [ 2.735948][ T30] audit: type=1400 audit(1678607941.229:7): avc: denied { add_name } for pid=79 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 2.738735][ T30] audit: type=1400 audit(1678607941.229:8): avc: denied { create } for pid=79 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 2.741472][ T30] audit: type=1400 audit(1678607941.229:9): avc: denied { append open } for pid=79 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 2.744466][ T30] audit: type=1400 audit(1678607941.229:10): avc: denied { getattr } for pid=79 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3.094703][ T96] udevd[96]: starting version 3.2.10 [ 3.133074][ T97] udevd[97]: starting eudev-3.2.10 [ 13.225939][ T30] kauditd_printk_skb: 49 callbacks suppressed [ 13.225949][ T30] audit: type=1400 audit(1678607951.729:60): avc: denied { transition } for pid=235 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.240599][ T30] audit: type=1400 audit(1678607951.739:61): avc: denied { write } for pid=235 comm="sh" path="pipe:[893]" dev="pipefs" ino=893 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 14.284650][ T236] sshd (236) used greatest stack depth: 22480 bytes left Warning: Permanently added '10.128.1.122' (ECDSA) to the list of known hosts. execve("./syz-executor21137921", ["./syz-executor21137921"], 0x7ffdd0fc27a0 /* 10 vars */) = 0 brk(NULL) = 0x55555557c000 brk(0x55555557cc40) = 0x55555557cc40 arch_prctl(ARCH_SET_FS, 0x55555557c300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555557c5d0) = 323 set_robust_list(0x55555557c5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f9da07f84d0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f9da07f8ba0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f9da07f8570, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9da07f8ba0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor21137921", 4096) = 26 brk(0x55555559dc40) = 0x55555559dc40 brk(0x55555559e000) = 0x55555559e000 mprotect(0x7f9da08ba000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 323 mkdir("./syzkaller.uS3xdD", 0700) = 0 chmod("./syzkaller.uS3xdD", 0777) = 0 chdir("./syzkaller.uS3xdD") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555557c5d0) = 324 ./strace-static-x86_64: Process 324 attached [pid 324] set_robust_list(0x55555557c5e0, 24) = 0 [pid 324] chdir("./0") = 0 [pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 324] setpgid(0, 0) = 0 [pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 324] write(3, "1000", 4) = 4 [pid 324] close(3) = 0 [pid 324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 324] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 324] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 324] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[325], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 325 [pid 324] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 325] memfd_create("syzkaller", 0) = 3 [pid 325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [pid 325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 325] munmap(0x7f9d983c7000, 1048576) = 0 [pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 20.935339][ T30] audit: type=1400 audit(1678607959.439:62): avc: denied { execmem } for pid=323 comm="syz-executor211" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.954819][ T30] audit: type=1400 audit(1678607959.439:63): avc: denied { read write } for pid=323 comm="syz-executor211" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.965350][ T325] loop0: detected capacity change from 0 to 2048 [pid 325] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 325] close(3) = 0 [pid 325] mkdir("./file0", 0777) = 0 [ 20.979323][ T30] audit: type=1400 audit(1678607959.439:64): avc: denied { open } for pid=323 comm="syz-executor211" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.009175][ T30] audit: type=1400 audit(1678607959.439:65): avc: denied { ioctl } for pid=323 comm="syz-executor211" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 325] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 325] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 325] chdir("./file0") = 0 [pid 325] ioctl(4, LOOP_CLR_FD) = 0 [pid 325] close(4) = 0 [pid 325] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] <... futex resumed>) = 0 [pid 324] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 325] <... futex resumed>) = 1 [pid 325] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 325] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 324] <... futex resumed>) = 0 [pid 324] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 324] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 324] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[331], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 331 [pid 324] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 325] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 325] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 331 attached [pid 331] set_robust_list(0x7f9d984c69e0, 24) = 0 [pid 331] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 331] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] <... futex resumed>) = 0 [pid 324] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 324] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 325] <... futex resumed>) = 0 [pid 325] open("./bus", O_RDWR) = 5 [pid 325] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 324] <... futex resumed>) = 0 [pid 324] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 325] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 324] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 21.015340][ T325] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 21.034789][ T30] audit: type=1400 audit(1678607959.499:66): avc: denied { mounton } for pid=324 comm="syz-executor211" path="/root/syzkaller.uS3xdD/0/file0" dev="sda1" ino=1141 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 325] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040 [pid 331] <... futex resumed>) = 1 [pid 331] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 325] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 325] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] <... futex resumed>) = 0 [pid 324] exit_group(0 [pid 331] <... futex resumed>) = ? [pid 324] <... exit_group resumed>) = ? [pid 331] +++ exited with 0 +++ [pid 325] <... futex resumed>) = ? [pid 325] +++ exited with 0 +++ [pid 324] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555557d620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 21.069499][ T30] audit: type=1400 audit(1678607959.549:67): avc: denied { mount } for pid=324 comm="syz-executor211" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 21.071668][ T325] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 21.091622][ T30] audit: type=1400 audit(1678607959.569:68): avc: denied { write } for pid=324 comm="syz-executor211" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.127971][ T30] audit: type=1400 audit(1678607959.569:69): avc: denied { add_name } for pid=324 comm="syz-executor211" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.148565][ T30] audit: type=1400 audit(1678607959.569:70): avc: denied { create } for pid=324 comm="syz-executor211" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555585660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555585660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x55555557d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555557c5d0) = 333 ./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x55555557c5e0, 24) = 0 [pid 333] chdir("./1") = 0 [pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 333] setpgid(0, 0) = 0 [pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 333] write(3, "1000", 4) = 4 [pid 333] close(3) = 0 [pid 333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 333] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 333] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 333] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[334], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 334 [pid 333] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 334] memfd_create("syzkaller", 0) = 3 [pid 334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [pid 334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 334] munmap(0x7f9d983c7000, 1048576) = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 21.168547][ T30] audit: type=1400 audit(1678607959.569:71): avc: denied { read write open } for pid=324 comm="syz-executor211" path="/root/syzkaller.uS3xdD/0/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [pid 334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 334] close(3) = 0 [pid 334] mkdir("./file0", 0777) = 0 [pid 334] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 334] chdir("./file0") = 0 [pid 334] ioctl(4, LOOP_CLR_FD) = 0 [pid 334] close(4) = 0 [pid 334] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 334] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 333] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 333] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[337], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 337 [pid 333] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 334] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 337 attached [pid 337] set_robust_list(0x7f9d984c69e0, 24) = 0 [pid 337] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 337] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 333] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 0 [pid 334] open("./bus", O_RDWR) = 5 [pid 334] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040 [pid 337] <... futex resumed>) = 1 [pid 337] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 334] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 334] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 334] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 333] <... futex resumed>) = 0 [pid 333] exit_group(0) = ? [pid 337] <... futex resumed>) = ? [pid 337] +++ exited with 0 +++ [pid 334] <... futex resumed>) = ? [pid 334] +++ exited with 0 +++ [pid 333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555557d620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555585660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555585660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 21.245987][ T334] loop0: detected capacity change from 0 to 2048 [ 21.264297][ T334] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 21.279968][ T334] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters rmdir("./1/file0") = 0 getdents64(3, 0x55555557d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555557c5d0) = 338 ./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x55555557c5e0, 24) = 0 [pid 338] chdir("./2") = 0 [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 338] setpgid(0, 0) = 0 [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 338] write(3, "1000", 4) = 4 [pid 338] close(3) = 0 [pid 338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 338] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 338] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 338] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[339], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 339 [pid 338] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 339] memfd_create("syzkaller", 0) = 3 [pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [pid 339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 339] munmap(0x7f9d983c7000, 1048576) = 0 [pid 339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 339] close(3) = 0 [pid 339] mkdir("./file0", 0777) = 0 [pid 339] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 339] chdir("./file0") = 0 [pid 339] ioctl(4, LOOP_CLR_FD) = 0 [pid 339] close(4) = 0 [pid 339] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... futex resumed>) = 1 [pid 339] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 339] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 338] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 338] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[342], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 342 [pid 338] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... futex resumed>) = 1 [pid 339] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 339] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 342 attached [pid 342] set_robust_list(0x7f9d984c69e0, 24) = 0 [pid 342] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 342] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... futex resumed>) = 0 [pid 339] open("./bus", O_RDWR) = 5 [pid 339] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... futex resumed>) = 1 [pid 339] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... futex resumed>) = 1 [pid 339] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040 [pid 342] <... futex resumed>) = 1 [pid 342] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 339] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 339] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 338] exit_group(0) = ? [pid 342] <... futex resumed>) = ? [pid 342] +++ exited with 0 +++ [pid 339] +++ exited with 0 +++ [pid 338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=338, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555557d620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 21.338595][ T339] loop0: detected capacity change from 0 to 2048 [ 21.354240][ T339] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 21.373247][ T339] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555585660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555585660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x55555557d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 344 attached , child_tidptr=0x55555557c5d0) = 344 [pid 344] set_robust_list(0x55555557c5e0, 24) = 0 [pid 344] chdir("./3") = 0 [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 344] setpgid(0, 0) = 0 [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 344] write(3, "1000", 4) = 4 [pid 344] close(3) = 0 [pid 344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 344] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 344] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 344] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 345] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 344] <... clone resumed>, parent_tid=[345], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 345 [pid 344] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 345] <... futex resumed>) = 0 [pid 345] memfd_create("syzkaller", 0 [pid 344] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 345] <... memfd_create resumed>) = 3 [pid 345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [pid 345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 345] munmap(0x7f9d983c7000, 1048576) = 0 [pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 345] close(3) = 0 [pid 345] mkdir("./file0", 0777) = 0 [pid 345] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 345] chdir("./file0") = 0 [pid 345] ioctl(4, LOOP_CLR_FD) = 0 [pid 345] close(4) = 0 [pid 345] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 345] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 344] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 345] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 344] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 348 attached [pid 348] set_robust_list(0x7f9d984c69e0, 24 [pid 344] <... clone resumed>, parent_tid=[348], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 348 [pid 345] <... write resumed>) = 9 [pid 345] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 344] <... futex resumed>) = 0 [pid 345] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 344] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 348] <... set_robust_list resumed>) = 0 [pid 348] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 348] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] <... futex resumed>) = 0 [pid 348] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 344] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 345] <... futex resumed>) = 0 [pid 344] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] open("./bus", O_RDWR) = 5 [pid 345] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] <... futex resumed>) = 0 [pid 345] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 344] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] <... mmap resumed>) = 0x20000000 [pid 344] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 21.484670][ T345] loop0: detected capacity change from 0 to 2048 [ 21.514586][ T345] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 345] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040 [pid 344] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 345] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 345] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 344] <... futex resumed>) = 0 [pid 344] exit_group(0) = ? [pid 345] <... futex resumed>) = ? [pid 345] +++ exited with 0 +++ [pid 348] <... futex resumed>) = ? [pid 348] +++ exited with 0 +++ [pid 344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=344, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555557d620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555585660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555585660 /* 0 entries */, 32768) = 0 [ 21.536818][ T345] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x55555557d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555557c5d0) = 349 ./strace-static-x86_64: Process 349 attached [pid 349] set_robust_list(0x55555557c5e0, 24) = 0 [pid 349] chdir("./4") = 0 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 349] setpgid(0, 0) = 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 349] write(3, "1000", 4) = 4 [pid 349] close(3) = 0 [pid 349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 349] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 349] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 349] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[350], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 350 [pid 349] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 350 attached [pid 350] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 350] memfd_create("syzkaller", 0) = 3 [pid 350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [pid 350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 350] munmap(0x7f9d983c7000, 1048576) = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 350] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 350] close(3) = 0 [pid 350] mkdir("./file0", 0777) = 0 [pid 350] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 350] chdir("./file0") = 0 [pid 350] ioctl(4, LOOP_CLR_FD) = 0 [pid 350] close(4) = 0 [pid 350] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] <... futex resumed>) = 1 [pid 350] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 350] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 349] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 349] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[353], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 353 [pid 349] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] <... futex resumed>) = 1 [pid 350] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 350] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 353 attached [pid 353] set_robust_list(0x7f9d984c69e0, 24) = 0 [pid 353] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 353] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 353] <... futex resumed>) = 1 [pid 349] <... futex resumed>) = 1 [pid 349] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] <... futex resumed>) = 0 [pid 353] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] open("./bus", O_RDWR) = 5 [pid 350] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 350] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 349] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 349] <... futex resumed>) = 1 [pid 350] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 349] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] <... mmap resumed>) = 0x20000000 [pid 350] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] <... futex resumed>) = 0 [pid 350] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 349] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 349] <... futex resumed>) = 0 [pid 350] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040 [ 21.609089][ T350] loop0: detected capacity change from 0 to 2048 [ 21.634416][ T350] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 349] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 350] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 350] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 349] <... futex resumed>) = 0 [pid 349] exit_group(0) = ? [pid 350] <... futex resumed>) = ? [pid 350] +++ exited with 0 +++ [pid 353] <... futex resumed>) = ? [pid 353] +++ exited with 0 +++ [pid 349] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=349, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555557d620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555585660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555585660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x55555557d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555557c5d0) = 354 ./strace-static-x86_64: Process 354 attached [pid 354] set_robust_list(0x55555557c5e0, 24) = 0 [pid 354] chdir("./5") = 0 [pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 354] setpgid(0, 0) = 0 [pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 354] write(3, "1000", 4) = 4 [pid 354] close(3) = 0 [pid 354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 354] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 354] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 354] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[355], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 355 [pid 354] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 354] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 355] memfd_create("syzkaller", 0) = 3 [pid 355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [ 21.655490][ T350] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 355] munmap(0x7f9d983c7000, 1048576) = 0 [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 355] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 355] close(3) = 0 [pid 355] mkdir("./file0", 0777) = 0 [pid 355] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 355] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 355] chdir("./file0") = 0 [pid 355] ioctl(4, LOOP_CLR_FD) = 0 [pid 355] close(4) = 0 [pid 355] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 354] <... futex resumed>) = 0 [pid 354] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 354] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 355] <... futex resumed>) = 0 [pid 355] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 355] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 354] <... futex resumed>) = 0 [pid 354] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 354] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 354] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 354] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[358], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 358 [pid 354] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 354] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 355] <... futex resumed>) = 1 [pid 355] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 355] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 358 attached [pid 358] set_robust_list(0x7f9d984c69e0, 24) = 0 [pid 358] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 358] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 354] <... futex resumed>) = 0 [pid 354] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 354] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 355] <... futex resumed>) = 0 [pid 358] <... futex resumed>) = 1 [pid 355] open("./bus", O_RDWR [pid 358] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] <... open resumed>) = 5 [pid 355] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 354] <... futex resumed>) = 0 [pid 354] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 354] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 355] <... futex resumed>) = 1 [pid 355] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 354] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 354] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 21.721861][ T355] loop0: detected capacity change from 0 to 2048 [ 21.744555][ T355] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 355] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040) = -1 EFAULT (Bad address) [pid 355] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 354] <... futex resumed>) = 0 [pid 354] exit_group(0 [pid 358] <... futex resumed>) = ? [pid 354] <... exit_group resumed>) = ? [pid 358] +++ exited with 0 +++ [pid 355] <... futex resumed>) = ? [pid 355] +++ exited with 0 +++ [pid 354] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=354, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555557d620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 21.765134][ T355] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555585660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555585660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x55555557d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555557c5d0) = 359 ./strace-static-x86_64: Process 359 attached [pid 359] set_robust_list(0x55555557c5e0, 24) = 0 [pid 359] chdir("./6") = 0 [pid 359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 359] setpgid(0, 0) = 0 [pid 359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 359] write(3, "1000", 4) = 4 [pid 359] close(3) = 0 [pid 359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 359] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 359] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 359] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[360], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 360 [pid 359] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 360] memfd_create("syzkaller", 0) = 3 [pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [pid 360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 360] munmap(0x7f9d983c7000, 1048576) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 360] close(3) = 0 [pid 360] mkdir("./file0", 0777) = 0 [pid 360] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 360] chdir("./file0") = 0 [pid 360] ioctl(4, LOOP_CLR_FD) = 0 [pid 360] close(4) = 0 [pid 360] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 1 [pid 360] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 360] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 359] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 359] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[363], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 363 [pid 359] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 1 [pid 360] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 360] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x7f9d984c69e0, 24) = 0 [pid 363] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 363] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 359] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 0 [pid 360] open("./bus", O_RDWR) = 5 [pid 360] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 1 [pid 360] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 359] <... futex resumed>) = 0 [pid 359] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 1 [pid 360] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040 [pid 363] <... futex resumed>) = 1 [pid 363] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 360] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 360] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 359] exit_group(0) = ? [pid 360] <... futex resumed>) = ? [pid 363] <... futex resumed>) = ? [pid 363] +++ exited with 0 +++ [pid 360] +++ exited with 0 +++ [pid 359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=359, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555557d620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 21.877450][ T360] loop0: detected capacity change from 0 to 2048 [ 21.894597][ T360] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 21.909521][ T360] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555585660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555585660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x55555557d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555557c5d0) = 364 ./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x55555557c5e0, 24) = 0 [pid 364] chdir("./7") = 0 [pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 364] setpgid(0, 0) = 0 [pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 364] write(3, "1000", 4) = 4 [pid 364] close(3) = 0 [pid 364] symlink("/dev/binderfs", "./binderfs") = 0 [pid 364] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 364] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 364] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[365], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 365 [pid 364] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 365] memfd_create("syzkaller", 0) = 3 [pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [pid 365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 365] munmap(0x7f9d983c7000, 1048576) = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 365] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 365] close(3) = 0 [pid 365] mkdir("./file0", 0777) = 0 [pid 365] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 365] chdir("./file0") = 0 [pid 365] ioctl(4, LOOP_CLR_FD) = 0 [pid 365] close(4) = 0 [pid 365] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 365] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 364] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 0 [pid 365] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 365] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 364] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 364] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[368], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 368 ./strace-static-x86_64: Process 368 attached [pid 364] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] set_robust_list(0x7f9d984c69e0, 24 [pid 364] <... futex resumed>) = 0 [pid 368] <... set_robust_list resumed>) = 0 [pid 364] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 365] <... futex resumed>) = 1 [pid 365] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 368] <... write resumed>) = 9 [pid 368] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... write resumed>) = 9 [pid 365] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 368] <... futex resumed>) = 1 [pid 368] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 364] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 0 [pid 365] open("./bus", O_RDWR) = 5 [pid 365] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040) = -1 EFAULT (Bad address) [pid 365] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 364] <... futex resumed>) = 0 [pid 364] exit_group(0 [pid 365] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 368] <... futex resumed>) = ? [pid 365] <... futex resumed>) = ? [pid 364] <... exit_group resumed>) = ? [pid 368] +++ exited with 0 +++ [pid 365] +++ exited with 0 +++ [pid 364] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=364, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555557d620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 [ 22.039734][ T365] loop0: detected capacity change from 0 to 2048 [ 22.054452][ T365] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 22.072328][ T365] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555585660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555585660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x55555557d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555557c5d0) = 369 ./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x55555557c5e0, 24) = 0 [pid 369] chdir("./8") = 0 [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 369] setpgid(0, 0) = 0 [pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 369] write(3, "1000", 4) = 4 [pid 369] close(3) = 0 [pid 369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 369] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 369] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 369] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[370], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 370 [pid 369] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 370 attached [pid 369] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 370] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 370] memfd_create("syzkaller", 0) = 3 [pid 370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [pid 370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 370] munmap(0x7f9d983c7000, 1048576) = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 370] close(3) = 0 [pid 370] mkdir("./file0", 0777) = 0 [pid 370] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 370] chdir("./file0") = 0 [pid 370] ioctl(4, LOOP_CLR_FD) = 0 [pid 370] close(4) = 0 [pid 370] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 370] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 369] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 369] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[373], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 373 [pid 369] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 370] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 373 attached [pid 373] set_robust_list(0x7f9d984c69e0, 24) = 0 [pid 373] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 373] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 369] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 0 [pid 370] open("./bus", O_RDWR) = 5 [pid 370] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 373] <... futex resumed>) = 1 [pid 370] <... futex resumed>) = 1 [pid 369] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040) = -1 EFAULT (Bad address) [pid 370] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] exit_group(0 [pid 373] <... futex resumed>) = ? [pid 369] <... exit_group resumed>) = ? [pid 373] +++ exited with 0 +++ [pid 370] <... futex resumed>) = ? [pid 370] +++ exited with 0 +++ [pid 369] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=369, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555557d620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 [ 22.141299][ T370] loop0: detected capacity change from 0 to 2048 [ 22.154563][ T370] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 22.173202][ T370] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555585660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555585660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x55555557d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555557c5d0) = 375 ./strace-static-x86_64: Process 375 attached [pid 375] set_robust_list(0x55555557c5e0, 24) = 0 [pid 375] chdir("./9") = 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 375] setpgid(0, 0) = 0 [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3) = 0 [pid 375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 375] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 375] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 375] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[376], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 376 [pid 375] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 376] memfd_create("syzkaller", 0) = 3 [pid 376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [pid 376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 376] munmap(0x7f9d983c7000, 1048576) = 0 [pid 376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 376] close(3) = 0 [pid 376] mkdir("./file0", 0777) = 0 [pid 376] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 376] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 376] chdir("./file0") = 0 [pid 376] ioctl(4, LOOP_CLR_FD) = 0 [pid 376] close(4) = 0 [pid 376] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 375] <... futex resumed>) = 0 [pid 375] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] <... futex resumed>) = 1 [pid 376] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 376] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 375] <... futex resumed>) = 0 [pid 375] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 375] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 375] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x7f9d984c69e0, 24 [pid 375] <... clone resumed>, parent_tid=[379], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 379 [pid 379] <... set_robust_list resumed>) = 0 [pid 375] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 379] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 375] <... futex resumed>) = 0 [pid 375] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 379] <... write resumed>) = 9 [pid 376] <... futex resumed>) = 1 [pid 379] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 376] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] <... futex resumed>) = 1 [pid 375] <... futex resumed>) = 0 [pid 379] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 375] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = 0 [pid 375] <... futex resumed>) = 1 [pid 376] open("./bus", O_RDWR [pid 375] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] <... open resumed>) = 5 [pid 376] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] <... futex resumed>) = 0 [pid 376] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 375] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] <... mmap resumed>) = 0x20000000 [pid 376] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] <... futex resumed>) = 0 [pid 376] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040 [pid 375] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 22.246305][ T376] loop0: detected capacity change from 0 to 2048 [ 22.264713][ T376] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 375] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 376] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 375] <... futex resumed>) = 0 [pid 375] exit_group(0) = ? [pid 379] <... futex resumed>) = ? [pid 379] +++ exited with 0 +++ [pid 376] <... futex resumed>) = ? [pid 376] +++ exited with 0 +++ [pid 375] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555557d620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 [ 22.285910][ T376] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555585660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555585660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x55555557d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555557c5d0) = 380 ./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x55555557c5e0, 24) = 0 [pid 380] chdir("./10") = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0) = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 380] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 380] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 380] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[381], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 381 [pid 380] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 381 attached [pid 381] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 381] memfd_create("syzkaller", 0) = 3 [pid 381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [pid 381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 381] munmap(0x7f9d983c7000, 1048576) = 0 [pid 381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 381] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 381] close(3) = 0 [pid 381] mkdir("./file0", 0777) = 0 [pid 381] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 381] chdir("./file0") = 0 [pid 381] ioctl(4, LOOP_CLR_FD) = 0 [pid 381] close(4) = 0 [pid 381] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] <... futex resumed>) = 0 [pid 380] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... futex resumed>) = 1 [pid 381] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 381] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] <... futex resumed>) = 0 [pid 380] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 380] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 380] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[384], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 384 [pid 380] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... futex resumed>) = 1 [pid 381] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 381] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 384 attached [pid 384] set_robust_list(0x7f9d984c69e0, 24) = 0 [pid 384] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 384] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] <... futex resumed>) = 0 [pid 380] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... futex resumed>) = 0 [pid 381] open("./bus", O_RDWR) = 5 [pid 381] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 380] <... futex resumed>) = 0 [pid 380] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... futex resumed>) = 1 [pid 381] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040 [pid 384] <... futex resumed>) = 1 [pid 384] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 381] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 381] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] <... futex resumed>) = 0 [pid 380] exit_group(0) = ? [pid 381] <... futex resumed>) = ? [pid 381] +++ exited with 0 +++ [pid 384] <... futex resumed>) = ? [pid 384] +++ exited with 0 +++ [pid 380] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=380, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555557d620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 [ 22.357646][ T381] loop0: detected capacity change from 0 to 2048 [ 22.374690][ T381] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 22.392094][ T381] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555585660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555585660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x55555557d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555557c5d0) = 385 ./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x55555557c5e0, 24) = 0 [pid 385] chdir("./11") = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 385] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 385] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 385] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[386], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 386 [pid 385] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 386 attached [pid 386] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 386] memfd_create("syzkaller", 0) = 3 [pid 386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [pid 386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 386] munmap(0x7f9d983c7000, 1048576) = 0 [pid 386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 386] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 386] close(3) = 0 [pid 386] mkdir("./file0", 0777) = 0 [pid 386] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 386] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 386] chdir("./file0") = 0 [pid 386] ioctl(4, LOOP_CLR_FD) = 0 [pid 386] close(4) = 0 [pid 386] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] <... futex resumed>) = 1 [pid 386] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 386] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 385] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 385] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[389], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 389 [pid 385] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] <... futex resumed>) = 1 [pid 386] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 386] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 386] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 389 attached [pid 389] set_robust_list(0x7f9d984c69e0, 24) = 0 [pid 389] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 389] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] <... futex resumed>) = 0 [pid 386] open("./bus", O_RDWR) = 5 [pid 386] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 385] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040 [pid 389] <... futex resumed>) = 1 [pid 389] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 386] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 386] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = 0 [pid 385] exit_group(0) = ? [pid 389] <... futex resumed>) = ? [pid 386] <... futex resumed>) = ? [pid 386] +++ exited with 0 +++ [pid 389] +++ exited with 0 +++ [pid 385] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=385, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555557d620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 [ 22.456283][ T386] loop0: detected capacity change from 0 to 2048 [ 22.474403][ T386] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 22.491502][ T386] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555585660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555585660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x55555557d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555557c5d0) = 390 ./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x55555557c5e0, 24) = 0 [pid 390] chdir("./12") = 0 [pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 390] setpgid(0, 0) = 0 [pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 390] write(3, "1000", 4) = 4 [pid 390] close(3) = 0 [pid 390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 390] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 390] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 390] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[391], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 391 ./strace-static-x86_64: Process 391 attached [pid 390] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 391] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 391] memfd_create("syzkaller", 0) = 3 [pid 391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [pid 391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 391] munmap(0x7f9d983c7000, 1048576) = 0 [pid 391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 391] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 391] close(3) = 0 [pid 391] mkdir("./file0", 0777) = 0 [pid 391] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 391] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 391] chdir("./file0") = 0 [pid 391] ioctl(4, LOOP_CLR_FD) = 0 [pid 391] close(4) = 0 [pid 391] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 391] <... futex resumed>) = 1 [pid 391] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000 [pid 390] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... open resumed>) = 4 [pid 391] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 390] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 390] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 390] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 391] <... futex resumed>) = 1 [pid 391] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 390] <... clone resumed>, parent_tid=[394], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 394 [pid 390] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 394 attached [pid 391] <... write resumed>) = 9 [pid 394] set_robust_list(0x7f9d984c69e0, 24) = 0 [pid 394] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 391] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 394] <... write resumed>) = 9 [pid 394] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 390] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 390] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... futex resumed>) = 0 [pid 391] open("./bus", O_RDWR [pid 394] <... futex resumed>) = 1 [pid 391] <... open resumed>) = 5 [pid 394] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 390] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 1 [pid 390] <... futex resumed>) = 0 [pid 391] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 390] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... mmap resumed>) = 0x20000000 [pid 391] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 390] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 390] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... futex resumed>) = 0 [ 22.601204][ T391] loop0: detected capacity change from 0 to 2048 [ 22.614744][ T391] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 391] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040) = -1 EFAULT (Bad address) [pid 391] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 390] exit_group(0) = ? [pid 394] <... futex resumed>) = ? [pid 391] <... futex resumed>) = ? [pid 394] +++ exited with 0 +++ [pid 391] +++ exited with 0 +++ [pid 390] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=390, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555557d620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 [ 22.640147][ T391] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555585660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555585660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x55555557d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555557c5d0) = 395 ./strace-static-x86_64: Process 395 attached [pid 395] set_robust_list(0x55555557c5e0, 24) = 0 [pid 395] chdir("./13") = 0 [pid 395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 395] setpgid(0, 0) = 0 [pid 395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 395] write(3, "1000", 4) = 4 [pid 395] close(3) = 0 [pid 395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 395] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 395] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 395] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[396], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 396 [pid 395] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 396 attached [pid 396] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 396] memfd_create("syzkaller", 0) = 3 [pid 396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [pid 396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 396] munmap(0x7f9d983c7000, 1048576) = 0 [pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 396] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 396] close(3) = 0 [pid 396] mkdir("./file0", 0777) = 0 [pid 396] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 396] chdir("./file0") = 0 [pid 396] ioctl(4, LOOP_CLR_FD) = 0 [pid 396] close(4) = 0 [pid 396] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 396] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 395] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 395] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[399], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 399 [pid 395] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] <... futex resumed>) = 1 [pid 396] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9./strace-static-x86_64: Process 399 attached [pid 399] set_robust_list(0x7f9d984c69e0, 24) = 0 [pid 399] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 396] <... write resumed>) = 9 [pid 396] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] <... write resumed>) = 9 [pid 399] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] <... futex resumed>) = 1 [pid 399] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] <... futex resumed>) = 1 [pid 396] open("./bus", O_RDWR) = 5 [pid 396] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] <... futex resumed>) = 1 [pid 396] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] <... futex resumed>) = 1 [ 22.761174][ T396] loop0: detected capacity change from 0 to 2048 [ 22.774672][ T396] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 396] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040) = -1 EFAULT (Bad address) [pid 396] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... futex resumed>) = 0 [pid 395] exit_group(0 [pid 399] <... futex resumed>) = ? [pid 395] <... exit_group resumed>) = ? [pid 399] +++ exited with 0 +++ [pid 396] <... futex resumed>) = ? [pid 396] +++ exited with 0 +++ [pid 395] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=395, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555557d620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555585660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555585660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x55555557d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555557c5d0) = 400 ./strace-static-x86_64: Process 400 attached [pid 400] set_robust_list(0x55555557c5e0, 24) = 0 [pid 400] chdir("./14") = 0 [pid 400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 400] setpgid(0, 0) = 0 [ 22.798161][ T396] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 400] write(3, "1000", 4) = 4 [pid 400] close(3) = 0 [pid 400] symlink("/dev/binderfs", "./binderfs") = 0 [pid 400] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 400] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 400] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[401], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 401 ./strace-static-x86_64: Process 401 attached [pid 400] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 401] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 401] memfd_create("syzkaller", 0) = 3 [pid 401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [pid 401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 401] munmap(0x7f9d983c7000, 1048576) = 0 [pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 401] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 401] close(3) = 0 [pid 401] mkdir("./file0", 0777) = 0 [pid 401] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 401] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 401] chdir("./file0") = 0 [pid 401] ioctl(4, LOOP_CLR_FD) = 0 [pid 401] close(4) = 0 [pid 401] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... futex resumed>) = 0 [pid 400] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 401] <... futex resumed>) = 1 [pid 401] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 401] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... futex resumed>) = 0 [pid 400] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 400] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 400] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[404], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 404 [pid 400] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 401] <... futex resumed>) = 1 [pid 401] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 401] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 404 attached [pid 404] set_robust_list(0x7f9d984c69e0, 24) = 0 [pid 404] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 404] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... futex resumed>) = 0 [pid 400] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 400] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 401] <... futex resumed>) = 0 [pid 401] open("./bus", O_RDWR) = 5 [pid 404] <... futex resumed>) = 1 [pid 401] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 400] <... futex resumed>) = 0 [pid 400] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 401] <... futex resumed>) = 1 [pid 401] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 400] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 401] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040) = -1 EFAULT (Bad address) [pid 401] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 400] <... futex resumed>) = 0 [pid 401] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 400] exit_group(0 [pid 404] <... futex resumed>) = ? [pid 400] <... exit_group resumed>) = ? [pid 404] +++ exited with 0 +++ [pid 401] <... futex resumed>) = ? [pid 401] +++ exited with 0 +++ [pid 400] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=400, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555557d620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 22.860385][ T401] loop0: detected capacity change from 0 to 2048 [ 22.874264][ T401] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 22.894849][ T401] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555585660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555585660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x55555557d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555557c5d0) = 405 ./strace-static-x86_64: Process 405 attached [pid 405] set_robust_list(0x55555557c5e0, 24) = 0 [pid 405] chdir("./15") = 0 [pid 405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 405] setpgid(0, 0) = 0 [pid 405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 405] write(3, "1000", 4) = 4 [pid 405] close(3) = 0 [pid 405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 405] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 405] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 405] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 406 attached , parent_tid=[406], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 406 [pid 406] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 406] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 406] <... futex resumed>) = 0 [pid 406] memfd_create("syzkaller", 0 [pid 405] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 406] <... memfd_create resumed>) = 3 [pid 406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [pid 406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 406] munmap(0x7f9d983c7000, 1048576) = 0 [pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 406] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 406] close(3) = 0 [pid 406] mkdir("./file0", 0777) = 0 [pid 406] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 406] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 406] chdir("./file0") = 0 [pid 406] ioctl(4, LOOP_CLR_FD) = 0 [pid 406] close(4) = 0 [pid 406] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = 0 [pid 405] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 1 [pid 406] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 406] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = 0 [pid 405] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 405] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 406] <... futex resumed>) = 1 [pid 405] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 409 attached [pid 409] set_robust_list(0x7f9d984c69e0, 24) = 0 [pid 409] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 406] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 405] <... clone resumed>, parent_tid=[409], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 409 [pid 405] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 405] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... write resumed>) = 9 [pid 409] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = 0 [pid 405] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 1 [pid 409] open("./bus", O_RDWR) = 5 [pid 409] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = 0 [pid 405] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 1 [pid 409] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 405] <... futex resumed>) = 0 [pid 405] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 1 [pid 409] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040 [pid 406] <... write resumed>) = 9 [pid 406] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 22.971858][ T406] loop0: detected capacity change from 0 to 2048 [ 22.994335][ T406] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 406] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 409] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 409] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = 0 [pid 405] exit_group(0) = ? [pid 406] <... futex resumed>) = 231 [pid 406] +++ exited with 0 +++ [pid 409] <... futex resumed>) = ? [pid 409] +++ exited with 0 +++ [pid 405] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=405, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555557d620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 23.014502][ T409] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555585660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555585660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x55555557d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555557c5d0) = 410 ./strace-static-x86_64: Process 410 attached [pid 410] set_robust_list(0x55555557c5e0, 24) = 0 [pid 410] chdir("./16") = 0 [pid 410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 410] setpgid(0, 0) = 0 [pid 410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 410] write(3, "1000", 4) = 4 [pid 410] close(3) = 0 [pid 410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 410] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 410] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 410] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[411], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 411 [pid 410] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 411 attached [pid 411] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 411] memfd_create("syzkaller", 0) = 3 [pid 411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [pid 411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 411] munmap(0x7f9d983c7000, 1048576) = 0 [pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 411] close(3) = 0 [pid 411] mkdir("./file0", 0777) = 0 [pid 411] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 411] chdir("./file0") = 0 [pid 411] ioctl(4, LOOP_CLR_FD) = 0 [pid 411] close(4) = 0 [pid 411] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] <... futex resumed>) = 0 [pid 410] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] <... futex resumed>) = 1 [pid 411] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 411] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] <... futex resumed>) = 0 [pid 410] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 410] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 410] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[414], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 414 [pid 410] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] <... futex resumed>) = 1 [pid 411] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 ./strace-static-x86_64: Process 414 attached [pid 411] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 414] set_robust_list(0x7f9d984c69e0, 24) = 0 [pid 414] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 414] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] <... futex resumed>) = 0 [pid 410] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 414] <... futex resumed>) = 1 [pid 414] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 411] <... futex resumed>) = 1 [pid 410] <... futex resumed>) = 0 [pid 411] open("./bus", O_RDWR [pid 410] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] <... open resumed>) = 5 [pid 411] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] <... futex resumed>) = 0 [pid 410] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] <... futex resumed>) = 1 [pid 411] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 410] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040) = -1 EFAULT (Bad address) [pid 411] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 411] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] <... futex resumed>) = 0 [pid 410] exit_group(0) = ? [pid 414] <... futex resumed>) = ? [pid 411] <... futex resumed>) = ? [pid 414] +++ exited with 0 +++ [pid 411] +++ exited with 0 +++ [pid 410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=410, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555557d620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 [ 23.162622][ T411] loop0: detected capacity change from 0 to 2048 [ 23.174675][ T411] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 23.192328][ T411] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555585660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555585660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x55555557d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555557c5d0) = 416 ./strace-static-x86_64: Process 416 attached [pid 416] set_robust_list(0x55555557c5e0, 24) = 0 [pid 416] chdir("./17") = 0 [pid 416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 416] setpgid(0, 0) = 0 [pid 416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 416] write(3, "1000", 4) = 4 [pid 416] close(3) = 0 [pid 416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 416] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 416] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 416] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[417], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 417 [pid 416] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 417 attached [pid 417] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 417] memfd_create("syzkaller", 0) = 3 [pid 417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [pid 417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 417] munmap(0x7f9d983c7000, 1048576) = 0 [pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 417] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 417] close(3) = 0 [pid 417] mkdir("./file0", 0777) = 0 [pid 417] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 417] chdir("./file0") = 0 [pid 417] ioctl(4, LOOP_CLR_FD) = 0 [pid 417] close(4) = 0 [pid 417] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 417] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 416] <... futex resumed>) = 0 [pid 416] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 417] <... futex resumed>) = 0 [pid 417] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 417] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... futex resumed>) = 0 [pid 416] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 416] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 416] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 420 attached , parent_tid=[420], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 420 [pid 420] set_robust_list(0x7f9d984c69e0, 24 [pid 416] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... set_robust_list resumed>) = 0 [pid 416] <... futex resumed>) = 0 [pid 420] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 416] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 420] <... write resumed>) = 9 [pid 417] <... futex resumed>) = 1 [pid 420] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 417] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 420] <... futex resumed>) = 1 [pid 416] <... futex resumed>) = 0 [pid 420] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 416] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 420] <... futex resumed>) = 0 [pid 420] open("./bus", O_RDWR [pid 417] <... write resumed>) = 9 [pid 420] <... open resumed>) = 5 [pid 417] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7f9da08c07a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 420] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... futex resumed>) = 0 [pid 416] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 417] <... futex resumed>) = 0 [pid 417] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 420] <... futex resumed>) = 1 [pid 420] futex(0x7f9da08c07b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 417] <... mmap resumed>) = 0x20000000 [pid 417] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... futex resumed>) = 0 [pid 416] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 417] <... futex resumed>) = 1 [pid 417] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040) = -1 EFAULT (Bad address) [pid 417] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... futex resumed>) = 0 [pid 416] exit_group(0 [pid 420] <... futex resumed>) = ? [pid 416] <... exit_group resumed>) = ? [pid 420] +++ exited with 0 +++ [pid 417] <... futex resumed>) = ? [pid 417] +++ exited with 0 +++ [pid 416] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=416, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555557d620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 [ 23.279882][ T417] loop0: detected capacity change from 0 to 2048 [ 23.294411][ T417] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 23.314499][ T417] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555585660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555585660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x55555557d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555557c5d0) = 421 ./strace-static-x86_64: Process 421 attached [pid 421] set_robust_list(0x55555557c5e0, 24) = 0 [pid 421] chdir("./18") = 0 [pid 421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 421] setpgid(0, 0) = 0 [pid 421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 421] write(3, "1000", 4) = 4 [pid 421] close(3) = 0 [pid 421] symlink("/dev/binderfs", "./binderfs") = 0 [pid 421] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9da07c7000 [pid 421] mprotect(0x7f9da07c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 421] clone(child_stack=0x7f9da07e73f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[422], tls=0x7f9da07e7700, child_tidptr=0x7f9da07e79d0) = 422 [pid 421] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 422 attached [pid 422] set_robust_list(0x7f9da07e79e0, 24) = 0 [pid 422] memfd_create("syzkaller", 0) = 3 [pid 422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9d983c7000 [pid 422] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 422] munmap(0x7f9d983c7000, 1048576) = 0 [pid 422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 422] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 422] close(3) = 0 [pid 422] mkdir("./file0", 0777) = 0 [pid 422] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 422] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 422] chdir("./file0") = 0 [pid 422] ioctl(4, LOOP_CLR_FD) = 0 [pid 422] close(4) = 0 [pid 422] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7f9da08c07ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] <... futex resumed>) = 1 [pid 422] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4 [pid 422] futex(0x7f9da08c07ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7f9da08c07a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9d984a6000 [pid 421] mprotect(0x7f9d984a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 421] clone(child_stack=0x7f9d984c63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[425], tls=0x7f9d984c6700, child_tidptr=0x7f9d984c69d0) = 425 [pid 421] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] <... futex resumed>) = 1 ./strace-static-x86_64: Process 425 attached [pid 425] set_robust_list(0x7f9d984c69e0, 24) = 0 [pid 425] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 422] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 425] <... write resumed>) = 9 [pid 425] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] <... futex resumed>) = 1 [pid 425] open("./bus", O_RDWR) = 5 [pid 425] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] <... futex resumed>) = 1 [pid 425] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7f9da08c07b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7f9da08c07bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] <... futex resumed>) = 1 [pid 425] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040) = -1 EFAULT (Bad address) [ 23.429210][ T422] loop0: detected capacity change from 0 to 2048 [ 23.444398][ T422] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 23.462290][ T425] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 425] futex(0x7f9da08c07bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] <... futex resumed>) = 0 [ 23.477313][ T422] ------------[ cut here ]------------ [ 23.482979][ T422] kernel BUG at fs/ext4/ext4_jbd2.c:53! [ 23.488465][ T422] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 23.494282][ T422] CPU: 0 PID: 422 Comm: syz-executor211 Not tainted 5.15.94-syzkaller-03204-g5448b2fda85f #0 [ 23.504263][ T422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 23.514159][ T422] RIP: 0010:__ext4_journal_stop+0x1b3/0x1c0 [ 23.519884][ T422] Code: c3 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c f8 fe ff ff e8 21 69 d2 ff 48 ba 00 00 00 00 00 fc ff df e9 e4 fe ff ff e8 5d 2f 91 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 55 48 89 e5 41 57 41 56 41 [ 23.539324][ T422] RSP: 0018:ffffc90000c876d8 EFLAGS: 00010293 [ 23.545226][ T422] RAX: ffffffff81de4263 RBX: ffffffff85d58583 RCX: ffff888118243b40 [ 23.553037][ T422] RDX: 0000000000000000 RSI: 0000000000000331 RDI: ffffffff85d58583 [ 23.560850][ T422] RBP: ffffc90000c87710 R08: ffffffff81e3d17c R09: ffffed10238af1c6 [ 23.568661][ T422] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 23.576471][ T422] R13: 0000000000000000 R14: 0000000000000012 R15: 0000000000000331 [ 23.584282][ T422] FS: 00007f9da07e7700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.593048][ T422] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.599472][ T422] CR2: 00007f9d984c6718 CR3: 000000010cccc000 CR4: 00000000003506b0 [ 23.607284][ T422] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.615093][ T422] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.622906][ T422] Call Trace: [ 23.626034][ T422] [ 23.628809][ T422] ext4_write_inline_data_end+0xa79/0xe30 [ 23.634362][ T422] ? ext4_set_page_dirty+0x1a0/0x1a0 [ 23.639483][ T422] ? resched_curr+0x114/0x1c0 [ 23.643996][ T422] ? put_page+0xc0/0xc0 [ 23.647988][ T422] ? pipe_zero+0x4e0/0x4e0 [ 23.652241][ T422] ext4_da_write_end+0x1d7/0xa20 [ 23.657016][ T422] ? ext4_da_write_begin+0xc30/0xc30 [ 23.662134][ T422] generic_perform_write+0x3b4/0x5a0 [ 23.667257][ T422] ? grab_cache_page_write_begin+0xa0/0xa0 [ 23.672898][ T422] ? update_load_avg+0x43a/0x1150 [ 23.677761][ T422] ? generic_write_checks+0x3b9/0x470 [ 23.682966][ T422] ext4_buffered_write_iter+0x49c/0x630 [ 23.688347][ T422] ext4_file_write_iter+0x443/0x1cc0 [ 23.693466][ T422] ? compat_start_thread+0x20/0x20 [ 23.698415][ T422] ? kvm_sched_clock_read+0x18/0x40 [ 23.703448][ T422] ? sched_clock+0x9/0x10 [ 23.707614][ T422] ? _raw_spin_unlock+0x4d/0x70 [ 23.712301][ T422] ? avc_policy_seqno+0x1b/0x70 [ 23.716987][ T422] ? ext4_file_read_iter+0x4b0/0x4b0 [ 23.722107][ T422] ? fsnotify_perm+0x6a/0x5d0 [ 23.726627][ T422] ? iov_iter_init+0x53/0x190 [ 23.731135][ T422] vfs_write+0xd8a/0x1160 [ 23.735300][ T422] ? __kasan_check_write+0x14/0x20 [ 23.740249][ T422] ? file_end_write+0x1c0/0x1c0 [ 23.744935][ T422] ? mutex_lock+0xb6/0x1e0 [ 23.749187][ T422] ? wait_for_completion_killable_timeout+0x10/0x10 [ 23.755611][ T422] ? __fdget_pos+0x278/0x310 [ 23.760037][ T422] ? ksys_write+0x77/0x2c0 [ 23.764289][ T422] ksys_write+0x199/0x2c0 [ 23.768456][ T422] ? do_notify_parent+0xa30/0xa30 [ 23.773317][ T422] ? __ia32_sys_read+0x90/0x90 [ 23.777915][ T422] ? __kasan_check_read+0x11/0x20 [ 23.782775][ T422] __x64_sys_write+0x7b/0x90 [ 23.787201][ T422] do_syscall_64+0x3d/0xb0 [ 23.791456][ T422] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 23.797182][ T422] RIP: 0033:0x7f9da083b579 [ 23.801437][ T422] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 23.820876][ T422] RSP: 002b:00007f9da07e72f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 23.829123][ T422] RAX: ffffffffffffffda RBX: 00007f9da08c07a0 RCX: 00007f9da083b579 [ 23.836932][ T422] RDX: 0000000000000009 RSI: 0000000020000f80 RDI: 0000000000000004 [ 23.844744][ T422] RBP: 00007f9da088d82c R08: 0000000000000000 R09: 0000000000000000 [ 23.852555][ T422] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9da088d0c0 [ 23.860369][ T422] R13: 0000000020000fc0 R14: 0030656c69662f2e R15: 00007f9da08c07a8 [ 23.868179][ T422] [ 23.871041][ T422] Modules linked in: [ 23.875147][ T422] ---[ end trace 3cd22b257ff0e43d ]--- [ 23.880555][ T422] RIP: 0010:__ext4_journal_stop+0x1b3/0x1c0 [ 23.886449][ T422] Code: c3 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c f8 fe ff ff e8 21 69 d2 ff 48 ba 00 00 00 00 00 fc ff df e9 e4 fe ff ff e8 5d 2f 91 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 55 48 89 e5 41 57 41 56 41 [ 23.906088][ T422] RSP: 0018:ffffc90000c876d8 EFLAGS: 00010293 [ 23.911967][ T422] RAX: ffffffff81de4263 RBX: ffffffff85d58583 RCX: ffff888118243b40 [ 23.920059][ T422] RDX: 0000000000000000 RSI: 0000000000000331 RDI: ffffffff85d58583 [ 23.927907][ T422] RBP: ffffc90000c87710 R08: ffffffff81e3d17c R09: ffffed10238af1c6 [ 23.935671][ T422] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 23.943490][ T422] R13: 0000000000000000 R14: 0000000000000012 R15: 0000000000000331 [ 23.951277][ T422] FS: 00007f9da07e7700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 23.960067][ T422] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.966479][ T422] CR2: 00007f9d984c6718 CR3: 000000010cccc000 CR4: 00000000003506b0 [ 23.974300][ T422] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.982086][ T422] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.989963][ T422] Kernel panic - not syncing: Fatal exception [ 23.995948][ T422] Kernel Offset: disabled [ 24.000075][ T422] Rebooting in 86400 seconds..