./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1363402932 <...> Warning: Permanently added '10.128.1.12' (ED25519) to the list of known hosts. execve("./syz-executor1363402932", ["./syz-executor1363402932"], 0x7fff33040660 /* 10 vars */) = 0 brk(NULL) = 0x5555893a0000 brk(0x5555893a0d40) = 0x5555893a0d40 arch_prctl(ARCH_SET_FS, 0x5555893a03c0) = 0 set_tid_address(0x5555893a0690) = 356 set_robust_list(0x5555893a06a0, 24) = 0 rseq(0x5555893a0ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1363402932", 4096) = 28 getrandom("\x1d\x08\x66\x93\x0c\x3c\xac\xcb", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555893a0d40 brk(0x5555893c1d40) = 0x5555893c1d40 brk(0x5555893c2000) = 0x5555893c2000 mprotect(0x7faaf7bc7000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 357 ./strace-static-x86_64: Process 357 attached [pid 356] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 357] set_robust_list(0x5555893a06a0, 24) = 0 [pid 356] <... clone resumed>, child_tidptr=0x5555893a0690) = 358 ./strace-static-x86_64: Process 358 attached [pid 358] set_robust_list(0x5555893a06a0, 24) = 0 [pid 358] mkdir("./syzkaller.9ie38c", 0700 [pid 356] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 358] <... mkdir resumed>) = 0 [pid 358] chmod("./syzkaller.9ie38c", 0777 [pid 356] <... clone resumed>, child_tidptr=0x5555893a0690) = 359 [pid 358] <... chmod resumed>) = 0 [pid 358] chdir("./syzkaller.9ie38c") = 0 [pid 358] mkdir("./0", 0777 [pid 356] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 358] <... mkdir resumed>) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 360 attached ./strace-static-x86_64: Process 359 attached ) = 3 [pid 357] mkdir("./syzkaller.2pTa9j", 0700 [pid 356] <... clone resumed>, child_tidptr=0x5555893a0690) = 360 [pid 357] <... mkdir resumed>) = 0 [pid 356] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 360] set_robust_list(0x5555893a06a0, 24 [pid 357] chmod("./syzkaller.2pTa9j", 0777 [pid 356] <... clone resumed>, child_tidptr=0x5555893a0690) = 362 [ 23.802290][ T23] audit: type=1400 audit(1738557562.170:66): avc: denied { execmem } for pid=356 comm="syz-executor136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.826321][ T23] audit: type=1400 audit(1738557562.190:67): avc: denied { read write } for pid=358 comm="syz-executor136" name="loop1" dev="devtmpfs" ino=9413 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 359] set_robust_list(0x5555893a06a0, 24 [pid 358] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 362 attached [pid 360] <... set_robust_list resumed>) = 0 [pid 359] <... set_robust_list resumed>) = 0 [pid 357] <... chmod resumed>) = 0 [pid 362] set_robust_list(0x5555893a06a0, 24) = 0 [pid 362] mkdir("./syzkaller.fPvCNQ", 0700 [pid 357] chdir("./syzkaller.2pTa9j" [pid 362] <... mkdir resumed>) = 0 [pid 357] <... chdir resumed>) = 0 [pid 360] mkdir("./syzkaller.l2Y0mL", 0700 [pid 362] chmod("./syzkaller.fPvCNQ", 0777) = 0 [pid 362] chdir("./syzkaller.fPvCNQ") = 0 [pid 362] mkdir("./0", 0777) = 0 [pid 357] mkdir("./0", 0777 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 362] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 362] close(3) = 0 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 357] <... mkdir resumed>) = 0 [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 363 ./strace-static-x86_64: Process 363 attached [pid 360] <... mkdir resumed>) = 0 [pid 359] mkdir("./syzkaller.Vg5mZ3", 0700 [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 360] chmod("./syzkaller.l2Y0mL", 0777 [pid 359] <... mkdir resumed>) = 0 [pid 358] close(3 [pid 357] <... openat resumed>) = 3 [pid 360] <... chmod resumed>) = 0 [pid 358] <... close resumed>) = 0 [pid 357] ioctl(3, LOOP_CLR_FD [pid 360] chdir("./syzkaller.l2Y0mL" [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 360] <... chdir resumed>) = 0 [pid 359] chmod("./syzkaller.Vg5mZ3", 0777 [pid 357] close(3 [pid 360] mkdir("./0", 0777 [pid 359] <... chmod resumed>) = 0 [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 365 [pid 357] <... close resumed>) = 0 [pid 360] <... mkdir resumed>) = 0 [pid 359] chdir("./syzkaller.Vg5mZ3" [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 359] <... chdir resumed>) = 0 [pid 360] <... openat resumed>) = 3 [pid 359] mkdir("./0", 0777 [pid 357] <... clone resumed>, child_tidptr=0x5555893a0690) = 366 [pid 360] ioctl(3, LOOP_CLR_FD [pid 359] <... mkdir resumed>) = 0 [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 360] close(3 [pid 359] <... openat resumed>) = 3 [pid 360] <... close resumed>) = 0 [pid 359] ioctl(3, LOOP_CLR_FD [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 359] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 359] close(3 [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 367 [pid 359] <... close resumed>) = 0 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 368 [ 23.852557][ T23] audit: type=1400 audit(1738557562.210:68): avc: denied { open } for pid=358 comm="syz-executor136" path="/dev/loop1" dev="devtmpfs" ino=9413 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 ./strace-static-x86_64: Process 365 attached ./strace-static-x86_64: Process 366 attached ./strace-static-x86_64: Process 367 attached [pid 366] set_robust_list(0x5555893a06a0, 24 [pid 365] set_robust_list(0x5555893a06a0, 24 [pid 367] set_robust_list(0x5555893a06a0, 24 [pid 366] <... set_robust_list resumed>) = 0 [pid 365] <... set_robust_list resumed>) = 0 [pid 365] chdir("./0" [pid 367] <... set_robust_list resumed>) = 0 [pid 366] chdir("./0" [pid 367] chdir("./0" [pid 366] <... chdir resumed>) = 0 [pid 365] <... chdir resumed>) = 0 [pid 367] <... chdir resumed>) = 0 [pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 366] <... prctl resumed>) = 0 [pid 365] <... prctl resumed>) = 0 [pid 367] setpgid(0, 0 [pid 366] setpgid(0, 0 [pid 365] setpgid(0, 0 [pid 367] <... setpgid resumed>) = 0 [pid 366] <... setpgid resumed>) = 0 [pid 365] <... setpgid resumed>) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 366] <... openat resumed>) = 3 [pid 365] <... openat resumed>) = 3 [pid 367] <... openat resumed>) = 3 [pid 366] write(3, "1000", 4 [pid 367] write(3, "1000", 4 [pid 365] write(3, "1000", 4 [pid 367] <... write resumed>) = 4 [pid 366] <... write resumed>) = 4 [pid 365] <... write resumed>) = 4 [pid 367] close(3 [pid 365] close(3 [pid 367] <... close resumed>) = 0 [pid 366] close(3 [pid 365] <... close resumed>) = 0 [pid 367] symlink("/dev/binderfs", "./binderfs" [pid 366] <... close resumed>) = 0 [pid 365] symlink("/dev/binderfs", "./binderfs" [pid 367] <... symlink resumed>) = 0 [pid 365] <... symlink resumed>) = 0 [pid 366] symlink("/dev/binderfs", "./binderfs"executing program executing program executing program [pid 367] write(1, "executing program\n", 18 [pid 365] write(1, "executing program\n", 18 [pid 366] <... symlink resumed>) = 0 [pid 363] set_robust_list(0x5555893a06a0, 24 [pid 366] write(1, "executing program\n", 18 [pid 365] <... write resumed>) = 18 [pid 367] <... write resumed>) = 18 [pid 367] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] <... write resumed>) = 18 [pid 365] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = 0 [pid 365] <... futex resumed>) = 0 [pid 366] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 366] <... futex resumed>) = 0 [pid 367] <... rt_sigaction resumed>NULL, 8) = 0 [pid 365] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 366] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 365] <... rt_sigaction resumed>NULL, 8) = 0 [pid 367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 366] <... rt_sigaction resumed>NULL, 8) = 0 [pid 367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 365] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 366] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 367] <... mmap resumed>) = 0x7faaf7ae1000 [pid 366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 367] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 365] <... mmap resumed>) = 0x7faaf7ae1000 [pid 367] <... mprotect resumed>) = 0 [pid 366] <... mmap resumed>) = 0x7faaf7ae1000 [pid 365] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 363] <... set_robust_list resumed>) = 0 [pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [pid 366] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 365] <... mprotect resumed>) = 0 [pid 363] chdir("./0" [pid 367] <... rt_sigprocmask resumed>[], 8) = 0 [pid 363] <... chdir resumed>) = 0 [pid 365] rt_sigprocmask(SIG_BLOCK, ~[], [pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 366] <... mprotect resumed>) = 0 [pid 365] <... rt_sigprocmask resumed>[], 8) = 0 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 366] rt_sigprocmask(SIG_BLOCK, ~[], [pid 365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 367] <... clone3 resumed> => {parent_tid=[369]}, 88) = 369 [pid 366] <... rt_sigprocmask resumed>[], 8) = 0 [pid 363] setpgid(0, 0 [pid 367] rt_sigprocmask(SIG_SETMASK, [], [pid 366] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 365] <... clone3 resumed> => {parent_tid=[370]}, 88) = 370 [pid 367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 365] rt_sigprocmask(SIG_SETMASK, [], [pid 363] <... setpgid resumed>) = 0 [pid 367] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] <... clone3 resumed> => {parent_tid=[371]}, 88) = 371 [pid 365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 367] <... futex resumed>) = 0 [pid 366] rt_sigprocmask(SIG_SETMASK, [], [pid 365] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 365] <... futex resumed>) = 0 ./strace-static-x86_64: Process 371 attached ./strace-static-x86_64: Process 369 attached [pid 366] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 371] set_robust_list(0x7faaf7b019a0, 24 [pid 369] set_robust_list(0x7faaf7b019a0, 24 [pid 366] <... futex resumed>) = 0 [pid 363] <... openat resumed>) = 3 [pid 363] write(3, "1000", 4) = 4 [pid 363] close(3) = 0 [pid 371] <... set_robust_list resumed>) = 0 [pid 369] <... set_robust_list resumed>) = 0 [pid 366] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 363] symlink("/dev/binderfs", "./binderfs" [pid 371] rt_sigprocmask(SIG_SETMASK, [], [pid 369] rt_sigprocmask(SIG_SETMASK, [], [pid 363] <... symlink resumed>) = 0 executing program [pid 363] write(1, "executing program\n", 18) = 18 [pid 363] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 363] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 363] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 371] memfd_create("syzkaller", 0 [pid 363] <... clone3 resumed> => {parent_tid=[372]}, 88) = 372 ./strace-static-x86_64: Process 372 attached [pid 369] memfd_create("syzkaller", 0 [pid 363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 363] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 368 attached [pid 371] <... memfd_create resumed>) = 3 [pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 368] set_robust_list(0x5555893a06a0, 24) = 0 [pid 372] set_robust_list(0x7faaf7b019a0, 24 [pid 371] <... mmap resumed>) = 0x7faaef6e1000 [pid 369] <... memfd_create resumed>) = 3 [pid 368] chdir("./0") = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 368] setpgid(0, 0) = 0 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 368] write(3, "1000", 4) = 4 [pid 368] close(3) = 0 [pid 368] symlink("/dev/binderfs", "./binderfs") = 0 ./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 370] memfd_create("syzkaller", 0) = 3 [pid 368] write(1, "executing program\n", 18 [pid 371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576executing program [pid 368] <... write resumed>) = 18 [pid 370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 368] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... mmap resumed>) = 0x7faaef6e1000 [pid 368] <... futex resumed>) = 0 [pid 369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 369] <... mmap resumed>) = 0x7faaef6e1000 [pid 372] <... set_robust_list resumed>) = 0 [pid 368] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 368] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 368] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[373]}, 88) = 373 [pid 368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 368] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 372] rt_sigprocmask(SIG_SETMASK, [], [pid 371] <... write resumed>) = 1048576 [pid 369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 373 attached [pid 373] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 372] memfd_create("syzkaller", 0) = 3 [pid 373] memfd_create("syzkaller", 0) = 3 [pid 372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 372] <... mmap resumed>) = 0x7faaef6e1000 [pid 372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 371] munmap(0x7faaef6e1000, 138412032 [pid 369] <... write resumed>) = 1048576 [pid 371] <... munmap resumed>) = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 23.879725][ T23] audit: type=1400 audit(1738557562.250:69): avc: denied { ioctl } for pid=362 comm="syz-executor136" path="/dev/loop4" dev="devtmpfs" ino=9416 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 371] ioctl(4, LOOP_SET_FD, 3 [pid 370] <... write resumed>) = 1048576 [pid 369] munmap(0x7faaef6e1000, 138412032 [pid 371] <... ioctl resumed>) = 0 [pid 371] close(3) = 0 [pid 369] <... munmap resumed>) = 0 [pid 371] close(4 [pid 369] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 372] <... write resumed>) = 1048576 [pid 372] munmap(0x7faaef6e1000, 138412032) = 0 [pid 372] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 370] munmap(0x7faaef6e1000, 138412032 [pid 373] munmap(0x7faaef6e1000, 138412032 [pid 370] <... munmap resumed>) = 0 [pid 370] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 373] <... munmap resumed>) = 0 [pid 373] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 371] <... close resumed>) = 0 [pid 372] <... openat resumed>) = 4 [pid 369] <... openat resumed>) = 4 [pid 371] mkdir("./file0", 0777 [pid 372] ioctl(4, LOOP_SET_FD, 3 [pid 369] ioctl(4, LOOP_SET_FD, 3 [pid 370] <... openat resumed>) = 4 [pid 371] <... mkdir resumed>) = 0 [pid 371] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 369] <... ioctl resumed>) = 0 [pid 370] ioctl(4, LOOP_SET_FD, 3 [pid 373] <... openat resumed>) = 4 [pid 373] ioctl(4, LOOP_SET_FD, 3 [pid 372] <... ioctl resumed>) = 0 [pid 372] close(3) = 0 [pid 372] close(4 [pid 369] close(3) = 0 [pid 369] close(4 [pid 372] <... close resumed>) = 0 [pid 372] mkdir("./file0", 0777) = 0 [ 23.970344][ T23] audit: type=1400 audit(1738557562.340:70): avc: denied { mounton } for pid=366 comm="syz-executor136" path="/root/syzkaller.2pTa9j/0/file0" dev="sda1" ino=1942 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 372] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 370] <... ioctl resumed>) = 0 [pid 373] <... ioctl resumed>) = 0 [pid 370] close(3 [pid 373] close(3 [pid 370] <... close resumed>) = 0 [pid 373] <... close resumed>) = 0 [pid 370] close(4 [pid 373] close(4 [pid 371] <... mount resumed>) = 0 [pid 371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 371] chdir("./file0") = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 369] <... close resumed>) = 0 [pid 371] <... openat resumed>) = 4 [pid 371] ioctl(4, LOOP_CLR_FD) = 0 [pid 371] close(4) = 0 [pid 371] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] mkdir("./file0", 0777 [pid 371] <... futex resumed>) = 1 [pid 366] <... futex resumed>) = 0 [pid 371] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 366] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 369] <... mkdir resumed>) = 0 [pid 366] <... futex resumed>) = 0 [pid 371] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 369] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 366] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] <... openat resumed>) = 4 [ 24.059250][ T371] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 24.070255][ T23] audit: type=1400 audit(1738557562.440:71): avc: denied { mount } for pid=366 comm="syz-executor136" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 371] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 366] <... futex resumed>) = 0 [pid 371] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 366] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 366] <... futex resumed>) = 0 [pid 371] write(4, "0x0000000000000000", 18 [pid 366] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] <... write resumed>) = 18 [pid 366] <... futex resumed>) = 0 [pid 371] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 371] <... futex resumed>) = 0 [pid 366] <... mmap resumed>) = 0x7faaf7ac0000 [pid 371] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 366] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 366] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 366] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[382]}, 88) = 382 [pid 366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 366] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 366] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 382 attached [pid 382] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 382] write(4, "0x0000000000000000", 18) = 18 [pid 382] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 366] <... futex resumed>) = 0 [pid 382] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 366] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] <... futex resumed>) = 0 [pid 366] <... futex resumed>) = 1 [pid 371] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 366] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] <... mmap resumed>) = 0x20000000 [pid 371] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 366] <... futex resumed>) = 0 [pid 366] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 366] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 382] <... futex resumed>) = ? [pid 366] <... futex resumed>) = ? [pid 382] +++ killed by SIGBUS +++ [pid 371] +++ killed by SIGBUS +++ [pid 366] +++ killed by SIGBUS +++ [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=366, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [ 24.130102][ T23] audit: type=1400 audit(1738557562.500:72): avc: denied { write } for pid=366 comm="syz-executor136" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 24.136987][ T371] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 357] restart_syscall(<... resuming interrupted clone ...> [pid 370] <... close resumed>) = 0 [pid 357] <... restart_syscall resumed>) = 0 [pid 357] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 357] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./0/binderfs") = 0 [pid 357] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 372] <... mount resumed>) = 0 [pid 372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 372] chdir("./file0") = 0 [pid 372] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 370] mkdir("./file0", 0777) = 0 [ 24.152711][ T23] audit: type=1400 audit(1738557562.500:73): avc: denied { add_name } for pid=366 comm="syz-executor136" name="blkio.bfq.avg_queue_size" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 24.171485][ T372] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 24.189422][ T23] audit: type=1400 audit(1738557562.500:74): avc: denied { create } for pid=366 comm="syz-executor136" name="blkio.bfq.avg_queue_size" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [pid 370] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 373] <... close resumed>) = 0 [pid 373] mkdir("./file0", 0777) = 0 [ 24.221788][ T23] audit: type=1400 audit(1738557562.500:75): avc: denied { read append open } for pid=366 comm="syz-executor136" path="/root/syzkaller.2pTa9j/0/file0/blkio.bfq.avg_queue_size" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [pid 373] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 369] <... mount resumed>) = 0 [pid 369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 369] chdir("./file0") = 0 [ 24.279040][ T369] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 369] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 372] <... openat resumed>) = 4 [pid 369] <... openat resumed>) = 4 [pid 357] <... umount2 resumed>) = 0 [pid 357] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 372] ioctl(4, LOOP_CLR_FD) = 0 [pid 357] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(4, [pid 372] close(4 [pid 357] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 372] <... close resumed>) = 0 [pid 357] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] close(4) = 0 [pid 357] rmdir("./0/file0" [pid 372] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... rmdir resumed>) = 0 [pid 372] <... futex resumed>) = 1 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] getdents64(3, [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] close(3) = 0 [pid 372] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 357] rmdir("./0") = 0 [pid 372] <... openat resumed>) = 4 [pid 357] mkdir("./1", 0777 [pid 372] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... mkdir resumed>) = 0 [pid 372] <... futex resumed>) = 1 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 363] <... mmap resumed>) = 0x7faaf7ac0000 [pid 363] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 357] <... openat resumed>) = 3 [pid 372] write(4, "0x0000000000000000", 18 [pid 363] <... mprotect resumed>) = 0 [pid 372] <... write resumed>) = 18 [pid 363] rt_sigprocmask(SIG_BLOCK, ~[], [pid 357] ioctl(3, LOOP_CLR_FD [pid 372] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... rt_sigprocmask resumed>[], 8) = 0 [pid 372] <... futex resumed>) = 0 [pid 363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 372] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 363] <... clone3 resumed> => {parent_tid=[389]}, 88) = 389 [pid 357] close(3 [pid 363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 357] <... close resumed>) = 0 [pid 363] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 363] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... clone resumed>, child_tidptr=0x5555893a0690) = 390 ./strace-static-x86_64: Process 389 attached [pid 389] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 389] write(4, "0x0000000000000000", 18) = 18 [pid 389] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] <... futex resumed>) = 0 [pid 363] <... futex resumed>) = 1 [pid 372] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 363] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] <... mmap resumed>) = 0x20000000 [pid 372] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] <... futex resumed>) = 0 ./strace-static-x86_64: Process 390 attached [pid 369] ioctl(4, LOOP_CLR_FD [pid 363] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] set_robust_list(0x5555893a06a0, 24 [pid 369] <... ioctl resumed>) = 0 [pid 363] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... set_robust_list resumed>) = 0 [pid 369] close(4 [pid 389] <... futex resumed>) = 1 [pid 389] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 390] chdir("./1" [pid 369] <... close resumed>) = 0 [pid 369] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... chdir resumed>) = 0 [pid 369] <... futex resumed>) = 1 [pid 367] <... futex resumed>) = 0 [pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 369] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 367] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] setpgid(0, 0 [pid 369] <... openat resumed>) = 4 [pid 390] <... setpgid resumed>) = 0 [pid 369] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 369] <... futex resumed>) = 1 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] write(3, "1000", 4 [pid 369] write(4, "0x0000000000000000", 18 [pid 390] <... write resumed>) = 4 [pid 369] <... write resumed>) = 18 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] close(3 [pid 367] <... futex resumed>) = 0 [pid 370] <... mount resumed>) = 0 [pid 370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 370] <... openat resumed>) = 3 [pid 370] chdir("./file0") = 0 [pid 370] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 370] ioctl(4, LOOP_CLR_FD) = 0 [pid 370] close(4) = 0 [pid 370] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... futex resumed>) = 0 [pid 365] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 370] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... futex resumed>) = 0 [pid 365] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 365] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[394]}, 88) = 394 [pid 365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 365] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] write(4, "0x0000000000000000", 18) = 18 [pid 370] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 372] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 389] <... futex resumed>) = ? [pid 363] <... futex resumed>) = ? [pid 389] +++ killed by SIGBUS +++ [pid 372] +++ killed by SIGBUS +++ [pid 363] +++ killed by SIGBUS +++ [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=363, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 362] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 394 attached [pid 394] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 394] write(4, "0x0000000000000000", 18) = 18 [pid 394] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... futex resumed>) = 0 [pid 365] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 365] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 0 [pid 370] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 370] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... futex resumed>) = 0 [pid 365] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [ 24.376424][ T372] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.393992][ T370] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 24.411512][ T373] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 394] <... futex resumed>) = 1 [pid 390] <... close resumed>) = 0 [pid 373] <... mount resumed>) = 0 [pid 369] <... futex resumed>) = 0 [pid 367] <... mmap resumed>) = 0x7faaf7ac0000 [pid 390] symlink("/dev/binderfs", "./binderfs" [pid 373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 369] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 362] <... restart_syscall resumed>) = 0 [pid 390] <... symlink resumed>) = 0 [pid 373] <... openat resumed>) = 3 [pid 367] <... mprotect resumed>) = 0 executing program [pid 390] write(1, "executing program\n", 18 [pid 373] chdir("./file0" [pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [pid 390] <... write resumed>) = 18 [pid 373] <... chdir resumed>) = 0 [pid 367] <... rt_sigprocmask resumed>[], 8) = 0 [pid 362] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 394] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 390] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 396 attached [pid 390] <... futex resumed>) = 0 [pid 373] <... openat resumed>) = 4 [pid 394] <... futex resumed>) = 4 [pid 396] set_robust_list(0x7faaf7ae09a0, 24 [pid 390] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 373] ioctl(4, LOOP_CLR_FD [pid 365] <... futex resumed>) = ? [pid 362] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 396] <... set_robust_list resumed>) = 0 [pid 390] <... rt_sigaction resumed>NULL, 8) = 0 [pid 373] <... ioctl resumed>) = 0 [pid 367] <... clone3 resumed> => {parent_tid=[396]}, 88) = 396 [pid 396] rt_sigprocmask(SIG_SETMASK, [], [pid 394] +++ killed by SIGBUS +++ [pid 390] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 373] close(4 [pid 367] rt_sigprocmask(SIG_SETMASK, [], [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./0/binderfs" [pid 373] <... close resumed>) = 0 [pid 362] <... unlink resumed>) = 0 [pid 362] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 396] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 390] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[397]}, 88) = 397 [pid 390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 390] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 397 attached [pid 397] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 397] memfd_create("syzkaller", 0 [pid 373] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] +++ killed by SIGBUS +++ [pid 367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 365] +++ killed by SIGBUS +++ [pid 373] <... futex resumed>) = 1 [pid 367] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... futex resumed>) = 0 [pid 373] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 368] <... futex resumed>) = 0 [pid 367] <... futex resumed>) = 1 [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=365, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 396] write(4, "0x0000000000000000", 18 [pid 368] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] <... write resumed>) = 18 [pid 373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 368] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 367] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... openat resumed>) = 3 [pid 367] <... futex resumed>) = 1 [pid 369] <... futex resumed>) = 0 [pid 373] <... openat resumed>) = 4 [pid 369] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 373] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] <... futex resumed>) = 0 [pid 373] <... futex resumed>) = 1 [pid 369] <... mmap resumed>) = 0x20000000 [pid 368] <... futex resumed>) = 0 [pid 396] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 369] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 369] <... futex resumed>) = 1 [pid 368] <... futex resumed>) = 0 [pid 367] <... futex resumed>) = 0 [pid 373] write(4, "0x0000000000000000", 18 [pid 369] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 368] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] newfstatat(3, "", [pid 373] <... write resumed>) = 18 [pid 368] <... futex resumed>) = 0 [pid 367] <... futex resumed>) = 0 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./0/binderfs") = 0 [pid 358] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 397] <... memfd_create resumed>) = 3 [pid 397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 397] munmap(0x7faaef6e1000, 138412032) = 0 [pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 373] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 368] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[399]}, 88) = 399 [pid 368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 368] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 399 attached [pid 399] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 399] write(4, "0x0000000000000000", 18) = 18 [ 24.419324][ T370] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.452141][ T369] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 399] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] <... futex resumed>) = 0 [pid 368] <... futex resumed>) = 1 [pid 373] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 368] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] <... mmap resumed>) = 0x20000000 [pid 373] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 399] <... futex resumed>) = 1 [pid 369] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 368] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] <... futex resumed>) = ? [pid 367] <... futex resumed>) = ? [pid 368] <... futex resumed>) = 0 [pid 368] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... umount2 resumed>) = 0 [pid 397] <... openat resumed>) = 4 [pid 399] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] +++ killed by SIGBUS +++ [pid 397] ioctl(4, LOOP_SET_FD, 3 [pid 362] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 373] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 399] <... futex resumed>) = ? [pid 368] <... futex resumed>) = ? [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 362] newfstatat(4, "", [pid 369] +++ killed by SIGBUS +++ [pid 367] +++ killed by SIGBUS +++ [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(4, [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=367, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 360] restart_syscall(<... resuming interrupted clone ...> [pid 362] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 362] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 362] close(4) = 0 [pid 362] rmdir("./0/file0") = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 362] close(3) = 0 [pid 362] rmdir("./0") = 0 [pid 362] mkdir("./1", 0777) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 360] <... restart_syscall resumed>) = 0 [pid 360] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 360] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./0/binderfs") = 0 [pid 360] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 399] +++ killed by SIGBUS +++ [pid 373] +++ killed by SIGBUS +++ [pid 368] +++ killed by SIGBUS +++ [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=368, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 359] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 359] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 359] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./0/binderfs") = 0 [ 24.466187][ T373] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 359] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] <... umount2 resumed>) = 0 [pid 358] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 358] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 358] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 358] close(4) = 0 [pid 358] rmdir("./0/file0") = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] close(3) = 0 [pid 397] <... ioctl resumed>) = 0 [pid 358] rmdir("./0" [pid 397] close(3 [pid 362] <... openat resumed>) = 3 [pid 358] <... rmdir resumed>) = 0 [pid 397] <... close resumed>) = 0 [pid 362] ioctl(3, LOOP_CLR_FD [pid 397] close(4 [pid 358] mkdir("./1", 0777) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWRexecuting program executing program [pid 397] <... close resumed>) = 0 [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 360] <... umount2 resumed>) = 0 [pid 358] <... openat resumed>) = 3 [pid 397] mkdir("./file0", 0777 [pid 362] close(3 [pid 360] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] <... close resumed>) = 0 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] ioctl(3, LOOP_CLR_FD [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 360] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 401 [pid 360] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] close(3 [pid 360] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 358] <... close resumed>) = 0 [pid 360] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 360] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 360] getdents64(4, [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 402 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] close(4) = 0 [pid 360] rmdir("./0/file0") = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] close(3) = 0 [pid 360] rmdir("./0") = 0 [pid 360] mkdir("./1", 0777) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 360] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 360] close(3) = 0 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 403 ./strace-static-x86_64: Process 401 attached [pid 401] set_robust_list(0x5555893a06a0, 24) = 0 [pid 401] chdir("./1") = 0 [pid 401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 401] setpgid(0, 0) = 0 [pid 401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 401] write(3, "1000", 4) = 4 [pid 401] close(3) = 0 [pid 401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 401] write(1, "executing program\n", 18) = 18 [pid 401] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 401] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 401] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 401] rt_sigprocmask(SIG_BLOCK, ~[], [pid 397] <... mkdir resumed>) = 0 [pid 401] <... rt_sigprocmask resumed>[], 8) = 0 [pid 401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[404]}, 88) = 404 [pid 401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 403 attached [pid 401] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 403] set_robust_list(0x5555893a06a0, 24) = 0 [pid 403] chdir("./1" [pid 397] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 359] <... umount2 resumed>) = 0 [pid 403] <... chdir resumed>) = 0 [pid 403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 403] setpgid(0, 0) = 0 [pid 403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 403] write(3, "1000", 4) = 4 [pid 403] close(3) = 0 [pid 403] symlink("/dev/binderfs", "./binderfs") = 0 [pid 403] write(1, "executing program\n", 18) = 18 [pid 403] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 403] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 403] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 403] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[405]}, 88) = 405 [pid 403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 403] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 404 attached [pid 404] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 404] memfd_create("syzkaller", 0) = 3 [pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 359] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 405 attached [pid 405] set_robust_list(0x7faaf7b019a0, 24 [pid 359] newfstatat(AT_FDCWD, "./0/file0", [pid 405] <... set_robust_list resumed>) = 0 [pid 405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 405] memfd_create("syzkaller", 0) = 3 [pid 405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 405] <... mmap resumed>) = 0x7faaef6e1000 [pid 359] <... openat resumed>) = 4 [pid 359] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 359] close(4) = 0 [pid 359] rmdir("./0/file0") = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] close(3) = 0 [pid 359] rmdir("./0") = 0 [pid 359] mkdir("./1", 0777) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 359] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 359] close(3) = 0 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 359] <... clone resumed>, child_tidptr=0x5555893a0690) = 408 [pid 404] <... write resumed>) = 1048576 [pid 404] munmap(0x7faaef6e1000, 138412032) = 0 [pid 404] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 404] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x5555893a06a0, 24) = 0 [pid 408] chdir("./1") = 0 [pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 408] setpgid(0, 0) = 0 [pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 408] write(3, "1000", 4) = 4 [pid 408] close(3) = 0 [pid 408] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 408] write(1, "executing program\n", 18) = 18 [pid 408] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 408] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 408] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 408] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 402 attached [], 8) = 0 [pid 405] <... write resumed>) = 1048576 [pid 404] <... ioctl resumed>) = 0 [pid 402] set_robust_list(0x5555893a06a0, 24) = 0 [pid 402] chdir("./1") = 0 [pid 402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 402] setpgid(0, 0) = 0 [pid 402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 402] write(3, "1000", 4) = 4 [pid 402] close(3) = 0 [pid 402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 404] close(3) = 0 [pid 404] close(4executing program [pid 402] write(1, "executing program\n", 18) = 18 [pid 402] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 397] <... mount resumed>) = 0 [pid 408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 405] munmap(0x7faaef6e1000, 138412032 [pid 397] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 402] <... rt_sigaction resumed>NULL, 8) = 0 [pid 402] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 408] <... clone3 resumed> => {parent_tid=[411]}, 88) = 411 [pid 405] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 411 attached [pid 408] rt_sigprocmask(SIG_SETMASK, [], [pid 405] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 397] <... openat resumed>) = 3 [pid 411] set_robust_list(0x7faaf7b019a0, 24 [pid 408] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 402] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 397] chdir("./file0" [pid 408] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 397] <... chdir resumed>) = 0 [pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 402] <... mprotect resumed>) = 0 [pid 411] <... set_robust_list resumed>) = 0 [pid 402] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 411] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 412 attached [pid 411] memfd_create("syzkaller", 0 [pid 404] <... close resumed>) = 0 [pid 402] <... clone3 resumed> => {parent_tid=[412]}, 88) = 412 [pid 412] set_robust_list(0x7faaf7b019a0, 24 [pid 404] mkdir("./file0", 0777 [pid 402] rt_sigprocmask(SIG_SETMASK, [], [pid 412] <... set_robust_list resumed>) = 0 [pid 411] <... memfd_create resumed>) = 3 [pid 411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 404] <... mkdir resumed>) = 0 [pid 412] rt_sigprocmask(SIG_SETMASK, [], [pid 402] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 412] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 404] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 402] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... mmap resumed>) = 0x7faaef6e1000 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 412] memfd_create("syzkaller", 0) = 3 [pid 412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 412] <... write resumed>) = 1048576 [pid 412] munmap(0x7faaef6e1000, 138412032) = 0 [pid 412] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 411] <... write resumed>) = 1048576 [pid 411] munmap(0x7faaef6e1000, 138412032) = 0 [ 24.623867][ T397] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 411] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 405] <... openat resumed>) = 4 [pid 397] <... openat resumed>) = 4 [pid 412] <... openat resumed>) = 4 [pid 411] <... openat resumed>) = 4 [pid 405] ioctl(4, LOOP_SET_FD, 3 [pid 397] ioctl(4, LOOP_CLR_FD) = 0 [pid 397] close(4) = 0 [pid 397] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 390] <... futex resumed>) = 0 [pid 397] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 390] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] ioctl(4, LOOP_SET_FD, 3 [pid 411] ioctl(4, LOOP_SET_FD, 3 [pid 405] <... ioctl resumed>) = 0 [pid 397] <... openat resumed>) = 4 [pid 405] close(3) = 0 [pid 405] close(4 [pid 397] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = 0 [pid 397] <... futex resumed>) = 0 [pid 390] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 397] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 390] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] write(4, "0x0000000000000000", 18 [pid 390] <... futex resumed>) = 0 [pid 390] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... write resumed>) = 18 [pid 390] <... futex resumed>) = 0 [pid 397] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 390] <... mmap resumed>) = 0x7faaf7ac0000 [pid 390] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0}./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x7faaf7ae09a0, 24 [pid 390] <... clone3 resumed> => {parent_tid=[415]}, 88) = 415 [pid 415] <... set_robust_list resumed>) = 0 [pid 390] rt_sigprocmask(SIG_SETMASK, [], [pid 415] rt_sigprocmask(SIG_SETMASK, [], [pid 390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 415] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 390] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] write(4, "0x0000000000000000", 18 [pid 390] <... futex resumed>) = 0 [pid 390] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... write resumed>) = 18 [pid 415] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 415] <... futex resumed>) = 0 [pid 390] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] <... futex resumed>) = 0 [pid 390] <... futex resumed>) = 1 [pid 397] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 390] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 397] <... mmap resumed>) = 0x20000000 [pid 397] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 390] <... futex resumed>) = 0 [pid 397] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 390] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 390] <... futex resumed>) = 0 [pid 390] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 397] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 415] <... futex resumed>) = ? [pid 390] <... futex resumed>) = ? [pid 415] +++ killed by SIGBUS +++ [pid 397] +++ killed by SIGBUS +++ [pid 390] +++ killed by SIGBUS +++ [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=390, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 357] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 357] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 357] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./1/binderfs") = 0 [pid 357] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 404] <... mount resumed>) = 0 [pid 404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 404] chdir("./file0") = 0 [pid 404] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 405] <... close resumed>) = 0 [pid 405] mkdir("./file0", 0777 [pid 412] <... ioctl resumed>) = 0 [pid 405] <... mkdir resumed>) = 0 [pid 412] close(3 [pid 411] <... ioctl resumed>) = 0 [pid 405] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 412] <... close resumed>) = 0 [pid 411] close(3 [pid 412] close(4 [pid 411] <... close resumed>) = 0 [ 24.719731][ T397] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.735389][ T404] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 411] close(4 [pid 404] <... openat resumed>) = 4 [pid 404] ioctl(4, LOOP_CLR_FD [pid 412] <... close resumed>) = 0 [pid 412] mkdir("./file0", 0777) = 0 [pid 412] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 411] <... close resumed>) = 0 [pid 404] <... ioctl resumed>) = 0 [pid 411] mkdir("./file0", 0777 [pid 404] close(4 [pid 357] <... umount2 resumed>) = 0 [pid 404] <... close resumed>) = 0 [pid 411] <... mkdir resumed>) = 0 [pid 404] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 411] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 404] <... futex resumed>) = 1 [pid 401] <... futex resumed>) = 0 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 404] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 401] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 401] <... futex resumed>) = 0 [pid 357] newfstatat(AT_FDCWD, "./1/file0", [pid 404] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 401] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 404] <... openat resumed>) = 4 [pid 357] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 404] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 357] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 357] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] close(4 [pid 404] <... futex resumed>) = 1 [pid 401] <... futex resumed>) = 0 [pid 357] <... close resumed>) = 0 [pid 404] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 401] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 401] <... futex resumed>) = 0 [pid 404] write(4, "0x0000000000000000", 18 [pid 401] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... write resumed>) = 18 [pid 401] <... futex resumed>) = 0 [pid 357] rmdir("./1/file0" [pid 404] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 357] <... rmdir resumed>) = 0 [pid 404] <... futex resumed>) = 0 [pid 401] <... mmap resumed>) = 0x7faaf7ac0000 [pid 404] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 401] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 357] getdents64(3, [pid 401] <... mprotect resumed>) = 0 [pid 401] rt_sigprocmask(SIG_BLOCK, ~[], [pid 357] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 401] <... rt_sigprocmask resumed>[], 8) = 0 [pid 401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 357] close(3) = 0 [pid 401] <... clone3 resumed> => {parent_tid=[422]}, 88) = 422 [pid 401] rt_sigprocmask(SIG_SETMASK, [], [pid 357] rmdir("./1" [pid 401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 401] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... rmdir resumed>) = 0 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] mkdir("./2", 0777) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 357] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 357] close(3) = 0 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 423 ./strace-static-x86_64: Process 423 attached [pid 423] set_robust_list(0x5555893a06a0, 24) = 0 [pid 423] chdir("./2" [pid 405] <... mount resumed>) = 0 [pid 423] <... chdir resumed>) = 0 [pid 405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 405] chdir("./file0") = 0 [pid 405] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 405] ioctl(4, LOOP_CLR_FD) = 0 [pid 405] close(4) = 0 [pid 405] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] <... futex resumed>) = 1 [pid 405] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 405] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 423] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 422 attached [pid 403] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 403] rt_sigprocmask(SIG_BLOCK, ~[], [pid 423] <... prctl resumed>) = 0 [pid 422] set_robust_list(0x7faaf7ae09a0, 24 [pid 423] setpgid(0, 0 [pid 422] <... set_robust_list resumed>) = 0 [pid 403] <... rt_sigprocmask resumed>[], 8) = 0 [pid 423] <... setpgid resumed>) = 0 [pid 422] rt_sigprocmask(SIG_SETMASK, [], [pid 403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 403] <... clone3 resumed> => {parent_tid=[426]}, 88) = 426 [pid 423] write(3, "1000", 4 [pid 422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 403] rt_sigprocmask(SIG_SETMASK, [], [pid 423] <... write resumed>) = 4 [pid 403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 423] close(3 [pid 422] write(4, "0x0000000000000000", 18 [pid 403] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] <... close resumed>) = 0 [pid 422] <... write resumed>) = 18 [pid 403] <... futex resumed>) = 0 [pid 423] symlink("/dev/binderfs", "./binderfs" [pid 422] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] <... futex resumed>) = 1 [pid 423] <... symlink resumed>) = 0 [pid 405] write(4, "0x0000000000000000", 18) = 18 [pid 405] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULLexecuting program ./strace-static-x86_64: Process 426 attached [pid 423] write(1, "executing program\n", 18 [pid 422] <... futex resumed>) = 1 [pid 401] <... futex resumed>) = 0 [pid 423] <... write resumed>) = 18 [pid 422] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 401] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = 0 [pid 401] <... futex resumed>) = 1 [pid 423] <... futex resumed>) = 0 [pid 404] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 401] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 404] <... mmap resumed>) = 0x20000000 [pid 423] <... rt_sigaction resumed>NULL, 8) = 0 [pid 404] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 404] <... futex resumed>) = 1 [pid 401] <... futex resumed>) = 0 [pid 426] set_robust_list(0x7faaf7ae09a0, 24 [pid 423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 412] <... mount resumed>) = 0 [pid 401] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 426] <... set_robust_list resumed>) = 0 [pid 426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 426] write(4, "0x0000000000000000", 18 [pid 412] chdir("./file0") = 0 [pid 426] <... write resumed>) = 18 [pid 412] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 426] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = 0 [pid 403] <... futex resumed>) = 1 [pid 405] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 403] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] <... mmap resumed>) = 0x20000000 [pid 405] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = 1 [pid 423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 412] ioctl(4, LOOP_CLR_FD [pid 404] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 403] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 423] <... mmap resumed>) = 0x7faaf7ae1000 [pid 401] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 24.934993][ T405] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 24.958401][ T412] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 24.965961][ T404] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[427]}, 88) = 427 [pid 423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 423] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 422] <... futex resumed>) = ? [pid 401] <... futex resumed>) = ? [pid 412] <... ioctl resumed>) = 0 [pid 426] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 412] close(4 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... close resumed>) = 0 [pid 422] +++ killed by SIGBUS +++ [pid 412] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] +++ killed by SIGBUS +++ [pid 401] +++ killed by SIGBUS +++ [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=401, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 362] restart_syscall(<... resuming interrupted clone ...> [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... futex resumed>) = 1 [pid 412] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 427 attached [pid 427] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 412] <... openat resumed>) = 4 [pid 411] <... mount resumed>) = 0 [pid 405] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 427] memfd_create("syzkaller", 0 [pid 411] <... openat resumed>) = 3 [pid 403] <... futex resumed>) = ? [pid 426] <... futex resumed>) = ? [pid 411] chdir("./file0" [pid 426] +++ killed by SIGBUS +++ [pid 411] <... chdir resumed>) = 0 [pid 411] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 427] <... memfd_create resumed>) = 3 [pid 411] <... openat resumed>) = 4 [pid 411] ioctl(4, LOOP_CLR_FD) = 0 [pid 427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 411] close(4 [pid 427] <... mmap resumed>) = 0x7faaef6e1000 [pid 412] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... close resumed>) = 0 [pid 405] +++ killed by SIGBUS +++ [pid 403] +++ killed by SIGBUS +++ [pid 411] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 411] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 412] <... futex resumed>) = 1 [pid 412] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 408] <... futex resumed>) = 0 [pid 402] <... futex resumed>) = 0 [pid 427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 362] <... restart_syscall resumed>) = 0 [pid 408] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=403, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 408] <... futex resumed>) = 1 [pid 402] <... futex resumed>) = 1 [pid 408] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] restart_syscall(<... resuming interrupted clone ...> [pid 402] <... futex resumed>) = 0 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 362] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 360] <... restart_syscall resumed>) = 0 [pid 402] <... mmap resumed>) = 0x7faaf7ac0000 [pid 362] <... openat resumed>) = 3 [pid 402] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 411] <... futex resumed>) = 0 [pid 362] newfstatat(3, "", [pid 411] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 402] <... mprotect resumed>) = 0 [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 402] rt_sigprocmask(SIG_BLOCK, ~[], [pid 362] getdents64(3, [pid 402] <... rt_sigprocmask resumed>[], 8) = 0 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 411] <... openat resumed>) = 4 [pid 402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 362] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 412] <... futex resumed>) = 0 [pid 411] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 402] <... clone3 resumed> => {parent_tid=[430]}, 88) = 430 [pid 360] <... openat resumed>) = 3 [pid 402] rt_sigprocmask(SIG_SETMASK, [], [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(3, "", [pid 402] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 362] newfstatat(AT_FDCWD, "./1/binderfs", [pid 402] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 402] <... futex resumed>) = 0 [pid 362] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 412] write(4, "0x0000000000000000", 18 [pid 411] <... futex resumed>) = 1 [pid 408] <... futex resumed>) = 0 [pid 402] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] unlink("./1/binderfs" [pid 360] getdents64(3, [pid 362] <... unlink resumed>) = 0 [pid 412] <... write resumed>) = 18 [pid 411] write(4, "0x0000000000000000", 18 [pid 408] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 412] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... write resumed>) = 18 [pid 408] <... futex resumed>) = 0 [pid 360] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 412] <... futex resumed>) = 0 [pid 411] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 412] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 411] <... futex resumed>) = 0 [pid 408] <... futex resumed>) = 0 [pid 360] newfstatat(AT_FDCWD, "./1/binderfs", [pid 411] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 360] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 408] <... mmap resumed>) = 0x7faaf7ac0000 [pid 408] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 360] unlink("./1/binderfs" [pid 408] <... mprotect resumed>) = 0 [pid 408] rt_sigprocmask(SIG_BLOCK, ~[], [pid 360] <... unlink resumed>) = 0 [pid 408] <... rt_sigprocmask resumed>[], 8) = 0 [pid 408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 360] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 408] <... clone3 resumed> => {parent_tid=[431]}, 88) = 431 [pid 408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 408] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 430 attached [pid 427] <... write resumed>) = 1048576 [pid 427] munmap(0x7faaef6e1000, 138412032) = 0 ./strace-static-x86_64: Process 431 attached [pid 431] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 431] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 431] write(4, "0x0000000000000000", 18 [pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 431] <... write resumed>) = 18 [pid 431] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 408] <... futex resumed>) = 1 [pid 411] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 408] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] <... mmap resumed>) = 0x20000000 [pid 411] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] <... futex resumed>) = 0 [ 24.970991][ T405] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.000603][ T411] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 431] <... futex resumed>) = 1 [pid 430] set_robust_list(0x7faaf7ae09a0, 24 [pid 408] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 430] <... set_robust_list resumed>) = 0 [pid 430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 430] write(4, "0x0000000000000000", 18) = 18 [pid 430] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 402] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] <... futex resumed>) = 1 [pid 430] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... futex resumed>) = 0 [pid 412] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 412] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 402] <... futex resumed>) = 0 [pid 411] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 402] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = ? [pid 431] <... futex resumed>) = ? [pid 431] +++ killed by SIGBUS +++ [pid 411] +++ killed by SIGBUS +++ [pid 408] +++ killed by SIGBUS +++ [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=408, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 359] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 359] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 359] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./1/binderfs") = 0 [pid 359] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 402] <... futex resumed>) = ? [pid 430] <... futex resumed>) = ? [pid 430] +++ killed by SIGBUS +++ [pid 362] <... umount2 resumed>) = 0 [pid 362] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./1/file0", [pid 412] +++ killed by SIGBUS +++ [pid 402] +++ killed by SIGBUS +++ [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=402, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 358] restart_syscall(<... resuming interrupted clone ...> [pid 362] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 362] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 362] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 362] close(4) = 0 [pid 362] rmdir("./1/file0") = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 362] close(3) = 0 [pid 362] rmdir("./1") = 0 [pid 362] mkdir("./2", 0777) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 358] <... restart_syscall resumed>) = 0 [pid 358] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./1/binderfs") = 0 [pid 358] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 427] <... openat resumed>) = 4 [ 25.029516][ T411] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.040334][ T412] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 427] ioctl(4, LOOP_SET_FD, 3executing program ) = 0 [pid 362] <... openat resumed>) = 3 [pid 360] <... umount2 resumed>) = 0 [pid 359] <... umount2 resumed>) = 0 [pid 362] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 362] close(3) = 0 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 433 ./strace-static-x86_64: Process 433 attached [pid 433] set_robust_list(0x5555893a06a0, 24) = 0 [pid 433] chdir("./2") = 0 [pid 433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 433] setpgid(0, 0) = 0 [pid 433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 433] write(3, "1000", 4) = 4 [pid 433] close(3) = 0 [pid 433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 433] write(1, "executing program\n", 18) = 18 [pid 433] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 433] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 433] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 433] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[434]}, 88) = 434 [pid 358] <... umount2 resumed>) = 0 [pid 433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 433] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 434 attached [pid 427] close(3 [pid 360] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 427] <... close resumed>) = 0 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 427] close(4 [pid 360] newfstatat(AT_FDCWD, "./1/file0", [pid 359] newfstatat(AT_FDCWD, "./1/file0", [pid 358] newfstatat(AT_FDCWD, "./1/file0", [pid 427] <... close resumed>) = 0 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 427] mkdir("./file0", 0777 [pid 360] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 427] <... mkdir resumed>) = 0 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 427] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 360] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 359] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 358] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 434] set_robust_list(0x7faaf7b019a0, 24 [pid 360] <... openat resumed>) = 4 [pid 359] <... openat resumed>) = 4 [pid 358] <... openat resumed>) = 4 [pid 360] newfstatat(4, "", [pid 359] newfstatat(4, "", [pid 358] newfstatat(4, "", [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 434] <... set_robust_list resumed>) = 0 [pid 358] getdents64(4, [pid 360] getdents64(4, [pid 359] getdents64(4, [pid 434] rt_sigprocmask(SIG_SETMASK, [], [pid 359] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 358] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 360] getdents64(4, [pid 359] getdents64(4, [pid 358] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] close(4 [pid 359] close(4 [pid 358] close(4 [pid 434] memfd_create("syzkaller", 0 [pid 358] <... close resumed>) = 0 [pid 360] <... close resumed>) = 0 [pid 359] <... close resumed>) = 0 [pid 360] rmdir("./1/file0" [pid 359] rmdir("./1/file0" [pid 358] rmdir("./1/file0" [pid 434] <... memfd_create resumed>) = 3 [pid 434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 360] <... rmdir resumed>) = 0 [pid 359] <... rmdir resumed>) = 0 [pid 358] <... rmdir resumed>) = 0 [pid 359] getdents64(3, [pid 360] getdents64(3, [pid 359] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] getdents64(3, [pid 360] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] close(3 [pid 360] close(3 [pid 359] <... close resumed>) = 0 [pid 358] close(3 [pid 360] <... close resumed>) = 0 [pid 359] rmdir("./1" [pid 360] rmdir("./1" [pid 358] <... close resumed>) = 0 [pid 359] <... rmdir resumed>) = 0 [pid 360] <... rmdir resumed>) = 0 [pid 358] rmdir("./1" [pid 359] mkdir("./2", 0777 [pid 358] <... rmdir resumed>) = 0 [pid 360] mkdir("./2", 0777 [pid 359] <... mkdir resumed>) = 0 [pid 360] <... mkdir resumed>) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 358] mkdir("./2", 0777 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 358] <... mkdir resumed>) = 0 [pid 359] <... openat resumed>) = 3 [pid 360] <... openat resumed>) = 3 [pid 359] ioctl(3, LOOP_CLR_FD [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 360] ioctl(3, LOOP_CLR_FD [pid 359] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 358] ioctl(3, LOOP_CLR_FD [pid 359] close(3 [pid 360] close(3 [pid 359] <... close resumed>) = 0 [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 360] <... close resumed>) = 0 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 358] close(3 [pid 434] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 434] munmap(0x7faaef6e1000, 138412032) = 0 [pid 434] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 434] ioctl(4, LOOP_SET_FD, 3 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 434] <... ioctl resumed>) = 0 [pid 434] close(3) = 0 [pid 434] close(4 [pid 427] <... mount resumed>) = 0 [pid 427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 427] chdir("./file0" [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 439 [pid 359] <... clone resumed>, child_tidptr=0x5555893a0690) = 438 ./strace-static-x86_64: Process 439 attached ./strace-static-x86_64: Process 438 attached [pid 434] <... close resumed>) = 0 [pid 358] <... close resumed>) = 0 [pid 434] mkdir("./file0", 0777 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 427] <... chdir resumed>) = 0 [pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 439] set_robust_list(0x5555893a06a0, 24) = 0 [pid 439] chdir("./2") = 0 [pid 439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 439] setpgid(0, 0) = 0 [pid 439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 434] <... mkdir resumed>) = 0 [pid 439] write(3, "1000", 4) = 4 [pid 439] close(3) = 0 [pid 439] symlink("/dev/binderfs", "./binderfs" [pid 434] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 440 executing program [pid 439] <... symlink resumed>) = 0 [pid 439] write(1, "executing program\n", 18) = 18 [pid 439] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 438] set_robust_list(0x5555893a06a0, 24 [pid 439] <... futex resumed>) = 0 [pid 439] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 ./strace-static-x86_64: Process 440 attached [pid 438] <... set_robust_list resumed>) = 0 [pid 439] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 439] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 440] set_robust_list(0x5555893a06a0, 24 [pid 438] chdir("./2" [pid 439] <... clone3 resumed> => {parent_tid=[441]}, 88) = 441 ./strace-static-x86_64: Process 441 attached [pid 441] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 441] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 440] <... set_robust_list resumed>) = 0 [pid 439] rt_sigprocmask(SIG_SETMASK, [], [pid 438] <... chdir resumed>) = 0 [pid 440] chdir("./2") = 0 [pid 440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 440] setpgid(0, 0) = 0 [pid 440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 438] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 439] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 438] <... prctl resumed>) = 0 [pid 440] <... openat resumed>) = 3 [pid 440] write(3, "1000", 4) = 4 [pid 440] close(3) = 0 [pid 440] symlink("/dev/binderfs", "./binderfs" [pid 439] <... futex resumed>) = 1 [pid 438] setpgid(0, 0 [pid 441] <... futex resumed>) = 0 [pid 441] memfd_create("syzkaller", 0) = 3 [pid 439] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 438] <... setpgid resumed>) = 0 [pid 441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 438] write(3, "1000", 4 [pid 427] <... openat resumed>) = 4 [pid 427] ioctl(4, LOOP_CLR_FD) = 0 [pid 427] close(4) = 0 [pid 427] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 423] <... futex resumed>) = 0 [pid 441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 440] <... symlink resumed>) = 0 [pid 440] write(1, "executing program\n", 18) = 18 [pid 440] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 440] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 440] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 440] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 440] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[442]}, 88) = 442 [pid 440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 440] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 423] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 423] <... futex resumed>) = 1 [pid 427] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 423] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... openat resumed>) = 4 [pid 427] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] <... futex resumed>) = 0 [pid 427] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 423] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 423] <... futex resumed>) = 0 [pid 427] write(4, "0x0000000000000000", 18 [pid 423] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... write resumed>) = 18 [pid 423] <... futex resumed>) = 0 [pid 427] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 427] <... futex resumed>) = 0 [pid 423] <... mmap resumed>) = 0x7faaf7ac0000 [pid 427] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 423] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0}./strace-static-x86_64: Process 442 attached => {parent_tid=[443]}, 88) = 443 [pid 442] set_robust_list(0x7faaf7b019a0, 24 [pid 423] rt_sigprocmask(SIG_SETMASK, [], [pid 442] <... set_robust_list resumed>) = 0 [pid 423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 423] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 442] memfd_create("syzkaller", 0 [pid 438] <... write resumed>) = 4 ./strace-static-x86_64: Process 443 attached [pid 443] set_robust_list(0x7faaf7ae09a0, 24 [pid 438] close(3 [pid 442] <... memfd_create resumed>) = 3 [pid 443] <... set_robust_list resumed>) = 0 [pid 438] <... close resumed>) = 0 [pid 442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 443] rt_sigprocmask(SIG_SETMASK, [], [pid 438] symlink("/dev/binderfs", "./binderfs") = 0 [pid 443] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 438] write(1, "executing program\n", 18 [pid 443] write(4, "0x0000000000000000", 18executing program [pid 438] <... write resumed>) = 18 [pid 443] <... write resumed>) = 18 [pid 438] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 443] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 438] <... futex resumed>) = 0 [pid 438] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 443] <... futex resumed>) = 1 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 438] <... rt_sigaction resumed>NULL, 8) = 0 [pid 427] <... futex resumed>) = 0 [pid 438] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 423] <... futex resumed>) = 1 [pid 427] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 423] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 427] <... mmap resumed>) = 0x20000000 [pid 427] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 427] <... futex resumed>) = 1 [pid 423] <... futex resumed>) = 0 [pid 438] <... mmap resumed>) = 0x7faaf7ae1000 [ 25.209870][ T427] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 427] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 423] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 423] <... futex resumed>) = 0 [pid 438] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 441] <... write resumed>) = 1048576 [pid 441] munmap(0x7faaef6e1000, 138412032) = 0 [pid 441] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 441] ioctl(4, LOOP_SET_FD, 3 [pid 442] <... write resumed>) = 1048576 [pid 443] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 438] <... mprotect resumed>) = 0 [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 423] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] munmap(0x7faaef6e1000, 138412032 [pid 434] <... mount resumed>) = 0 [pid 438] rt_sigprocmask(SIG_BLOCK, ~[], [pid 434] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 434] chdir("./file0" [pid 438] <... rt_sigprocmask resumed>[], 8) = 0 [pid 434] <... chdir resumed>) = 0 [pid 434] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 443] <... futex resumed>) = ? [pid 423] <... futex resumed>) = ? [pid 443] +++ killed by SIGBUS +++ [pid 438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[447]}, 88) = 447 [pid 441] <... ioctl resumed>) = 0 [pid 441] close(3 [pid 438] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 447 attached [pid 442] <... munmap resumed>) = 0 [pid 438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 441] <... close resumed>) = 0 [pid 447] set_robust_list(0x7faaf7b019a0, 24 [pid 442] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 427] +++ killed by SIGBUS +++ [pid 423] +++ killed by SIGBUS +++ [pid 447] <... set_robust_list resumed>) = 0 [pid 442] <... openat resumed>) = 4 [pid 441] close(4 [pid 438] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=423, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 357] restart_syscall(<... resuming interrupted clone ...> [pid 441] <... close resumed>) = 0 [pid 438] <... futex resumed>) = 0 [pid 441] mkdir("./file0", 0777 [pid 438] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 441] <... mkdir resumed>) = 0 [pid 441] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 447] memfd_create("syzkaller", 0) = 3 [pid 447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 442] ioctl(4, LOOP_SET_FD, 3 [pid 434] <... openat resumed>) = 4 [pid 434] ioctl(4, LOOP_CLR_FD [pid 442] <... ioctl resumed>) = 0 [pid 434] <... ioctl resumed>) = 0 [pid 447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 434] close(4 [pid 442] close(3 [pid 434] <... close resumed>) = 0 [pid 357] <... restart_syscall resumed>) = 0 [pid 357] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 434] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 442] <... close resumed>) = 0 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 357] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./2/binderfs" [pid 442] close(4 [pid 434] <... futex resumed>) = 1 [pid 433] <... futex resumed>) = 0 [pid 357] <... unlink resumed>) = 0 [pid 434] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 442] <... close resumed>) = 0 [pid 434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 433] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 442] mkdir("./file0", 0777 [pid 434] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 442] <... mkdir resumed>) = 0 [pid 434] <... openat resumed>) = 4 [pid 433] <... futex resumed>) = 0 [pid 442] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 434] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... futex resumed>) = 0 [pid 433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 434] write(4, "0x0000000000000000", 18 [pid 433] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... write resumed>) = 18 [pid 433] <... futex resumed>) = 0 [pid 434] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 433] <... futex resumed>) = 0 [pid 434] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 433] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 433] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[451]}, 88) = 451 [pid 433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 433] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 25.251078][ T427] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.260733][ T434] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 433] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 451 attached [pid 447] <... write resumed>) = 1048576 [pid 451] set_robust_list(0x7faaf7ae09a0, 24 [pid 447] munmap(0x7faaef6e1000, 138412032) = 0 [pid 447] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 451] <... set_robust_list resumed>) = 0 [pid 451] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 451] write(4, "0x0000000000000000", 18) = 18 [pid 451] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 433] <... futex resumed>) = 1 [pid 434] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 433] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... mmap resumed>) = 0x20000000 [pid 434] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 451] <... futex resumed>) = 1 [pid 447] <... openat resumed>) = 4 [pid 442] <... mount resumed>) = 0 [pid 441] <... mount resumed>) = 0 [pid 433] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] ioctl(4, LOOP_SET_FD, 3 [pid 441] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 441] chdir("./file0") = 0 [pid 441] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 451] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 442] chdir("./file0") = 0 [pid 442] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 447] <... ioctl resumed>) = 0 [pid 441] <... openat resumed>) = 4 [pid 441] ioctl(4, LOOP_CLR_FD) = 0 [pid 441] close(4) = 0 [pid 441] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 447] close(3 [pid 441] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 439] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... close resumed>) = 0 [pid 439] <... futex resumed>) = 0 [pid 447] close(4 [pid 439] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... openat resumed>) = 4 [pid 441] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] write(4, "0x0000000000000000", 18 [pid 439] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... write resumed>) = 18 [pid 439] <... futex resumed>) = 0 [pid 441] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 441] <... futex resumed>) = 0 [pid 439] <... mmap resumed>) = 0x7faaf7ac0000 [pid 441] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[455]}, 88) = 455 [pid 439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 439] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 455 attached [pid 455] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 455] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 455] write(4, "0x0000000000000000", 18) = 18 [pid 455] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 439] <... futex resumed>) = 1 [pid 441] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 439] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... mmap resumed>) = 0x20000000 [pid 441] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 455] <... futex resumed>) = 1 [pid 439] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] <... futex resumed>) = ? [pid 455] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 451] <... futex resumed>) = ? [pid 451] +++ killed by SIGBUS +++ [pid 434] +++ killed by SIGBUS +++ [pid 433] +++ killed by SIGBUS +++ [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=433, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 362] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 362] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./2/binderfs") = 0 [ 25.304168][ T441] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 25.316246][ T442] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 25.319075][ T434] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 362] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 441] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 455] <... futex resumed>) = ? [pid 439] <... futex resumed>) = ? [pid 455] +++ killed by SIGBUS +++ [pid 441] +++ killed by SIGBUS +++ [pid 439] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=439, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 360] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 360] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 360] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./2/binderfs") = 0 [pid 360] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 447] <... close resumed>) = 0 [pid 447] mkdir("./file0", 0777 [pid 442] <... openat resumed>) = 4 [pid 447] <... mkdir resumed>) = 0 [pid 442] ioctl(4, LOOP_CLR_FD [ 25.344716][ T441] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 447] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 360] <... umount2 resumed>) = 0 [pid 360] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 360] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 360] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] close(4) = 0 [pid 360] rmdir("./2/file0") = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] close(3) = 0 [pid 360] rmdir("./2") = 0 [pid 360] mkdir("./3", 0777) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 442] <... ioctl resumed>) = 0 [pid 362] <... umount2 resumed>) = 0 [pid 442] close(4) = 0 [pid 362] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 442] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] <... futex resumed>) = 0 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 442] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 362] newfstatat(AT_FDCWD, "./2/file0", [pid 440] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... umount2 resumed>) = 0 [pid 440] <... futex resumed>) = 1 [pid 357] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 442] <... futex resumed>) = 0 [pid 440] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./2/file0", [pid 442] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 357] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(4, [pid 442] <... openat resumed>) = 4 [pid 357] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 357] getdents64(4, [pid 442] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 442] <... futex resumed>) = 1 [pid 440] <... futex resumed>) = 0 [pid 357] close(4 [pid 440] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... close resumed>) = 0 [pid 442] write(4, "0x0000000000000000", 18 [pid 357] rmdir("./2/file0" [pid 442] <... write resumed>) = 18 [pid 440] <... futex resumed>) = 0 [pid 360] <... openat resumed>) = 3 [pid 357] <... rmdir resumed>) = 0 [pid 442] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] getdents64(3, [pid 442] <... futex resumed>) = 0 [pid 440] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] ioctl(3, LOOP_CLR_FD [pid 357] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] close(3) = 0 [pid 357] rmdir("./2") = 0 [pid 357] mkdir("./3", 0777) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 357] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 357] close(3) = 0 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 458 ./strace-static-x86_64: Process 458 attached [pid 442] write(4, "0x0000000000000000", 18 [pid 440] <... futex resumed>) = 0 [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 458] set_robust_list(0x5555893a06a0, 24 [pid 442] <... write resumed>) = 18 [pid 440] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] close(3 [pid 458] <... set_robust_list resumed>) = 0 [pid 442] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] <... close resumed>) = 0 [pid 458] chdir("./3" [pid 442] <... futex resumed>) = 0 [pid 440] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 458] <... chdir resumed>) = 0 [pid 442] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 440] <... futex resumed>) = 0 [pid 362] <... openat resumed>) = 4 [pid 440] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 442] <... mmap resumed>) = 0x20000000 [pid 362] newfstatat(4, "", [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 459 [pid 458] <... prctl resumed>) = 0 [pid 442] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 442] <... futex resumed>) = 1 [pid 440] <... futex resumed>) = 0 [pid 458] setpgid(0, 0 [pid 442] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 440] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] getdents64(4, [pid 458] <... setpgid resumed>) = 0 [pid 442] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 459 attached [pid 459] set_robust_list(0x5555893a06a0, 24) = 0 [pid 459] chdir("./3") = 0 [pid 459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 459] setpgid(0, 0) = 0 [pid 459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 459] write(3, "1000", 4) = 4 [pid 459] close(3) = 0 [pid 459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 459] write(1, "executing program\n", 18executing program ) = 18 [pid 459] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 459] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 459] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[460]}, 88) = 460 [pid 459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 459] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 447] <... mount resumed>) = 0 [pid 447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 447] chdir("./file0") = 0 [pid 447] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 447] ioctl(4, LOOP_CLR_FD) = 0 [pid 447] close(4) = 0 [pid 447] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 447] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 460 attached [pid 460] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 460] rt_sigprocmask(SIG_SETMASK, [], [pid 438] <... futex resumed>) = 0 [pid 438] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] getdents64(4, [pid 438] <... futex resumed>) = 1 [pid 362] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 438] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] close(4 [pid 458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 362] <... close resumed>) = 0 [pid 362] rmdir("./2/file0" [pid 447] <... futex resumed>) = 0 [pid 362] <... rmdir resumed>) = 0 [pid 458] <... openat resumed>) = 3 [pid 362] getdents64(3, [pid 458] write(3, "1000", 4 [pid 362] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 458] <... write resumed>) = 4 [pid 362] close(3 [pid 447] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 458] close(3 [pid 362] <... close resumed>) = 0 [pid 362] rmdir("./2" [pid 458] <... close resumed>) = 0 [pid 460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 362] <... rmdir resumed>) = 0 executing program [pid 447] <... openat resumed>) = 4 [pid 447] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] symlink("/dev/binderfs", "./binderfs" [pid 438] <... futex resumed>) = 0 [pid 362] mkdir("./3", 0777 [pid 438] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 438] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 438] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 438] rt_sigprocmask(SIG_BLOCK, ~[], [pid 362] <... mkdir resumed>) = 0 [pid 438] <... rt_sigprocmask resumed>[], 8) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 362] <... openat resumed>) = 3 [pid 458] <... symlink resumed>) = 0 [pid 362] ioctl(3, LOOP_CLR_FD [pid 438] <... clone3 resumed> => {parent_tid=[461]}, 88) = 461 [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 458] write(1, "executing program\n", 18 [pid 362] close(3 [pid 438] rt_sigprocmask(SIG_SETMASK, [], [pid 362] <... close resumed>) = 0 [pid 458] <... write resumed>) = 18 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 458] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 438] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 438] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 0 [pid 447] <... futex resumed>) = 1 [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 462 [pid 458] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 447] write(4, "0x0000000000000000", 18) = 18 [pid 447] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 460] memfd_create("syzkaller", 0) = 3 [pid 460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 ./strace-static-x86_64: Process 461 attached [pid 458] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 461] set_robust_list(0x7faaf7ae09a0, 24 [pid 458] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 461] <... set_robust_list resumed>) = 0 [pid 458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 461] rt_sigprocmask(SIG_SETMASK, [], [pid 458] <... mmap resumed>) = 0x7faaf7ae1000 [pid 461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 458] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 461] write(4, "0x0000000000000000", 18 [pid 458] <... mprotect resumed>) = 0 [pid 461] <... write resumed>) = 18 [pid 458] rt_sigprocmask(SIG_BLOCK, ~[], [pid 461] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... rt_sigprocmask resumed>[], 8) = 0 [pid 461] <... futex resumed>) = 1 [pid 438] <... futex resumed>) = 0 [pid 458] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 461] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 438] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 438] <... futex resumed>) = 1 [pid 458] <... clone3 resumed> => {parent_tid=[463]}, 88) = 463 [pid 447] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 438] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] rt_sigprocmask(SIG_SETMASK, [], [pid 447] <... mmap resumed>) = 0x20000000 [pid 458] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 447] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 1 [pid 458] <... futex resumed>) = 0 [pid 438] <... futex resumed>) = 0 [pid 458] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 447] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 438] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 438] <... futex resumed>) = 0 [pid 438] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 462 attached [pid 462] set_robust_list(0x5555893a06a0, 24) = 0 [pid 462] chdir("./3") = 0 [pid 462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 462] setpgid(0, 0) = 0 [pid 462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 462] write(3, "1000", 4) = 4 [pid 462] close(3) = 0 [ 25.534830][ T447] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 25.551814][ T442] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 462] symlink("/dev/binderfs", "./binderfs") = 0 [pid 462] write(1, "executing program\n", 18executing program ) = 18 [pid 462] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 462] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 462] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 462] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[464]}, 88) = 464 [pid 462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 462] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 463 attached [pid 463] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 463] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 463] memfd_create("syzkaller", 0) = 3 [pid 463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 ./strace-static-x86_64: Process 464 attached [pid 442] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 464] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 440] <... futex resumed>) = ? [pid 464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 464] memfd_create("syzkaller", 0 [pid 442] +++ killed by SIGBUS +++ [pid 440] +++ killed by SIGBUS +++ [pid 464] <... memfd_create resumed>) = 3 [pid 447] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=440, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 461] <... futex resumed>) = ? [pid 438] <... futex resumed>) = ? [pid 464] <... mmap resumed>) = 0x7faaef6e1000 [pid 358] restart_syscall(<... resuming interrupted clone ...> [pid 460] <... write resumed>) = 1048576 [pid 460] munmap(0x7faaef6e1000, 138412032) = 0 [pid 460] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 460] ioctl(4, LOOP_SET_FD, 3 [pid 358] <... restart_syscall resumed>) = 0 [pid 358] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./2/binderfs") = 0 [pid 358] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 460] <... ioctl resumed>) = 0 [pid 460] close(3) = 0 [pid 460] close(4) = 0 [pid 460] mkdir("./file0", 0777) = 0 [pid 460] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 464] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 464] <... write resumed>) = 1048576 [pid 464] munmap(0x7faaef6e1000, 138412032 [pid 461] +++ killed by SIGBUS +++ [pid 447] +++ killed by SIGBUS +++ [pid 438] +++ killed by SIGBUS +++ [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=438, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 464] <... munmap resumed>) = 0 [pid 359] restart_syscall(<... resuming interrupted clone ...> [pid 464] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 463] <... write resumed>) = 1048576 [pid 463] munmap(0x7faaef6e1000, 138412032) = 0 [pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 359] <... restart_syscall resumed>) = 0 [pid 359] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 359] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] <... umount2 resumed>) = 0 [pid 359] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./2/binderfs") = 0 [ 25.579001][ T447] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 359] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 464] <... openat resumed>) = 4 [pid 463] <... openat resumed>) = 4 [pid 358] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 464] ioctl(4, LOOP_SET_FD, 3 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 463] ioctl(4, LOOP_SET_FD, 3 [pid 358] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 358] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 358] close(4) = 0 [pid 358] rmdir("./2/file0") = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] close(3) = 0 [pid 358] rmdir("./2") = 0 [pid 358] mkdir("./3", 0777 [pid 460] <... mount resumed>) = 0 [pid 358] <... mkdir resumed>) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 464] <... ioctl resumed>) = 0 [pid 464] close(3) = 0 [pid 464] close(4 [pid 460] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 460] chdir("./file0") = 0 [pid 460] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 464] <... close resumed>) = 0 [pid 464] mkdir("./file0", 0777 [pid 463] <... ioctl resumed>) = 0 [pid 460] <... openat resumed>) = 4 [pid 358] <... openat resumed>) = 3 [pid 463] close(3 [pid 464] <... mkdir resumed>) = 0 [pid 463] <... close resumed>) = 0 [pid 460] ioctl(4, LOOP_CLR_FD [pid 358] ioctl(3, LOOP_CLR_FD [pid 464] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 460] <... ioctl resumed>) = 0 [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 463] close(4) = 0 [pid 463] mkdir("./file0", 0777 [pid 460] close(4 [pid 358] close(3 [pid 463] <... mkdir resumed>) = 0 [pid 463] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 460] <... close resumed>) = 0 [pid 358] <... close resumed>) = 0 [pid 460] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 460] <... futex resumed>) = 1 [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 470 attached [pid 460] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 470 [pid 460] <... openat resumed>) = 4 [pid 460] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 459] <... futex resumed>) = 0 [pid 470] set_robust_list(0x5555893a06a0, 24 [pid 460] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 459] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 459] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 459] rt_sigprocmask(SIG_BLOCK, ~[], [pid 460] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 459] <... rt_sigprocmask resumed>[], 8) = 0 [pid 459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 470] <... set_robust_list resumed>) = 0 [pid 460] write(4, "0x0000000000000000", 18 [pid 459] <... clone3 resumed> => {parent_tid=[472]}, 88) = 472 [pid 459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 459] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] <... write resumed>) = 18 [pid 460] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 472 attached ) = 0 [ 25.635997][ T460] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 472] set_robust_list(0x7faaf7ae09a0, 24 [pid 470] chdir("./3" [pid 460] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] <... chdir resumed>) = 0 [pid 470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 470] setpgid(0, 0) = 0 [pid 470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 472] <... set_robust_list resumed>) = 0 [pid 472] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 472] write(4, "0x0000000000000000", 18) = 18 [pid 470] <... openat resumed>) = 3 [pid 472] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 472] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] write(3, "1000", 4) = 4 [pid 470] close(3) = 0 [pid 470] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 470] write(1, "executing program\n", 18) = 18 [pid 470] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 470] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 470] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 470] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[474]}, 88) = 474 [pid 470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 470] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] <... futex resumed>) = 0 [pid 459] <... futex resumed>) = 1 [pid 460] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 459] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] <... mmap resumed>) = 0x20000000 [pid 460] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 459] <... futex resumed>) = 0 ./strace-static-x86_64: Process 474 attached [pid 464] <... mount resumed>) = 0 [pid 459] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 464] chdir("./file0") = 0 [pid 464] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 474] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 474] memfd_create("syzkaller", 0) = 3 [pid 474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 474] munmap(0x7faaef6e1000, 138412032) = 0 [pid 474] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 464] <... openat resumed>) = 4 [pid 359] <... umount2 resumed>) = 0 [pid 464] ioctl(4, LOOP_CLR_FD [pid 359] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 464] <... ioctl resumed>) = 0 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./2/file0", [pid 464] close(4 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 464] <... close resumed>) = 0 [pid 359] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 472] <... futex resumed>) = ? [pid 464] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = ? [pid 359] <... openat resumed>) = 4 [pid 464] <... futex resumed>) = 1 [pid 462] <... futex resumed>) = 0 [pid 359] newfstatat(4, "", [pid 472] +++ killed by SIGBUS +++ [pid 464] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 462] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 464] <... openat resumed>) = 4 [pid 462] <... futex resumed>) = 0 [pid 359] getdents64(4, [pid 464] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 464] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 359] getdents64(4, [pid 462] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 359] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 460] +++ killed by SIGBUS +++ [pid 459] +++ killed by SIGBUS +++ [pid 359] close(4 [pid 462] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... close resumed>) = 0 [pid 474] <... openat resumed>) = 4 [pid 464] <... futex resumed>) = 0 [pid 462] <... futex resumed>) = 1 [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=459, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 359] rmdir("./2/file0" [pid 464] write(4, "0x0000000000000000", 18 [pid 462] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] restart_syscall(<... resuming interrupted clone ...> [pid 474] ioctl(4, LOOP_SET_FD, 3 [pid 464] <... write resumed>) = 18 [pid 462] <... futex resumed>) = 0 [pid 359] <... rmdir resumed>) = 0 [pid 464] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 464] <... futex resumed>) = 0 [pid 462] <... mmap resumed>) = 0x7faaf7ac0000 [pid 359] getdents64(3, [pid 462] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 462] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 25.690808][ T464] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 25.699780][ T460] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[477]}, 88) = 477 [pid 462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 462] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 477 attached [pid 477] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 477] write(4, "0x0000000000000000", 18) = 18 [pid 477] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 462] <... futex resumed>) = 0 [pid 462] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... futex resumed>) = 1 [pid 477] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 360] <... restart_syscall resumed>) = 0 [pid 464] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 462] <... futex resumed>) = 0 [pid 463] <... mount resumed>) = 0 [pid 462] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] close(3) = 0 [pid 359] rmdir("./2") = 0 [pid 359] mkdir("./3", 0777) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 463] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 463] chdir("./file0") = 0 [pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 359] <... openat resumed>) = 3 [pid 359] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 359] close(3) = 0 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 479 [pid 474] <... ioctl resumed>) = 0 [pid 474] close(3) = 0 [pid 474] close(4 [pid 462] <... futex resumed>) = 0 [pid 462] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 360] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./3/binderfs") = 0 [pid 360] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 479 attached [pid 479] set_robust_list(0x5555893a06a0, 24) = 0 [pid 479] chdir("./3") = 0 [pid 479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 479] setpgid(0, 0) = 0 [pid 479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 479] write(3, "1000", 4) = 4 executing program [pid 479] close(3) = 0 [pid 479] symlink("/dev/binderfs", "./binderfs") = 0 [pid 479] write(1, "executing program\n", 18) = 18 [pid 479] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 479] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 477] <... futex resumed>) = ? [pid 462] <... futex resumed>) = ? [pid 479] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 479] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 479] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[480]}, 88) = 480 [pid 479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 479] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 480 attached [pid 480] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 480] memfd_create("syzkaller", 0) = 3 [pid 480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 477] +++ killed by SIGBUS +++ [pid 464] +++ killed by SIGBUS +++ [pid 462] +++ killed by SIGBUS +++ [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=462, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 362] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 362] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./3/binderfs") = 0 [pid 362] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 480] <... write resumed>) = 1048576 [pid 474] <... close resumed>) = 0 [pid 474] mkdir("./file0", 0777 [pid 463] <... openat resumed>) = 4 [pid 480] munmap(0x7faaef6e1000, 138412032 [pid 463] ioctl(4, LOOP_CLR_FD [pid 480] <... munmap resumed>) = 0 [pid 474] <... mkdir resumed>) = 0 [pid 480] openat(AT_FDCWD, "/dev/loop2", O_RDWR [ 25.734631][ T463] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 25.739370][ T464] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 474] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 463] <... ioctl resumed>) = 0 [pid 463] close(4 [pid 480] <... openat resumed>) = 4 [pid 463] <... close resumed>) = 0 [pid 463] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 463] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 458] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] ioctl(4, LOOP_SET_FD, 3 [pid 463] <... openat resumed>) = 4 [pid 458] <... futex resumed>) = 0 [pid 463] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 463] <... futex resumed>) = 0 [pid 463] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 458] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 458] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] write(4, "0x0000000000000000", 18 [pid 458] <... futex resumed>) = 0 [pid 463] <... write resumed>) = 18 [pid 458] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = 0 [pid 463] <... futex resumed>) = 0 [pid 458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 463] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 458] <... mmap resumed>) = 0x7faaf7ac0000 [pid 458] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 458] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 458] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[483]}, 88) = 483 [pid 458] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 458] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... umount2 resumed>) = 0 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... umount2 resumed>) = 0 [pid 360] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 360] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 360] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] close(4) = 0 [pid 360] rmdir("./3/file0") = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] close(3) = 0 [pid 360] rmdir("./3") = 0 [pid 360] mkdir("./4", 0777) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 360] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 360] close(3) = 0 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 484 [pid 362] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 362] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 362] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 362] close(4) = 0 [pid 362] rmdir("./3/file0") = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 362] close(3) = 0 [pid 362] rmdir("./3") = 0 [pid 362] mkdir("./4", 0777) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 362] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 362] close(3) = 0 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 485 ./strace-static-x86_64: Process 483 attached [pid 483] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 483] write(4, "0x0000000000000000", 18) = 18 [pid 483] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... futex resumed>) = 0 [pid 458] <... futex resumed>) = 1 [pid 463] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 458] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 463] <... mmap resumed>) = 0x20000000 [pid 463] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] <... futex resumed>) = 0 [pid 463] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 458] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 458] <... futex resumed>) = 0 ./strace-static-x86_64: Process 485 attached ./strace-static-x86_64: Process 484 attached [pid 483] <... futex resumed>) = 1 [pid 485] set_robust_list(0x5555893a06a0, 24) = 0 [pid 485] chdir("./4") = 0 [pid 485] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 485] setpgid(0, 0) = 0 [pid 485] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 485] write(3, "1000", 4) = 4 [pid 485] close(3) = 0 [pid 485] symlink("/dev/binderfs", "./binderfs") = 0 [pid 484] set_robust_list(0x5555893a06a0, 24 [pid 483] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 484] <... set_robust_list resumed>) = 0 [pid 484] chdir("./4") = 0 [pid 484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 484] setpgid(0, 0) = 0 [pid 484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 485] write(1, "executing program\n", 18executing program [pid 458] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... openat resumed>) = 3 [pid 463] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 484] write(3, "1000", 4 [pid 480] <... ioctl resumed>) = 0 [pid 458] <... futex resumed>) = ? [pid 483] <... futex resumed>) = ? [pid 485] <... write resumed>) = 18 [pid 485] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 485] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 485] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 485] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 485] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 485] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[488]}, 88) = 488 [pid 485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 485] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 485] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 488 attached [pid 488] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 488] memfd_create("syzkaller", 0) = 3 [pid 488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 480] close(3 [pid 484] <... write resumed>) = 4 [pid 483] +++ killed by SIGBUS +++ [pid 480] <... close resumed>) = 0 [pid 484] close(3 [pid 480] close(4 [pid 463] +++ killed by SIGBUS +++ [pid 458] +++ killed by SIGBUS +++ [pid 484] <... close resumed>) = 0 [pid 480] <... close resumed>) = 0 [pid 480] mkdir("./file0", 0777 [pid 484] symlink("/dev/binderfs", "./binderfs" [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=458, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 480] <... mkdir resumed>) = 0 [pid 357] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 484] <... symlink resumed>) = 0 [pid 357] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 357] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 480] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 357] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./3/binderfs", [pid 484] write(1, "executing program\n", 18 [pid 474] <... mount resumed>) = 0 executing program [pid 357] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 484] <... write resumed>) = 18 [pid 488] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 357] unlink("./3/binderfs" [pid 484] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 474] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 484] <... futex resumed>) = 0 [pid 474] <... openat resumed>) = 3 [pid 357] <... unlink resumed>) = 0 [pid 484] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 357] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 484] <... rt_sigaction resumed>NULL, 8) = 0 [pid 484] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 484] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 484] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 484] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[489]}, 88) = 489 [pid 484] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 484] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 484] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 474] chdir("./file0"./strace-static-x86_64: Process 489 attached [pid 488] <... write resumed>) = 1048576 [pid 488] munmap(0x7faaef6e1000, 138412032) = 0 [pid 488] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 489] set_robust_list(0x7faaf7b019a0, 24 [pid 474] <... chdir resumed>) = 0 [pid 489] <... set_robust_list resumed>) = 0 [pid 489] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 489] memfd_create("syzkaller", 0) = 3 [pid 489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 474] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 489] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 489] munmap(0x7faaef6e1000, 138412032) = 0 [ 25.910632][ T463] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.926926][ T474] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 489] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 480] <... mount resumed>) = 0 [pid 480] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 480] chdir("./file0") = 0 [pid 480] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 488] <... openat resumed>) = 4 [pid 489] <... openat resumed>) = 4 [pid 488] ioctl(4, LOOP_SET_FD, 3 [pid 480] <... openat resumed>) = 4 [pid 474] <... openat resumed>) = 4 [pid 489] ioctl(4, LOOP_SET_FD, 3 [pid 488] <... ioctl resumed>) = 0 [pid 480] ioctl(4, LOOP_CLR_FD [pid 474] ioctl(4, LOOP_CLR_FD [pid 488] close(3 [pid 489] <... ioctl resumed>) = 0 [pid 488] <... close resumed>) = 0 [pid 489] close(3 [pid 488] close(4 [pid 480] <... ioctl resumed>) = 0 [pid 474] <... ioctl resumed>) = 0 [pid 357] <... umount2 resumed>) = 0 [pid 489] <... close resumed>) = 0 [pid 480] close(4 [pid 474] close(4 [pid 489] close(4 [pid 480] <... close resumed>) = 0 [pid 474] <... close resumed>) = 0 [pid 489] <... close resumed>) = 0 [pid 480] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 474] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] mkdir("./file0", 0777 [pid 480] <... futex resumed>) = 1 [pid 479] <... futex resumed>) = 0 [pid 474] <... futex resumed>) = 1 [pid 470] <... futex resumed>) = 0 [pid 489] <... mkdir resumed>) = 0 [pid 480] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 479] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 474] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 470] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 480] <... openat resumed>) = 4 [pid 479] <... futex resumed>) = 0 [pid 474] <... openat resumed>) = 4 [pid 470] <... futex resumed>) = 0 [pid 480] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 474] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 480] <... futex resumed>) = 0 [pid 479] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 474] <... futex resumed>) = 0 [pid 470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 480] write(4, "0x0000000000000000", 18 [pid 479] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 474] write(4, "0x0000000000000000", 18 [pid 470] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] <... write resumed>) = 18 [pid 479] <... futex resumed>) = 0 [pid 474] <... write resumed>) = 18 [pid 470] <... futex resumed>) = 0 [pid 480] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 474] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 480] <... futex resumed>) = 0 [pid 479] <... futex resumed>) = 0 [pid 474] <... futex resumed>) = 0 [pid 470] <... futex resumed>) = 0 [pid 480] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 474] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 479] <... mmap resumed>) = 0x7faaf7ac0000 [pid 470] <... mmap resumed>) = 0x7faaf7ac0000 [pid 479] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 470] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 357] newfstatat(AT_FDCWD, "./3/file0", [pid 479] <... mprotect resumed>) = 0 [pid 470] <... mprotect resumed>) = 0 [pid 488] <... close resumed>) = 0 [pid 479] rt_sigprocmask(SIG_BLOCK, ~[], [pid 470] rt_sigprocmask(SIG_BLOCK, ~[], [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 479] <... rt_sigprocmask resumed>[], 8) = 0 [pid 470] <... rt_sigprocmask resumed>[], 8) = 0 [pid 479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 357] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 488] mkdir("./file0", 0777 [pid 479] <... clone3 resumed> => {parent_tid=[494]}, 88) = 494 [pid 470] <... clone3 resumed> => {parent_tid=[495]}, 88) = 495 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 479] rt_sigprocmask(SIG_SETMASK, [], [pid 470] rt_sigprocmask(SIG_SETMASK, [], [pid 479] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 470] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 357] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 479] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] <... futex resumed>) = 0 [pid 470] <... futex resumed>) = 0 [pid 357] <... openat resumed>) = 4 [pid 479] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 357] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] close(4) = 0 [pid 357] rmdir("./3/file0") = 0 [pid 488] <... mkdir resumed>) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 488] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 357] close(3) = 0 [pid 357] rmdir("./3") = 0 [pid 357] mkdir("./4", 0777) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 357] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 357] close(3) = 0 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 496 ./strace-static-x86_64: Process 494 attached [pid 494] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 494] write(4, "0x0000000000000000", 18) = 18 [pid 494] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] <... futex resumed>) = 0 [pid 479] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] <... futex resumed>) = 0 [pid 479] <... futex resumed>) = 1 [ 25.969281][ T480] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 480] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 479] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 480] <... mmap resumed>) = 0x20000000 [pid 480] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 479] <... futex resumed>) = 0 [pid 480] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 479] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 479] <... futex resumed>) = 0 ./strace-static-x86_64: Process 496 attached ./strace-static-x86_64: Process 495 attached [pid 479] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] <... futex resumed>) = 1 [pid 494] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 496] set_robust_list(0x5555893a06a0, 24 [pid 495] set_robust_list(0x7faaf7ae09a0, 24 [pid 496] <... set_robust_list resumed>) = 0 [pid 495] <... set_robust_list resumed>) = 0 [pid 496] chdir("./4" [pid 495] rt_sigprocmask(SIG_SETMASK, [], [pid 494] <... futex resumed>) = ? [pid 479] <... futex resumed>) = ? [pid 496] <... chdir resumed>) = 0 [pid 495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 496] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 495] write(4, "0x0000000000000000", 18 [pid 496] <... prctl resumed>) = 0 [pid 495] <... write resumed>) = 18 [pid 496] setpgid(0, 0 [pid 495] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... setpgid resumed>) = 0 [pid 495] <... futex resumed>) = 1 [pid 470] <... futex resumed>) = 0 [pid 496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 495] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... openat resumed>) = 3 [pid 474] <... futex resumed>) = 0 [pid 470] <... futex resumed>) = 1 [pid 496] write(3, "1000", 4 [pid 474] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 470] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 496] <... write resumed>) = 4 [pid 474] <... mmap resumed>) = 0x20000000 [pid 496] close(3 [pid 474] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... close resumed>) = 0 [pid 474] <... futex resumed>) = 1 [pid 470] <... futex resumed>) = 0 [pid 496] symlink("/dev/binderfs", "./binderfs" [pid 494] +++ killed by SIGBUS +++ [pid 488] <... mount resumed>) = 0 [pid 470] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... symlink resumed>) = 0 executing program [pid 496] write(1, "executing program\n", 18) = 18 [pid 496] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 496] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 496] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 496] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 496] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[501]}, 88) = 501 [pid 496] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 496] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 480] +++ killed by SIGBUS +++ [pid 479] +++ killed by SIGBUS +++ [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=479, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=1} --- [pid 359] restart_syscall(<... resuming interrupted clone ...> [pid 488] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 488] chdir("./file0") = 0 [pid 488] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 488] ioctl(4, LOOP_CLR_FD) = 0 [pid 488] close(4 [pid 359] <... restart_syscall resumed>) = 0 [pid 359] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 470] <... futex resumed>) = 0 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 501 attached [pid 470] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 26.014501][ T480] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 26.032513][ T488] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 26.037691][ T474] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 359] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./3/binderfs") = 0 [pid 359] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 501] set_robust_list(0x7faaf7b019a0, 24 [pid 488] <... close resumed>) = 0 [pid 488] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 485] <... futex resumed>) = 0 [pid 485] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 485] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = 1 [pid 488] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 501] <... set_robust_list resumed>) = 0 [pid 501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 474] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 489] <... mount resumed>) = 0 [pid 501] memfd_create("syzkaller", 0 [pid 470] <... futex resumed>) = ? [pid 495] <... futex resumed>) = ? [pid 488] <... openat resumed>) = 4 [pid 501] <... memfd_create resumed>) = 3 [pid 501] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 488] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 485] <... futex resumed>) = 0 [pid 495] +++ killed by SIGBUS +++ [pid 485] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... mmap resumed>) = 0x7faaef6e1000 [pid 485] <... futex resumed>) = 0 [pid 485] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 485] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 485] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 485] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[502]}, 88) = 502 [pid 485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 474] +++ killed by SIGBUS +++ [pid 470] +++ killed by SIGBUS +++ [pid 485] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 485] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = 1 [pid 488] write(4, "0x0000000000000000", 18) = 18 [pid 488] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 502 attached [pid 502] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 502] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 502] write(4, "0x0000000000000000", 18) = 18 [pid 502] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 485] <... futex resumed>) = 0 [pid 485] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 485] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = 0 [pid 488] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 488] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 485] <... futex resumed>) = 0 [pid 485] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 485] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = 1 [pid 502] <... futex resumed>) = 1 [pid 501] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 489] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=470, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 358] restart_syscall(<... resuming interrupted clone ...> [pid 501] <... write resumed>) = 1048576 [pid 502] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 489] <... openat resumed>) = 3 [pid 489] chdir("./file0") = 0 [pid 489] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 358] <... restart_syscall resumed>) = 0 [pid 358] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./3/binderfs") = 0 [pid 358] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 489] <... openat resumed>) = 4 [pid 489] ioctl(4, LOOP_CLR_FD) = 0 [pid 489] close(4) = 0 [pid 489] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] munmap(0x7faaef6e1000, 138412032) = 0 [pid 501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 501] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 501] close(3) = 0 [pid 501] close(4 [pid 484] <... futex resumed>) = 0 [pid 484] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 484] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... futex resumed>) = 0 [pid 489] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 489] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 484] <... futex resumed>) = 0 [pid 484] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 484] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 484] <... futex resumed>) = 0 [pid 484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 502] <... futex resumed>) = ? [pid 484] <... mmap resumed>) = 0x7faaf7ac0000 [pid 484] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 484] rt_sigprocmask(SIG_BLOCK, ~[], [pid 485] <... futex resumed>) = ? [pid 484] <... rt_sigprocmask resumed>[], 8) = 0 [pid 484] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0}./strace-static-x86_64: Process 504 attached [pid 502] +++ killed by SIGBUS +++ [pid 489] write(4, "0x0000000000000000", 18 [pid 484] <... clone3 resumed> => {parent_tid=[504]}, 88) = 504 [pid 484] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 489] <... write resumed>) = 18 [pid 484] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] <... futex resumed>) = 0 [pid 484] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 504] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 504] write(4, "0x0000000000000000", 18) = 18 [pid 504] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] <... futex resumed>) = 0 [pid 484] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 484] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... futex resumed>) = 0 [pid 489] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 504] <... futex resumed>) = 1 [pid 504] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 489] <... mmap resumed>) = 0x20000000 [pid 488] +++ killed by SIGBUS +++ [pid 485] +++ killed by SIGBUS +++ [pid 489] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=485, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 489] <... futex resumed>) = 1 [pid 484] <... futex resumed>) = 0 [pid 362] restart_syscall(<... resuming interrupted clone ...> [pid 484] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 484] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... restart_syscall resumed>) = 0 [pid 362] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./4/binderfs") = 0 [pid 362] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 489] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 484] <... futex resumed>) = ? [pid 504] <... futex resumed>) = ? [pid 489] +++ killed by SIGBUS +++ [pid 504] +++ killed by SIGBUS +++ [pid 484] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=484, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 360] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 360] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 360] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./4/binderfs") = 0 [pid 360] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 501] <... close resumed>) = 0 [pid 501] mkdir("./file0", 0777) = 0 [ 26.059038][ T489] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 26.074403][ T488] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 26.095492][ T489] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 501] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 359] <... umount2 resumed>) = 0 [pid 358] <... umount2 resumed>) = 0 [pid 358] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 358] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 358] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 358] close(4) = 0 [pid 358] rmdir("./3/file0") = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] close(3) = 0 [pid 358] rmdir("./3") = 0 [pid 358] mkdir("./4", 0777) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 358] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 358] close(3 [pid 362] <... umount2 resumed>) = 0 [pid 360] <... umount2 resumed>) = 0 [pid 359] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] <... close resumed>) = 0 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 362] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 506 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./3/file0", ./strace-static-x86_64: Process 506 attached [pid 506] set_robust_list(0x5555893a06a0, 24) = 0 [pid 506] chdir("./4" [pid 362] newfstatat(AT_FDCWD, "./4/file0", [pid 360] newfstatat(AT_FDCWD, "./4/file0", [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 506] <... chdir resumed>) = 0 [pid 359] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 506] setpgid(0, 0) = 0 [pid 506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 506] <... openat resumed>) = 3 [pid 506] write(3, "1000", 4) = 4 [pid 506] close(3) = 0 [pid 506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 362] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] <... openat resumed>) = 4 executing program [pid 506] write(1, "executing program\n", 18 [pid 362] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 359] newfstatat(4, "", [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 506] <... write resumed>) = 18 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] <... openat resumed>) = 4 [pid 360] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 359] getdents64(4, [pid 506] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 362] newfstatat(4, "", [pid 359] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 360] <... openat resumed>) = 4 [pid 359] getdents64(4, [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] newfstatat(4, "", [pid 359] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 362] getdents64(4, [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] close(4 [pid 362] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 360] getdents64(4, [pid 359] <... close resumed>) = 0 [pid 362] getdents64(4, [pid 360] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] rmdir("./3/file0" [pid 506] <... rt_sigaction resumed>NULL, 8) = 0 [pid 362] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] getdents64(4, [pid 359] <... rmdir resumed>) = 0 [pid 362] close(4 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 362] <... close resumed>) = 0 [pid 360] close(4 [pid 359] close(3 [pid 362] rmdir("./4/file0" [pid 360] <... close resumed>) = 0 [pid 359] <... close resumed>) = 0 [pid 506] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 359] rmdir("./3" [pid 506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 506] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 506] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 506] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[507]}, 88) = 507 [pid 359] <... rmdir resumed>) = 0 [pid 506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 362] <... rmdir resumed>) = 0 [pid 359] mkdir("./4", 0777 [pid 506] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 362] getdents64(3, [pid 360] rmdir("./4/file0" [pid 359] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 507 attached [pid 362] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] <... rmdir resumed>) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 362] close(3 [pid 360] getdents64(3, [pid 359] <... openat resumed>) = 3 [pid 362] <... close resumed>) = 0 [pid 360] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] ioctl(3, LOOP_CLR_FD [pid 362] rmdir("./4" [pid 360] close(3 [pid 359] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 362] <... rmdir resumed>) = 0 [pid 360] <... close resumed>) = 0 [pid 359] close(3 [pid 362] mkdir("./5", 0777 [pid 360] rmdir("./4" [pid 359] <... close resumed>) = 0 [pid 362] <... mkdir resumed>) = 0 [pid 360] <... rmdir resumed>) = 0 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 360] mkdir("./5", 0777 [pid 362] <... openat resumed>) = 3 [pid 360] <... mkdir resumed>) = 0 [pid 359] <... clone resumed>, child_tidptr=0x5555893a0690) = 510 [pid 362] ioctl(3, LOOP_CLR_FD [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 360] <... openat resumed>) = 3 [pid 362] close(3 [pid 360] ioctl(3, LOOP_CLR_FD [pid 362] <... close resumed>) = 0 [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 360] close(3) = 0 [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 511 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 512 [pid 507] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 507] memfd_create("syzkaller", 0) = 3 [pid 507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 507] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 512 attached [pid 512] set_robust_list(0x5555893a06a0, 24) = 0 [pid 512] chdir("./5") = 0 [pid 512] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 512] setpgid(0, 0) = 0 [pid 512] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 512] write(3, "1000", 4) = 4 [pid 512] close(3) = 0 [pid 512] symlink("/dev/binderfs", "./binderfs") = 0 [pid 512] write(1, "executing program\n", 18executing program ) = 18 [pid 512] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 510 attached ./strace-static-x86_64: Process 511 attached ) = 0 [pid 512] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 512] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 512] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 512] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 511] set_robust_list(0x5555893a06a0, 24 [pid 510] set_robust_list(0x5555893a06a0, 24 [pid 512] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 512] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[513]}, 88) = 513 [pid 512] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 512] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 511] <... set_robust_list resumed>) = 0 [pid 510] <... set_robust_list resumed>) = 0 [pid 511] chdir("./5" [pid 510] chdir("./4" [pid 511] <... chdir resumed>) = 0 [pid 510] <... chdir resumed>) = 0 [pid 511] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 510] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 511] <... prctl resumed>) = 0 [pid 510] <... prctl resumed>) = 0 [pid 511] setpgid(0, 0 [pid 510] setpgid(0, 0 [pid 511] <... setpgid resumed>) = 0 [pid 501] <... mount resumed>) = 0 [pid 510] <... setpgid resumed>) = 0 [pid 511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 511] <... openat resumed>) = 3 ./strace-static-x86_64: Process 513 attached [pid 511] write(3, "1000", 4 [pid 510] <... openat resumed>) = 3 [pid 501] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 513] set_robust_list(0x7faaf7b019a0, 24 [pid 511] <... write resumed>) = 4 [pid 510] write(3, "1000", 4 [pid 501] <... openat resumed>) = 3 [pid 513] <... set_robust_list resumed>) = 0 [pid 511] close(3 [pid 510] <... write resumed>) = 4 [pid 501] chdir("./file0" [pid 513] rt_sigprocmask(SIG_SETMASK, [], [pid 511] <... close resumed>) = 0 [pid 510] close(3 [pid 513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 511] symlink("/dev/binderfs", "./binderfs" [pid 510] <... close resumed>) = 0 [pid 501] <... chdir resumed>) = 0 [pid 511] <... symlink resumed>) = 0 [pid 510] symlink("/dev/binderfs", "./binderfs" [pid 511] write(1, "executing program\n", 18 [pid 501] openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program executing program [pid 510] <... symlink resumed>) = 0 [pid 511] <... write resumed>) = 18 [pid 510] write(1, "executing program\n", 18 [pid 511] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] <... write resumed>) = 18 [pid 511] <... futex resumed>) = 0 [pid 501] <... openat resumed>) = 4 [pid 510] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 501] ioctl(4, LOOP_CLR_FD [pid 510] <... futex resumed>) = 0 [pid 511] <... rt_sigaction resumed>NULL, 8) = 0 [pid 501] <... ioctl resumed>) = 0 [pid 513] memfd_create("syzkaller", 0 [pid 511] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 510] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 501] close(4 [pid 513] <... memfd_create resumed>) = 3 [pid 511] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 510] <... rt_sigaction resumed>NULL, 8) = 0 [pid 501] <... close resumed>) = 0 [pid 507] <... write resumed>) = 1048576 [pid 507] munmap(0x7faaef6e1000, 138412032) = 0 [pid 507] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 507] ioctl(4, LOOP_SET_FD, 3 [pid 511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 510] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 511] <... mmap resumed>) = 0x7faaf7ae1000 [pid 510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 501] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 511] <... mprotect resumed>) = 0 [pid 501] <... futex resumed>) = 1 [pid 496] <... futex resumed>) = 0 [pid 510] <... mmap resumed>) = 0x7faaf7ae1000 [pid 511] rt_sigprocmask(SIG_BLOCK, ~[], [pid 510] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 496] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 511] <... rt_sigprocmask resumed>[], 8) = 0 [pid 510] <... mprotect resumed>) = 0 [pid 496] <... futex resumed>) = 0 [pid 511] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 510] rt_sigprocmask(SIG_BLOCK, ~[], [pid 496] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] <... rt_sigprocmask resumed>[], 8) = 0 [pid 511] <... clone3 resumed> => {parent_tid=[514]}, 88) = 514 [pid 510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 511] rt_sigprocmask(SIG_SETMASK, [], [pid 513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 511] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 510] <... clone3 resumed> => {parent_tid=[515]}, 88) = 515 [pid 501] <... openat resumed>) = 4 ./strace-static-x86_64: Process 515 attached ./strace-static-x86_64: Process 514 attached [pid 513] <... mmap resumed>) = 0x7faaef6e1000 [pid 511] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] rt_sigprocmask(SIG_SETMASK, [], [pid 501] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 507] <... ioctl resumed>) = 0 [pid 510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 510] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 510] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 501] <... futex resumed>) = 1 [pid 496] <... futex resumed>) = 0 [pid 501] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 496] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... futex resumed>) = 0 [pid 501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 496] <... futex resumed>) = 0 [pid 501] write(4, "0x0000000000000000", 18 [pid 496] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... write resumed>) = 18 [pid 496] <... futex resumed>) = 0 [pid 501] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 501] <... futex resumed>) = 0 [pid 496] <... mmap resumed>) = 0x7faaf7ac0000 [pid 501] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 496] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 496] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 514] set_robust_list(0x7faaf7b019a0, 24 [pid 511] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 507] close(3 [pid 496] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 514] <... set_robust_list resumed>) = 0 [pid 507] <... close resumed>) = 0 [pid 514] rt_sigprocmask(SIG_SETMASK, [], [pid 507] close(4 [pid 496] <... clone3 resumed> => {parent_tid=[517]}, 88) = 517 [pid 514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 507] <... close resumed>) = 0 [pid 496] rt_sigprocmask(SIG_SETMASK, [], [pid 507] mkdir("./file0", 0777 [pid 496] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 514] memfd_create("syzkaller", 0 [pid 496] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 517 attached [pid 507] <... mkdir resumed>) = 0 [pid 514] <... memfd_create resumed>) = 3 [pid 507] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 517] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 515] set_robust_list(0x7faaf7b019a0, 24 [pid 514] <... mmap resumed>) = 0x7faaef6e1000 [pid 513] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 517] write(4, "0x0000000000000000", 18) = 18 [ 26.309472][ T501] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 517] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = 0 [pid 496] <... futex resumed>) = 1 [pid 501] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 496] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... mmap resumed>) = 0x20000000 [pid 501] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 496] <... futex resumed>) = 0 [pid 515] <... set_robust_list resumed>) = 0 [pid 514] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 513] <... write resumed>) = 1048576 [pid 496] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 515] rt_sigprocmask(SIG_SETMASK, [], [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 517] <... futex resumed>) = 1 [pid 517] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 517] <... futex resumed>) = ? [pid 496] <... futex resumed>) = ? [pid 517] +++ killed by SIGBUS +++ [pid 501] +++ killed by SIGBUS +++ [pid 496] +++ killed by SIGBUS +++ [pid 515] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 514] <... write resumed>) = 1048576 [pid 513] munmap(0x7faaef6e1000, 138412032 [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=496, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 515] memfd_create("syzkaller", 0 [pid 514] munmap(0x7faaef6e1000, 138412032 [pid 515] <... memfd_create resumed>) = 3 [pid 515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 357] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 515] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 514] <... munmap resumed>) = 0 [pid 513] <... munmap resumed>) = 0 [pid 507] <... mount resumed>) = 0 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 357] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 514] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 513] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 507] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 357] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 514] <... openat resumed>) = 4 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./4/binderfs", [pid 514] ioctl(4, LOOP_SET_FD, 3 [pid 513] <... openat resumed>) = 4 [pid 357] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./4/binderfs") = 0 [pid 357] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 513] ioctl(4, LOOP_SET_FD, 3 [pid 507] <... openat resumed>) = 3 [pid 514] <... ioctl resumed>) = 0 [pid 514] close(3 [pid 507] chdir("./file0" [pid 514] <... close resumed>) = 0 [pid 513] <... ioctl resumed>) = 0 [pid 514] close(4) = 0 [pid 513] close(3 [pid 514] mkdir("./file0", 0777 [pid 513] <... close resumed>) = 0 [pid 514] <... mkdir resumed>) = 0 [pid 513] close(4 [pid 514] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 507] <... chdir resumed>) = 0 [pid 507] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 515] <... write resumed>) = 1048576 [pid 515] munmap(0x7faaef6e1000, 138412032) = 0 [ 26.352634][ T501] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 26.378983][ T507] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 515] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 513] <... close resumed>) = 0 [pid 357] <... umount2 resumed>) = 0 [pid 513] mkdir("./file0", 0777) = 0 [pid 507] <... openat resumed>) = 4 [pid 513] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 507] ioctl(4, LOOP_CLR_FD) = 0 [pid 507] close(4) = 0 [pid 507] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 506] <... futex resumed>) = 0 [pid 507] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 357] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 506] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 357] newfstatat(AT_FDCWD, "./4/file0", [pid 506] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 507] <... openat resumed>) = 4 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 357] newfstatat(4, "", [pid 507] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 357] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] close(4) = 0 [pid 357] rmdir("./4/file0") = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] close(3) = 0 [pid 357] rmdir("./4") = 0 [pid 357] mkdir("./5", 0777) = 0 [pid 507] <... futex resumed>) = 1 [pid 506] <... futex resumed>) = 0 [pid 507] write(4, "0x0000000000000000", 18 [pid 506] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 507] <... write resumed>) = 18 [pid 506] <... futex resumed>) = 0 [pid 507] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] <... futex resumed>) = 0 [pid 506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 507] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 506] <... mmap resumed>) = 0x7faaf7ac0000 [pid 506] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 506] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 506] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[523]}, 88) = 523 [pid 506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 506] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 506] <... futex resumed>) = 0 [pid 506] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... openat resumed>) = 3 [pid 357] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 357] close(3) = 0 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 524 ./strace-static-x86_64: Process 524 attached [pid 524] set_robust_list(0x5555893a06a0, 24) = 0 [pid 524] chdir("./5"executing program ) = 0 [pid 524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 524] setpgid(0, 0) = 0 [pid 524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 524] write(3, "1000", 4) = 4 [pid 524] close(3) = 0 [pid 524] symlink("/dev/binderfs", "./binderfs") = 0 [pid 524] write(1, "executing program\n", 18) = 18 [pid 524] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 524] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 524] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 523 attached [pid 515] <... openat resumed>) = 4 [pid 524] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 524] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[527]}, 88) = 527 [pid 524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 524] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 527 attached [pid 527] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 527] memfd_create("syzkaller", 0) = 3 [pid 527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 527] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 523] set_robust_list(0x7faaf7ae09a0, 24 [pid 515] ioctl(4, LOOP_SET_FD, 3 [pid 514] <... mount resumed>) = 0 [pid 523] <... set_robust_list resumed>) = 0 [pid 523] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 523] write(4, "0x0000000000000000", 18) = 18 [pid 523] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 506] <... futex resumed>) = 0 [pid 523] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 506] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 507] <... futex resumed>) = 0 [pid 506] <... futex resumed>) = 1 [pid 507] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 506] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... mmap resumed>) = 0x20000000 [pid 507] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 506] <... futex resumed>) = 0 [pid 527] <... write resumed>) = 1048576 [pid 515] <... ioctl resumed>) = 0 [pid 514] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 513] <... mount resumed>) = 0 [pid 506] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 515] close(3) = 0 [pid 515] close(4 [pid 513] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 513] chdir("./file0") = 0 [pid 513] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 514] <... openat resumed>) = 3 [pid 514] chdir("./file0") = 0 [pid 514] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 527] munmap(0x7faaef6e1000, 138412032) = 0 [pid 527] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 506] <... futex resumed>) = 0 [pid 506] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 523] <... futex resumed>) = ? [pid 506] <... futex resumed>) = ? [pid 523] +++ killed by SIGBUS +++ [pid 507] +++ killed by SIGBUS +++ [pid 506] +++ killed by SIGBUS +++ [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=506, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 358] restart_syscall(<... resuming interrupted clone ...> [pid 515] <... close resumed>) = 0 [pid 515] mkdir("./file0", 0777) = 0 [pid 358] <... restart_syscall resumed>) = 0 [pid 515] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 358] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./4/binderfs") = 0 [ 26.452006][ T514] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 26.458035][ T513] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 26.465601][ T507] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 358] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 513] <... openat resumed>) = 4 [pid 513] ioctl(4, LOOP_CLR_FD) = 0 [pid 513] close(4) = 0 [pid 513] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 512] <... futex resumed>) = 0 [pid 512] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] <... openat resumed>) = 4 [pid 514] ioctl(4, LOOP_CLR_FD) = 0 [pid 514] close(4 [pid 513] <... futex resumed>) = 0 [pid 512] <... futex resumed>) = 1 [pid 513] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 512] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... openat resumed>) = 4 [pid 513] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 514] <... close resumed>) = 0 [pid 514] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... futex resumed>) = 1 [pid 514] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 514] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 512] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 511] <... mmap resumed>) = 0x7faaf7ac0000 [pid 511] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 512] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... mprotect resumed>) = 0 [pid 512] <... futex resumed>) = 1 [pid 511] rt_sigprocmask(SIG_BLOCK, ~[], [pid 512] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... rt_sigprocmask resumed>[], 8) = 0 [pid 512] <... futex resumed>) = 0 [pid 511] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 512] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 511] <... clone3 resumed> => {parent_tid=[531]}, 88) = 531 [pid 514] <... futex resumed>) = 1 [pid 513] <... futex resumed>) = 0 [pid 512] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 511] rt_sigprocmask(SIG_SETMASK, [], [pid 514] write(4, "0x0000000000000000", 18 [pid 513] write(4, "0x0000000000000000", 18 [pid 512] <... mprotect resumed>) = 0 [pid 511] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 514] <... write resumed>) = 18 [pid 513] <... write resumed>) = 18 [pid 512] rt_sigprocmask(SIG_BLOCK, ~[], [pid 511] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] <... rt_sigprocmask resumed>[], 8) = 0 [pid 511] <... futex resumed>) = 0 [pid 514] <... futex resumed>) = 0 [pid 513] <... futex resumed>) = 0 [pid 512] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 511] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 513] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 512] <... clone3 resumed> => {parent_tid=[532]}, 88) = 532 [pid 512] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 532 attached [pid 532] set_robust_list(0x7faaf7ae09a0, 24 [pid 512] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 532] <... set_robust_list resumed>) = 0 [pid 512] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] rt_sigprocmask(SIG_SETMASK, [], [pid 512] <... futex resumed>) = 0 [pid 512] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 532] write(4, "0x0000000000000000", 18) = 18 [pid 532] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] <... futex resumed>) = 0 [pid 512] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 512] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... futex resumed>) = 1 [pid 532] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 513] <... futex resumed>) = 0 ./strace-static-x86_64: Process 531 attached [pid 527] <... openat resumed>) = 4 [pid 513] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 527] ioctl(4, LOOP_SET_FD, 3 [pid 513] <... mmap resumed>) = 0x20000000 [pid 513] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 513] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 531] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 531] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 531] write(4, "0x0000000000000000", 18) = 18 [pid 531] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 531] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 512] <... futex resumed>) = 0 [pid 512] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 512] <... futex resumed>) = 1 [pid 515] <... mount resumed>) = 0 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] <... futex resumed>) = 0 [pid 511] <... futex resumed>) = 1 [pid 514] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 511] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... mmap resumed>) = 0x20000000 [pid 514] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 511] <... futex resumed>) = 0 [pid 514] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 511] <... futex resumed>) = 0 [pid 515] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 513] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 512] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... umount2 resumed>) = 0 [pid 358] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 532] <... futex resumed>) = ? [pid 527] <... ioctl resumed>) = 0 [pid 515] <... openat resumed>) = 3 [pid 514] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 512] <... futex resumed>) = ? [pid 511] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... openat resumed>) = 4 [pid 527] close(3 [pid 358] newfstatat(4, "", [pid 527] <... close resumed>) = 0 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 527] close(4 [pid 358] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 532] +++ killed by SIGBUS +++ [pid 531] <... futex resumed>) = ? [pid 515] chdir("./file0" [pid 511] <... futex resumed>) = ? [pid 531] +++ killed by SIGBUS +++ [pid 515] <... chdir resumed>) = 0 [pid 358] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 515] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 358] close(4) = 0 [pid 358] rmdir("./4/file0" [pid 514] +++ killed by SIGBUS +++ [pid 513] +++ killed by SIGBUS +++ [pid 512] +++ killed by SIGBUS +++ [pid 511] +++ killed by SIGBUS +++ [pid 358] <... rmdir resumed>) = 0 [pid 358] getdents64(3, [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=511, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=512, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 362] restart_syscall(<... resuming interrupted clone ...> [pid 358] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] restart_syscall(<... resuming interrupted clone ...> [pid 358] close(3) = 0 [pid 358] rmdir("./4") = 0 [pid 358] mkdir("./5", 0777) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 362] <... restart_syscall resumed>) = 0 [pid 360] <... restart_syscall resumed>) = 0 [pid 362] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 360] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 362] <... openat resumed>) = 3 [pid 360] <... openat resumed>) = 3 [pid 360] newfstatat(3, "", [pid 362] newfstatat(3, "", [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, [pid 362] getdents64(3, [pid 360] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] unlink("./5/binderfs" [pid 362] newfstatat(AT_FDCWD, "./5/binderfs", [pid 360] <... unlink resumed>) = 0 [pid 362] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] unlink("./5/binderfs") = 0 [ 26.541222][ T515] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 26.551236][ T513] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 26.553187][ T514] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 362] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 527] <... close resumed>) = 0 [pid 527] mkdir("./file0", 0777) = 0 [pid 527] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 515] <... openat resumed>) = 4 [pid 358] <... openat resumed>) = 3 [pid 358] ioctl(3, LOOP_CLR_FD [pid 515] ioctl(4, LOOP_CLR_FDexecuting program [pid 362] <... umount2 resumed>) = 0 [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 358] close(3 [pid 362] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] <... close resumed>) = 0 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 535 attached [pid 535] set_robust_list(0x5555893a06a0, 24) = 0 [pid 535] chdir("./5") = 0 [pid 535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 535] setpgid(0, 0) = 0 [pid 535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 535] write(3, "1000", 4) = 4 [pid 535] close(3) = 0 [pid 535] symlink("/dev/binderfs", "./binderfs" [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 535 [pid 535] <... symlink resumed>) = 0 [pid 535] write(1, "executing program\n", 18) = 18 [pid 535] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 535] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 535] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 535] rt_sigprocmask(SIG_BLOCK, ~[], [pid 360] <... umount2 resumed>) = 0 [pid 362] newfstatat(AT_FDCWD, "./5/file0", [pid 515] <... ioctl resumed>) = 0 [pid 360] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 515] close(4 [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 535] <... rt_sigprocmask resumed>[], 8) = 0 [pid 362] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 515] <... close resumed>) = 0 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 515] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 515] <... futex resumed>) = 1 [pid 510] <... futex resumed>) = 0 [pid 362] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 360] newfstatat(AT_FDCWD, "./5/file0", [pid 510] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 510] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 535] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[538]}, 88) = 538 [pid 535] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 535] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 538 attached [pid 538] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 538] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 538] memfd_create("syzkaller", 0) = 3 [pid 538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 515] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 362] <... openat resumed>) = 4 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] newfstatat(4, "", [pid 360] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 515] <... openat resumed>) = 4 [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 527] <... mount resumed>) = 0 [pid 515] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] getdents64(4, [pid 360] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 527] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 515] <... futex resumed>) = 1 [pid 510] <... futex resumed>) = 0 [pid 362] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 510] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] <... openat resumed>) = 3 [pid 515] write(4, "0x0000000000000000", 18 [pid 362] getdents64(4, [pid 360] newfstatat(4, "", [pid 510] <... futex resumed>) = 0 [pid 527] chdir("./file0" [pid 515] <... write resumed>) = 18 [pid 510] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 527] <... chdir resumed>) = 0 [pid 515] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] <... futex resumed>) = 0 [pid 362] close(4 [pid 360] getdents64(4, [pid 510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 515] <... futex resumed>) = 0 [pid 362] <... close resumed>) = 0 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 527] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 515] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 510] <... mmap resumed>) = 0x7faaf7ac0000 [pid 362] rmdir("./5/file0" [pid 360] getdents64(4, [pid 510] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 362] <... rmdir resumed>) = 0 [pid 510] <... mprotect resumed>) = 0 [pid 362] getdents64(3, [pid 360] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] close(4 [pid 510] rt_sigprocmask(SIG_BLOCK, ~[], [pid 362] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] <... close resumed>) = 0 [pid 510] <... rt_sigprocmask resumed>[], 8) = 0 [pid 362] close(3 [pid 360] rmdir("./5/file0" [pid 510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 362] <... close resumed>) = 0 [pid 360] <... rmdir resumed>) = 0 [pid 360] getdents64(3, [pid 510] <... clone3 resumed> => {parent_tid=[539]}, 88) = 539 [pid 362] rmdir("./5" [pid 510] rt_sigprocmask(SIG_SETMASK, [], [pid 360] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 362] <... rmdir resumed>) = 0 [pid 510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 360] close(3 [pid 510] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] mkdir("./6", 0777 [pid 510] <... futex resumed>) = 0 [pid 360] <... close resumed>) = 0 [pid 510] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... mkdir resumed>) = 0 [pid 360] rmdir("./5" [pid 538] <... write resumed>) = 1048576 [pid 360] <... rmdir resumed>) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 538] munmap(0x7faaef6e1000, 138412032 [pid 527] <... openat resumed>) = 4 [pid 362] <... openat resumed>) = 3 [pid 360] mkdir("./6", 0777 [pid 538] <... munmap resumed>) = 0 [pid 538] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 538] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 539 attached [pid 360] <... mkdir resumed>) = 0 [pid 539] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 362] ioctl(3, LOOP_CLR_FD [pid 539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 539] write(4, "0x0000000000000000", 18 [pid 527] ioctl(4, LOOP_CLR_FD [pid 539] <... write resumed>) = 18 [pid 539] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] <... futex resumed>) = 0 [pid 539] <... futex resumed>) = 1 [pid 539] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 510] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 515] <... futex resumed>) = 0 [pid 510] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 515] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 510] <... futex resumed>) = 0 [pid 515] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 510] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 515] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 510] <... futex resumed>) = 0 [pid 538] <... ioctl resumed>) = 0 [pid 538] close(3) = 0 [pid 538] close(4 [pid 527] <... ioctl resumed>) = 0 [pid 527] close(4) = 0 [pid 527] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] <... futex resumed>) = 1 [pid 527] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 510] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... openat resumed>) = 3 [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 362] close(3) = 0 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 360] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 360] close(3) = 0 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 541 [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 542 [pid 538] <... close resumed>) = 0 [pid 538] mkdir("./file0", 0777./strace-static-x86_64: Process 542 attached ./strace-static-x86_64: Process 541 attached ) = 0 [pid 515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 542] set_robust_list(0x5555893a06a0, 24 [pid 541] set_robust_list(0x5555893a06a0, 24 [pid 542] <... set_robust_list resumed>) = 0 [pid 541] <... set_robust_list resumed>) = 0 [pid 538] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 542] chdir("./6") = 0 [pid 541] chdir("./6" [pid 510] <... futex resumed>) = ? [pid 542] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 541] <... chdir resumed>) = 0 [pid 541] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 542] <... prctl resumed>) = 0 [pid 541] <... prctl resumed>) = 0 [pid 542] setpgid(0, 0 [pid 539] <... futex resumed>) = ? [pid 542] <... setpgid resumed>) = 0 [pid 541] setpgid(0, 0) = 0 [pid 542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 542] <... openat resumed>) = 3 [pid 541] <... openat resumed>) = 3 [pid 542] write(3, "1000", 4 [pid 541] write(3, "1000", 4 [pid 542] <... write resumed>) = 4 [pid 539] +++ killed by SIGBUS +++ [pid 541] <... write resumed>) = 4 [pid 541] close(3 [pid 542] close(3 [pid 541] <... close resumed>) = 0 [pid 542] <... close resumed>) = 0 [pid 541] symlink("/dev/binderfs", "./binderfs" [pid 542] symlink("/dev/binderfs", "./binderfs"executing program executing program [pid 541] <... symlink resumed>) = 0 [pid 542] <... symlink resumed>) = 0 [pid 541] write(1, "executing program\n", 18 [pid 542] write(1, "executing program\n", 18 [pid 541] <... write resumed>) = 18 [pid 542] <... write resumed>) = 18 [pid 542] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 541] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 541] <... futex resumed>) = 0 [pid 515] +++ killed by SIGBUS +++ [pid 542] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 510] +++ killed by SIGBUS +++ [pid 541] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 542] <... rt_sigaction resumed>NULL, 8) = 0 [pid 541] <... rt_sigaction resumed>NULL, 8) = 0 [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=510, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 542] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 541] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 359] restart_syscall(<... resuming interrupted clone ...> [pid 542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 542] <... mmap resumed>) = 0x7faaf7ae1000 [pid 541] <... mmap resumed>) = 0x7faaf7ae1000 [pid 542] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 541] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 542] rt_sigprocmask(SIG_BLOCK, ~[], [pid 541] <... mprotect resumed>) = 0 [pid 542] <... rt_sigprocmask resumed>[], 8) = 0 [pid 542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 541] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 542] <... clone3 resumed> => {parent_tid=[543]}, 88) = 543 [pid 541] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 541] <... clone3 resumed> => {parent_tid=[544]}, 88) = 544 [pid 542] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 544 attached ./strace-static-x86_64: Process 543 attached [pid 542] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 541] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] set_robust_list(0x7faaf7b019a0, 24 [pid 543] set_robust_list(0x7faaf7b019a0, 24 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 544] <... set_robust_list resumed>) = 0 [pid 543] <... set_robust_list resumed>) = 0 [pid 544] rt_sigprocmask(SIG_SETMASK, [], [pid 543] rt_sigprocmask(SIG_SETMASK, [], [pid 544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 359] <... restart_syscall resumed>) = 0 [pid 527] <... openat resumed>) = 4 [pid 359] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 527] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... openat resumed>) = 3 [pid 524] <... futex resumed>) = 0 [pid 359] newfstatat(3, "", [pid 524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 524] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 359] getdents64(3, [pid 524] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 524] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 359] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 524] <... clone3 resumed> => {parent_tid=[545]}, 88) = 545 [pid 359] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 524] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] newfstatat(AT_FDCWD, "./4/binderfs", ./strace-static-x86_64: Process 545 attached [pid 544] memfd_create("syzkaller", 0 [pid 543] memfd_create("syzkaller", 0 [pid 524] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 527] <... futex resumed>) = 1 [pid 527] write(4, "0x0000000000000000", 18) = 18 [pid 527] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 527] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 545] set_robust_list(0x7faaf7ae09a0, 24 [pid 544] <... memfd_create resumed>) = 3 [pid 543] <... memfd_create resumed>) = 3 [pid 359] unlink("./4/binderfs") = 0 [pid 544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 359] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 545] <... set_robust_list resumed>) = 0 [pid 543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 545] rt_sigprocmask(SIG_SETMASK, [], [pid 543] <... mmap resumed>) = 0x7faaef6e1000 [pid 545] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 545] write(4, "0x0000000000000000", 18) = 18 [pid 545] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 524] <... futex resumed>) = 0 [pid 545] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 524] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] <... futex resumed>) = 0 [pid 524] <... futex resumed>) = 1 [pid 527] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [ 26.743546][ T527] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 26.764200][ T515] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 524] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] <... mmap resumed>) = 0x20000000 [pid 527] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 524] <... futex resumed>) = 0 [pid 544] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 543] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 524] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 545] <... futex resumed>) = ? [pid 524] <... futex resumed>) = ? [pid 545] +++ killed by SIGBUS +++ [pid 527] +++ killed by SIGBUS +++ [pid 524] +++ killed by SIGBUS +++ [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=524, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 357] restart_syscall(<... resuming interrupted clone ...> [pid 544] <... write resumed>) = 1048576 [pid 544] munmap(0x7faaef6e1000, 138412032) = 0 [pid 544] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 543] <... write resumed>) = 1048576 [pid 357] <... restart_syscall resumed>) = 0 [pid 538] <... mount resumed>) = 0 [pid 538] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 357] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 538] <... openat resumed>) = 3 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 538] chdir("./file0" [pid 357] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 538] <... chdir resumed>) = 0 [pid 538] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 357] <... openat resumed>) = 3 [pid 543] munmap(0x7faaef6e1000, 138412032 [pid 357] newfstatat(3, "", [pid 543] <... munmap resumed>) = 0 [pid 543] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./5/binderfs") = 0 [pid 357] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] <... umount2 resumed>) = 0 [pid 544] <... openat resumed>) = 4 [pid 544] ioctl(4, LOOP_SET_FD, 3 [pid 359] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 544] <... ioctl resumed>) = 0 [pid 359] newfstatat(AT_FDCWD, "./4/file0", [pid 544] close(3) = 0 [pid 544] close(4 [pid 538] <... openat resumed>) = 4 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 538] ioctl(4, LOOP_CLR_FD [pid 359] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 359] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] close(4) = 0 [pid 359] rmdir("./4/file0") = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] close(3) = 0 [pid 359] rmdir("./4") = 0 [pid 359] mkdir("./5", 0777) = 0 [ 26.807338][ T527] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 26.811430][ T538] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 544] <... close resumed>) = 0 [pid 543] <... openat resumed>) = 4 [pid 544] mkdir("./file0", 0777 [pid 543] ioctl(4, LOOP_SET_FD, 3 [pid 544] <... mkdir resumed>) = 0 [pid 544] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 538] <... ioctl resumed>) = 0 [pid 359] <... openat resumed>) = 3 [pid 538] close(4 [pid 359] ioctl(3, LOOP_CLR_FD [pid 543] <... ioctl resumed>) = 0 [pid 357] <... umount2 resumed>) = 0 [pid 538] <... close resumed>) = 0 [pid 359] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 538] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 359] close(3 [pid 538] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 359] <... close resumed>) = 0 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 551 ./strace-static-x86_64: Process 551 attached [pid 543] close(3 [pid 535] <... futex resumed>) = 0 [pid 357] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 543] <... close resumed>) = 0 [pid 535] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 543] close(4 [pid 538] <... futex resumed>) = 0 [pid 535] <... futex resumed>) = 1 [pid 357] newfstatat(AT_FDCWD, "./5/file0", [pid 538] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 535] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 538] <... openat resumed>) = 4 [pid 357] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 538] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 538] <... futex resumed>) = 1 [pid 535] <... futex resumed>) = 0 [pid 357] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 538] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 535] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... openat resumed>) = 4 [pid 538] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 535] <... futex resumed>) = 0 [pid 357] newfstatat(4, "", [pid 538] write(4, "0x0000000000000000", 18 [pid 535] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 538] <... write resumed>) = 18 [pid 535] <... futex resumed>) = 0 [pid 357] getdents64(4, [pid 538] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 357] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 538] <... futex resumed>) = 0 [pid 535] <... mmap resumed>) = 0x7faaf7ac0000 [pid 357] getdents64(4, [pid 538] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 535] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 357] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 551] set_robust_list(0x5555893a06a0, 24 [pid 535] <... mprotect resumed>) = 0 [pid 357] close(4 [pid 535] rt_sigprocmask(SIG_BLOCK, ~[], [pid 357] <... close resumed>) = 0 [pid 535] <... rt_sigprocmask resumed>[], 8) = 0 [pid 357] rmdir("./5/file0" [pid 551] <... set_robust_list resumed>) = 0 [pid 535] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 357] <... rmdir resumed>) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 535] <... clone3 resumed> => {parent_tid=[552]}, 88) = 552 [pid 357] close(3 [pid 535] rt_sigprocmask(SIG_SETMASK, [], [pid 357] <... close resumed>) = 0 [pid 535] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 357] rmdir("./5"./strace-static-x86_64: Process 552 attached [pid 551] chdir("./5" [pid 535] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... rmdir resumed>) = 0 [pid 535] <... futex resumed>) = 0 [pid 357] mkdir("./6", 0777 [pid 552] set_robust_list(0x7faaf7ae09a0, 24 [pid 551] <... chdir resumed>) = 0 [pid 535] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... mkdir resumed>) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 552] <... set_robust_list resumed>) = 0 [pid 551] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 552] rt_sigprocmask(SIG_SETMASK, [], [pid 551] <... prctl resumed>) = 0 [pid 552] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 551] setpgid(0, 0) = 0 [pid 551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 551] write(3, "1000", 4) = 4 [pid 551] close(3) = 0 [pid 551] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 551] write(1, "executing program\n", 18) = 18 [pid 551] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 551] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 551] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 551] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 551] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 551] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[555]}, 88) = 555 [pid 551] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 551] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 552] write(4, "0x0000000000000000", 18) = 18 [pid 552] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... futex resumed>) = 0 [pid 535] <... futex resumed>) = 1 [pid 538] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 535] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] <... mmap resumed>) = 0x20000000 [pid 538] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 535] <... futex resumed>) = 0 ./strace-static-x86_64: Process 555 attached [pid 552] <... futex resumed>) = 1 [pid 544] <... mount resumed>) = 0 [pid 535] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 555] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 555] memfd_create("syzkaller", 0) = 3 [pid 555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 555] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 544] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 552] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 544] <... openat resumed>) = 3 [pid 544] chdir("./file0") = 0 [pid 543] <... close resumed>) = 0 [pid 543] mkdir("./file0", 0777) = 0 [pid 543] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 544] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 555] <... write resumed>) = 1048576 [pid 555] munmap(0x7faaef6e1000, 138412032) = 0 [pid 555] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 555] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 555] close(3 [pid 535] <... futex resumed>) = 0 [pid 357] <... openat resumed>) = 3 [pid 357] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 357] close(3) = 0 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 557 [pid 555] <... close resumed>) = 0 [pid 555] close(4 [pid 544] <... openat resumed>) = 4 [pid 544] ioctl(4, LOOP_CLR_FD [pid 535] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... ioctl resumed>) = 0 [pid 544] close(4) = 0 [pid 544] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 541] <... futex resumed>) = 0 [pid 544] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 541] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 544] <... openat resumed>) = 4 [pid 541] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 538] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 552] <... futex resumed>) = ? [pid 535] <... futex resumed>) = ? [pid 552] +++ killed by SIGBUS +++ [pid 538] +++ killed by SIGBUS +++ [pid 535] +++ killed by SIGBUS +++ [pid 541] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] write(4, "0x0000000000000000", 18 [pid 541] <... futex resumed>) = 0 [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=535, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 544] <... write resumed>) = 18 [pid 541] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] restart_syscall(<... resuming interrupted clone ...> [pid 544] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 541] <... futex resumed>) = 0 [pid 544] <... futex resumed>) = 0 [pid 541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 544] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] <... mmap resumed>) = 0x7faaf7ac0000 [pid 541] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 557 attached ) = 0 [pid 557] set_robust_list(0x5555893a06a0, 24 [pid 541] rt_sigprocmask(SIG_BLOCK, ~[], [pid 557] <... set_robust_list resumed>) = 0 [pid 541] <... rt_sigprocmask resumed>[], 8) = 0 [pid 541] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 557] chdir("./6"./strace-static-x86_64: Process 558 attached [pid 558] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 558] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 557] <... chdir resumed>) = 0 [pid 541] <... clone3 resumed> => {parent_tid=[558]}, 88) = 558 [pid 557] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 541] rt_sigprocmask(SIG_SETMASK, [], [pid 557] <... prctl resumed>) = 0 [pid 541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 541] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] setpgid(0, 0) = 0 [pid 541] <... futex resumed>) = 1 [pid 558] <... futex resumed>) = 0 [pid 541] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] write(4, "0x0000000000000000", 18) = 18 [pid 557] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 558] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 541] <... futex resumed>) = 0 [pid 541] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 544] <... futex resumed>) = 0 [pid 541] <... futex resumed>) = 1 [pid 544] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 541] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... mmap resumed>) = 0x20000000 [pid 558] <... futex resumed>) = 1 [pid 544] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 558] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 544] <... futex resumed>) = 1 [pid 541] <... futex resumed>) = 0 [pid 544] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 544] <... futex resumed>) = 0 [pid 541] <... futex resumed>) = 1 [pid 541] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 557] <... openat resumed>) = 3 [pid 557] write(3, "1000", 4) = 4 [pid 557] close(3) = 0 [pid 557] symlink("/dev/binderfs", "./binderfs") = 0 [pid 557] write(1, "executing program\n", 18) = 18 [pid 557] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 557] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 557] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 557] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 557] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[559]}, 88) = 559 [pid 557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 557] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 559 attached [pid 559] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 559] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 26.940537][ T544] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 26.948441][ T538] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 559] memfd_create("syzkaller", 0) = 3 [pid 559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 358] <... restart_syscall resumed>) = 0 [pid 559] <... mmap resumed>) = 0x7faaef6e1000 [pid 358] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 544] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 541] <... futex resumed>) = ? [pid 358] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./5/binderfs") = 0 [pid 558] <... futex resumed>) = ? [pid 358] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 555] <... close resumed>) = 0 [pid 555] mkdir("./file0", 0777) = 0 [pid 555] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 559] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 559] munmap(0x7faaef6e1000, 138412032 [pid 544] +++ killed by SIGBUS +++ [pid 558] +++ killed by SIGBUS +++ [pid 541] +++ killed by SIGBUS +++ [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=541, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 362] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 362] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./6/binderfs") = 0 [pid 362] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 559] <... munmap resumed>) = 0 [pid 559] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 543] <... mount resumed>) = 0 [pid 543] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 543] chdir("./file0") = 0 [pid 543] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 543] ioctl(4, LOOP_CLR_FD) = 0 [pid 543] close(4) = 0 [pid 543] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 543] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 555] <... mount resumed>) = 0 [pid 555] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 358] <... umount2 resumed>) = 0 [pid 559] <... openat resumed>) = 4 [pid 559] ioctl(4, LOOP_SET_FD, 3 [pid 555] chdir("./file0") = 0 [pid 555] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] <... futex resumed>) = 0 [pid 542] <... futex resumed>) = 1 [pid 543] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 542] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 543] <... openat resumed>) = 4 [pid 543] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 542] <... futex resumed>) = 0 [pid 543] write(4, "0x0000000000000000", 18 [pid 542] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] <... write resumed>) = 18 [pid 542] <... futex resumed>) = 0 [pid 543] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 559] <... ioctl resumed>) = 0 [pid 543] <... futex resumed>) = 0 [pid 542] <... futex resumed>) = 0 [pid 559] close(3 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 559] <... close resumed>) = 0 [pid 559] close(4 [pid 543] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 358] newfstatat(AT_FDCWD, "./5/file0", [pid 542] <... mmap resumed>) = 0x7faaf7ac0000 [pid 542] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 358] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 542] <... clone3 resumed> => {parent_tid=[565]}, 88) = 565 ./strace-static-x86_64: Process 565 attached [pid 565] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 565] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 565] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 542] rt_sigprocmask(SIG_SETMASK, [], [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 358] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 542] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] getdents64(4, [pid 565] <... futex resumed>) = 0 [pid 542] <... futex resumed>) = 1 [pid 542] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 358] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 358] close(4) = 0 [pid 358] rmdir("./5/file0") = 0 [pid 565] write(4, "0x0000000000000000", 18 [pid 358] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 565] <... write resumed>) = 18 [pid 358] close(3 [pid 565] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... close resumed>) = 0 [pid 565] <... futex resumed>) = 1 [pid 358] rmdir("./5" [pid 565] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 543] <... futex resumed>) = 0 [pid 542] <... futex resumed>) = 1 [pid 543] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 542] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 543] <... mmap resumed>) = 0x20000000 [pid 358] <... rmdir resumed>) = 0 [pid 543] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] mkdir("./6", 0777 [pid 543] <... futex resumed>) = 1 [pid 542] <... futex resumed>) = 0 [ 26.977480][ T544] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 27.003643][ T543] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 27.017387][ T555] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 543] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 542] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... mkdir resumed>) = 0 [pid 543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 543] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 565] <... futex resumed>) = ? [pid 542] <... futex resumed>) = ? [pid 565] +++ killed by SIGBUS +++ [pid 543] +++ killed by SIGBUS +++ [pid 542] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=542, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 360] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 360] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 360] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./6/binderfs") = 0 [pid 555] <... openat resumed>) = 4 [pid 360] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 27.039794][ T543] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 555] ioctl(4, LOOP_CLR_FD [pid 559] <... close resumed>) = 0 [pid 559] mkdir("./file0", 0777) = 0 [pid 559] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 362] <... umount2 resumed>) = 0 [pid 358] <... openat resumed>) = 3 [pid 358] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 358] close(3) = 0 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 566 [pid 555] <... ioctl resumed>) = 0 [pid 555] close(4./strace-static-x86_64: Process 566 attached [pid 566] set_robust_list(0x5555893a06a0, 24) = 0 [pid 566] chdir("./6") = 0 [pid 566] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 362] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 566] setpgid(0, 0 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 566] <... setpgid resumed>) = 0 [pid 362] newfstatat(AT_FDCWD, "./6/file0", [pid 566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 566] <... openat resumed>) = 3 [pid 362] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 566] write(3, "1000", 4 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 566] <... write resumed>) = 4 [pid 362] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 566] close(3 [pid 362] <... openat resumed>) = 4 [pid 566] <... close resumed>) = 0 [pid 362] newfstatat(4, "", [pid 566] symlink("/dev/binderfs", "./binderfs" [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 566] <... symlink resumed>) = 0 [pid 362] getdents64(4, [pid 566] write(1, "executing program\n", 18 [pid 362] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 executing program [pid 566] <... write resumed>) = 18 [pid 362] close(4 [pid 566] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... close resumed>) = 0 [pid 362] rmdir("./6/file0") = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 566] <... futex resumed>) = 0 [pid 362] close(3 [pid 559] <... mount resumed>) = 0 [pid 559] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 362] <... close resumed>) = 0 [pid 559] chdir("./file0" [pid 362] rmdir("./6" [pid 559] <... chdir resumed>) = 0 [pid 566] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 559] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 362] <... rmdir resumed>) = 0 [pid 362] mkdir("./7", 0777 [pid 566] <... rt_sigaction resumed>NULL, 8) = 0 [pid 566] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 566] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 362] <... mkdir resumed>) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 566] <... mprotect resumed>) = 0 [pid 566] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 566] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0}./strace-static-x86_64: Process 569 attached => {parent_tid=[569]}, 88) = 569 [pid 569] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 566] rt_sigprocmask(SIG_SETMASK, [], [pid 569] rt_sigprocmask(SIG_SETMASK, [], [pid 566] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 569] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 566] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] memfd_create("syzkaller", 0 [pid 566] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 569] <... memfd_create resumed>) = 3 [pid 569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 569] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 569] munmap(0x7faaef6e1000, 138412032) = 0 [pid 569] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 555] <... close resumed>) = 0 [pid 362] <... openat resumed>) = 3 [pid 360] <... umount2 resumed>) = 0 [pid 555] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 551] <... futex resumed>) = 0 [pid 555] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 551] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 551] <... futex resumed>) = 0 [pid 555] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 551] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 555] <... openat resumed>) = 4 [pid 555] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 551] <... futex resumed>) = 0 [pid 555] write(4, "0x0000000000000000", 18 [pid 551] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] <... write resumed>) = 18 [pid 551] <... futex resumed>) = 0 [pid 555] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] <... futex resumed>) = 0 [pid 551] <... futex resumed>) = 0 [pid 555] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 551] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 360] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 551] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [ 27.120307][ T559] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 551] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 551] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[570]}, 88) = 570 [pid 551] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 551] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 569] <... openat resumed>) = 4 [pid 569] ioctl(4, LOOP_SET_FD, 3 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 569] <... ioctl resumed>) = 0 [pid 569] close(3) = 0 [pid 569] close(4 [pid 559] <... openat resumed>) = 4 [pid 559] ioctl(4, LOOP_CLR_FD [pid 362] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 570 attached [pid 570] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 570] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 570] write(4, "0x0000000000000000", 18) = 18 [pid 570] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 555] <... futex resumed>) = 0 [pid 551] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 555] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 360] newfstatat(AT_FDCWD, "./6/file0", [pid 555] <... mmap resumed>) = 0x20000000 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 555] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 551] <... futex resumed>) = 0 [pid 360] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 555] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 551] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 551] <... futex resumed>) = 0 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 570] <... futex resumed>) = 1 [pid 570] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 551] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 360] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 360] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] close(4) = 0 [pid 360] rmdir("./6/file0") = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] close(3) = 0 [pid 360] rmdir("./6") = 0 [pid 360] mkdir("./7", 0777) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 570] <... futex resumed>) = 230 [pid 551] <... futex resumed>) = ? [pid 570] +++ killed by SIGBUS +++ [pid 555] +++ killed by SIGBUS +++ [pid 551] +++ killed by SIGBUS +++ [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=551, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 359] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 359] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./5/binderfs") = 0 [ 27.187026][ T555] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 359] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 569] <... close resumed>) = 0 [pid 559] <... ioctl resumed>) = 0 [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 569] mkdir("./file0", 0777 [pid 559] close(4 [pid 362] close(3 [pid 569] <... mkdir resumed>) = 0 [pid 569] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 360] <... openat resumed>) = 3 [pid 360] ioctl(3, LOOP_CLR_FD [pid 559] <... close resumed>) = 0 [pid 362] <... close resumed>) = 0 [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 359] <... umount2 resumed>) = 0 [pid 559] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 359] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 559] <... futex resumed>) = 1 [pid 557] <... futex resumed>) = 0 [pid 360] close(3 [pid 559] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 557] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... close resumed>) = 0 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 559] <... openat resumed>) = 4 [pid 557] <... futex resumed>) = 0 [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 572 [pid 359] newfstatat(AT_FDCWD, "./5/file0", [pid 559] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 559] <... futex resumed>) = 0 [pid 557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 573 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 559] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 557] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 559] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 557] <... futex resumed>) = 0 [pid 359] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 559] write(4, "0x0000000000000000", 18 [pid 557] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 559] <... write resumed>) = 18 [pid 557] <... futex resumed>) = 0 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 559] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 359] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 559] <... futex resumed>) = 0 [pid 557] <... mmap resumed>) = 0x7faaf7ac0000 [pid 359] <... openat resumed>) = 4 [pid 559] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 557] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 359] newfstatat(4, "", [pid 557] <... mprotect resumed>) = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 557] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 359] getdents64(4, [pid 557] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0}./strace-static-x86_64: Process 572 attached [pid 572] set_robust_list(0x5555893a06a0, 24) = 0 [pid 557] <... clone3 resumed> => {parent_tid=[574]}, 88) = 574 [pid 359] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 557] rt_sigprocmask(SIG_SETMASK, [], [pid 359] getdents64(4, [pid 557] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 557] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 557] <... futex resumed>) = 0 [pid 359] close(4 [pid 557] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... close resumed>) = 0 [pid 359] rmdir("./5/file0" [pid 572] chdir("./7") = 0 ./strace-static-x86_64: Process 574 attached [pid 359] <... rmdir resumed>) = 0 [pid 359] getdents64(3, [pid 574] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 359] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 574] rt_sigprocmask(SIG_SETMASK, [], [pid 359] close(3 [pid 572] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 359] <... close resumed>) = 0 [pid 574] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 359] rmdir("./5" [pid 572] <... prctl resumed>) = 0 [pid 572] setpgid(0, 0 [pid 359] <... rmdir resumed>) = 0 [pid 572] <... setpgid resumed>) = 0 [pid 574] write(4, "0x0000000000000000", 18 [pid 359] mkdir("./6", 0777 [pid 572] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 359] <... mkdir resumed>) = 0 [pid 574] <... write resumed>) = 18 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 574] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 574] <... futex resumed>) = 1 [pid 557] <... futex resumed>) = 0 [pid 359] close(3./strace-static-x86_64: Process 573 attached [pid 574] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 557] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] set_robust_list(0x5555893a06a0, 24 [pid 559] <... futex resumed>) = 0 [pid 557] <... futex resumed>) = 1 [pid 359] <... close resumed>) = 0 [pid 559] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 557] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 559] <... mmap resumed>) = 0x20000000 [pid 573] <... set_robust_list resumed>) = 0 [pid 559] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 559] <... futex resumed>) = 1 [pid 557] <... futex resumed>) = 0 [pid 572] write(3, "1000", 4) = 4 [pid 572] close(3) = 0 [pid 572] symlink("/dev/binderfs", "./binderfs" [pid 557] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 572] <... symlink resumed>) = 0 [pid 557] <... futex resumed>) = 0 executing program [pid 572] write(1, "executing program\n", 18) = 18 [pid 572] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 572] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 572] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 572] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 572] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 572] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[577]}, 88) = 577 [pid 572] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 572] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 572] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 576 attached [pid 576] set_robust_list(0x5555893a06a0, 24) = 0 [pid 576] chdir("./6") = 0 [pid 576] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 576] setpgid(0, 0) = 0 [pid 576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 576] write(3, "1000", 4) = 4 [pid 576] close(3executing program ) = 0 [pid 576] symlink("/dev/binderfs", "./binderfs") = 0 [pid 576] write(1, "executing program\n", 18) = 18 [pid 576] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 576] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 576] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[579]}, 88) = 579 [pid 576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 576] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 577 attached [pid 573] chdir("./7" [pid 557] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... clone resumed>, child_tidptr=0x5555893a0690) = 576 ./strace-static-x86_64: Process 579 attached [pid 579] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 579] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 573] <... chdir resumed>) = 0 [pid 573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 573] setpgid(0, 0) = 0 [pid 577] set_robust_list(0x7faaf7b019a0, 24 [pid 573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 577] <... set_robust_list resumed>) = 0 [pid 573] <... openat resumed>) = 3 [pid 577] rt_sigprocmask(SIG_SETMASK, [], [pid 573] write(3, "1000", 4 [pid 577] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 573] <... write resumed>) = 4 [pid 573] close(3 [pid 577] memfd_create("syzkaller", 0 [pid 573] <... close resumed>) = 0 [pid 573] symlink("/dev/binderfs", "./binderfs" [pid 577] <... memfd_create resumed>) = 3 [pid 579] memfd_create("syzkaller", 0executing program [pid 573] <... symlink resumed>) = 0 [pid 577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 573] write(1, "executing program\n", 18 [pid 577] <... mmap resumed>) = 0x7faaef6e1000 [pid 573] <... write resumed>) = 18 [pid 579] <... memfd_create resumed>) = 3 [pid 573] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 573] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 573] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 573] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 573] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 573] <... clone3 resumed> => {parent_tid=[580]}, 88) = 580 [pid 573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 573] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 579] <... mmap resumed>) = 0x7faaef6e1000 ./strace-static-x86_64: Process 580 attached [pid 580] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 580] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 580] memfd_create("syzkaller", 0 [pid 579] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 580] <... memfd_create resumed>) = 3 [pid 580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 580] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 577] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 579] <... write resumed>) = 1048576 [pid 580] <... write resumed>) = 1048576 [pid 579] munmap(0x7faaef6e1000, 138412032) = 0 [pid 579] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 579] ioctl(4, LOOP_SET_FD, 3 [pid 569] <... mount resumed>) = 0 [pid 569] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 569] chdir("./file0" [pid 580] munmap(0x7faaef6e1000, 138412032 [pid 569] <... chdir resumed>) = 0 [pid 580] <... munmap resumed>) = 0 [pid 569] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 580] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 579] <... ioctl resumed>) = 0 [pid 579] close(3) = 0 [pid 579] close(4 [pid 559] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 574] <... futex resumed>) = ? [pid 557] <... futex resumed>) = ? [pid 574] +++ killed by SIGBUS +++ [pid 559] +++ killed by SIGBUS +++ [pid 557] +++ killed by SIGBUS +++ [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=557, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 357] restart_syscall(<... resuming interrupted clone ...> [pid 580] <... openat resumed>) = 4 [ 27.332955][ T559] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 27.341419][ T569] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 579] <... close resumed>) = 0 [pid 579] mkdir("./file0", 0777) = 0 [pid 579] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 580] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 580] close(3) = 0 [pid 580] close(4 [pid 357] <... restart_syscall resumed>) = 0 [pid 357] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 357] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./6/binderfs") = 0 [pid 357] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 577] <... write resumed>) = 1048576 [pid 577] munmap(0x7faaef6e1000, 138412032) = 0 [pid 577] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 579] <... mount resumed>) = 0 [pid 579] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 579] chdir("./file0") = 0 [pid 579] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 580] <... close resumed>) = 0 [pid 569] <... openat resumed>) = 4 [pid 580] mkdir("./file0", 0777) = 0 [pid 569] ioctl(4, LOOP_CLR_FD [pid 580] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 579] <... openat resumed>) = 4 [pid 569] <... ioctl resumed>) = 0 [pid 569] close(4) = 0 [pid 569] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 569] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 579] ioctl(4, LOOP_CLR_FD) = 0 [ 27.403643][ T579] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 579] close(4) = 0 [pid 579] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 576] <... futex resumed>) = 0 [pid 566] <... futex resumed>) = 0 [pid 576] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 569] <... futex resumed>) = 0 [pid 566] <... futex resumed>) = 1 [pid 569] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 566] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 569] <... openat resumed>) = 4 [pid 569] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 569] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 579] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 357] <... umount2 resumed>) = 0 [pid 566] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 569] <... futex resumed>) = 0 [pid 566] <... futex resumed>) = 1 [pid 577] <... openat resumed>) = 4 [pid 569] write(4, "0x0000000000000000", 18 [pid 566] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 577] ioctl(4, LOOP_SET_FD, 3 [pid 569] <... write resumed>) = 18 [pid 566] <... futex resumed>) = 0 [pid 569] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 569] <... futex resumed>) = 0 [pid 566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 569] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 357] newfstatat(AT_FDCWD, "./6/file0", [pid 566] <... mmap resumed>) = 0x7faaf7ac0000 [pid 566] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 566] <... mprotect resumed>) = 0 [pid 357] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 566] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 566] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 357] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 566] <... clone3 resumed> => {parent_tid=[586]}, 88) = 586 [pid 357] newfstatat(4, "", [pid 566] rt_sigprocmask(SIG_SETMASK, [], [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 566] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 357] getdents64(4, [pid 566] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 566] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] close(4) = 0 [pid 357] rmdir("./6/file0") = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] close(3) = 0 [pid 357] rmdir("./6" [pid 579] <... openat resumed>) = 4 [pid 357] <... rmdir resumed>) = 0 [pid 579] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] mkdir("./7", 0777 [pid 579] <... futex resumed>) = 1 [pid 579] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 586 attached [pid 357] <... mkdir resumed>) = 0 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 576] <... futex resumed>) = 1 [pid 579] <... futex resumed>) = 0 [pid 579] write(4, "0x0000000000000000", 18 [pid 577] <... ioctl resumed>) = 0 [pid 576] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 579] <... write resumed>) = 18 [pid 579] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 579] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 586] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 586] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 586] write(4, "0x0000000000000000", 18) = 18 [pid 586] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 569] <... futex resumed>) = 0 [pid 566] <... futex resumed>) = 1 [pid 569] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 566] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 569] <... mmap resumed>) = 0x20000000 [pid 569] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 569] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 566] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 569] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 566] <... futex resumed>) = 0 [pid 577] close(3 [pid 576] <... futex resumed>) = 0 [pid 566] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... openat resumed>) = 3 [pid 577] <... close resumed>) = 0 [pid 576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 357] ioctl(3, LOOP_CLR_FD [pid 577] close(4 [pid 576] <... mmap resumed>) = 0x7faaf7ac0000 [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 576] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 357] close(3 [pid 576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0}./strace-static-x86_64: Process 589 attached [pid 586] <... futex resumed>) = 1 [pid 576] <... clone3 resumed> => {parent_tid=[589]}, 88) = 589 [pid 589] set_robust_list(0x7faaf7ae09a0, 24 [pid 586] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 576] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 589] <... set_robust_list resumed>) = 0 [pid 589] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 589] write(4, "0x0000000000000000", 18) = 18 [pid 589] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 576] <... futex resumed>) = 0 [pid 589] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 576] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 579] <... futex resumed>) = 0 [pid 576] <... futex resumed>) = 1 [pid 579] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 576] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 579] <... mmap resumed>) = 0x20000000 [pid 579] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 576] <... futex resumed>) = 0 [pid 580] <... mount resumed>) = 0 [pid 576] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 569] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 580] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 580] chdir("./file0") = 0 [pid 580] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] <... futex resumed>) = ? [pid 586] <... futex resumed>) = ? [pid 577] <... close resumed>) = 0 [pid 357] <... close resumed>) = 0 [pid 577] mkdir("./file0", 0777 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 577] <... mkdir resumed>) = 0 [pid 577] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 357] <... clone resumed>, child_tidptr=0x5555893a0690) = 590 ./strace-static-x86_64: Process 590 attached [pid 590] set_robust_list(0x5555893a06a0, 24) = 0 [pid 590] chdir("./7") = 0 [pid 590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 590] setpgid(0, 0) = 0 [pid 590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 590] write(3, "1000", 4) = 4 [pid 590] close(3executing program ) = 0 [pid 590] symlink("/dev/binderfs", "./binderfs") = 0 [pid 590] write(1, "executing program\n", 18) = 18 [pid 590] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 590] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 590] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 590] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 590] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[591]}, 88) = 591 [pid 590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 590] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 590] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 591 attached [pid 591] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 591] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 591] memfd_create("syzkaller", 0) = 3 [pid 591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 586] +++ killed by SIGBUS +++ [pid 569] +++ killed by SIGBUS +++ [pid 566] +++ killed by SIGBUS +++ [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=566, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 358] restart_syscall(<... resuming interrupted clone ...> [pid 579] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 589] <... futex resumed>) = ? [pid 576] <... futex resumed>) = ? [pid 589] +++ killed by SIGBUS +++ [pid 579] +++ killed by SIGBUS +++ [pid 576] +++ killed by SIGBUS +++ [pid 591] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=576, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 359] restart_syscall(<... resuming interrupted clone ...> [pid 591] <... write resumed>) = 1048576 [pid 591] munmap(0x7faaef6e1000, 138412032) = 0 [pid 591] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 358] <... restart_syscall resumed>) = 0 [pid 358] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 359] <... restart_syscall resumed>) = 0 [pid 358] <... openat resumed>) = 3 [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] getdents64(3, [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 358] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] <... openat resumed>) = 3 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(3, "", [pid 358] newfstatat(AT_FDCWD, "./6/binderfs", [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] getdents64(3, [pid 358] unlink("./6/binderfs" [pid 359] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] <... unlink resumed>) = 0 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./6/binderfs", [pid 358] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./6/binderfs") = 0 [ 27.481398][ T569] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 27.499000][ T580] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 27.500363][ T579] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 359] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 359] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 359] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] close(4) = 0 [pid 359] rmdir("./6/file0") = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] close(3) = 0 [pid 359] rmdir("./6") = 0 [pid 359] mkdir("./7", 0777 [pid 580] <... openat resumed>) = 4 [pid 359] <... mkdir resumed>) = 0 [pid 580] ioctl(4, LOOP_CLR_FD) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 580] close(4 [pid 577] <... mount resumed>) = 0 [pid 577] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 577] chdir("./file0") = 0 [pid 577] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 359] <... openat resumed>) = 3 [pid 358] <... umount2 resumed>) = 0 [pid 591] <... openat resumed>) = 4 [pid 580] <... close resumed>) = 0 [pid 359] ioctl(3, LOOP_CLR_FD [pid 358] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 591] ioctl(4, LOOP_SET_FD, 3 [pid 580] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 580] <... futex resumed>) = 1 [pid 573] <... futex resumed>) = 0 [pid 580] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 573] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 580] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 573] <... futex resumed>) = 0 [pid 580] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 573] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 358] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 580] <... openat resumed>) = 4 [pid 580] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] getdents64(4, [pid 580] <... futex resumed>) = 1 [pid 573] <... futex resumed>) = 0 [pid 580] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 573] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 580] write(4, "0x0000000000000000", 18 [pid 573] <... futex resumed>) = 0 [pid 358] getdents64(4, [pid 580] <... write resumed>) = 18 [pid 358] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 580] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] close(4 [pid 580] <... futex resumed>) = 0 [pid 573] <... futex resumed>) = 0 [pid 580] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 358] <... close resumed>) = 0 [pid 573] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 358] rmdir("./6/file0" [pid 573] <... mprotect resumed>) = 0 [pid 573] rt_sigprocmask(SIG_BLOCK, ~[], [pid 358] <... rmdir resumed>) = 0 [pid 573] <... rt_sigprocmask resumed>[], 8) = 0 [pid 358] getdents64(3, [pid 573] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 358] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] close(3 [pid 573] <... clone3 resumed> => {parent_tid=[594]}, 88) = 594 [pid 358] <... close resumed>) = 0 [pid 573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 358] rmdir("./6"./strace-static-x86_64: Process 594 attached [pid 573] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... rmdir resumed>) = 0 [pid 358] mkdir("./7", 0777 [pid 594] set_robust_list(0x7faaf7ae09a0, 24 [pid 573] <... futex resumed>) = 0 [pid 358] <... mkdir resumed>) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 594] <... set_robust_list resumed>) = 0 [pid 594] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 594] write(4, "0x0000000000000000", 18) = 18 [pid 573] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 594] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 573] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 580] <... futex resumed>) = 0 [pid 573] <... futex resumed>) = 1 [pid 580] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 573] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 580] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 580] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 573] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 580] <... futex resumed>) = 0 [ 27.578918][ T577] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 573] <... futex resumed>) = 1 [pid 573] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 580] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 594] <... futex resumed>) = ? [pid 577] <... openat resumed>) = 4 [pid 573] <... futex resumed>) = ? [pid 594] +++ killed by SIGBUS +++ [pid 591] <... ioctl resumed>) = 0 [pid 577] ioctl(4, LOOP_CLR_FD [pid 359] <... ioctl resumed>) = 0 [pid 358] <... openat resumed>) = 3 [pid 591] close(3 [pid 580] +++ killed by SIGBUS +++ [pid 577] <... ioctl resumed>) = 0 [pid 573] +++ killed by SIGBUS +++ [pid 591] <... close resumed>) = 0 [pid 577] close(4 [pid 359] close(3 [pid 358] ioctl(3, LOOP_CLR_FD [pid 591] close(4 [pid 577] <... close resumed>) = 0 [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=573, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 359] <... close resumed>) = 0 [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 591] <... close resumed>) = 0 [pid 577] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 358] close(3 [pid 591] mkdir("./file0", 0777 [pid 577] <... futex resumed>) = 1 [pid 572] <... futex resumed>) = 0 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 596 attached [pid 591] <... mkdir resumed>) = 0 [pid 358] <... close resumed>) = 0 [pid 596] set_robust_list(0x5555893a06a0, 24 [pid 577] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 572] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 359] <... clone resumed>, child_tidptr=0x5555893a0690) = 596 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 596] <... set_robust_list resumed>) = 0 [pid 596] chdir("./7" [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 597 [pid 596] <... chdir resumed>) = 0 [pid 596] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 591] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 572] <... futex resumed>) = 0 [pid 360] <... openat resumed>) = 3 [pid 596] <... prctl resumed>) = 0 [pid 596] setpgid(0, 0) = 0 [pid 596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 572] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 360] newfstatat(3, "", [pid 596] <... openat resumed>) = 3 [pid 596] write(3, "1000", 4) = 4 [pid 596] close(3) = 0 [pid 596] symlink("/dev/binderfs", "./binderfs" [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 596] <... symlink resumed>) = 0 [pid 577] <... openat resumed>) = 4 [pid 360] getdents64(3, [pid 596] write(1, "executing program\n", 18 [pid 577] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 577] <... futex resumed>) = 1 [pid 572] <... futex resumed>) = 0 executing program [pid 577] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 572] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 572] <... futex resumed>) = 0 [pid 596] <... write resumed>) = 18 [pid 596] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 577] write(4, "0x0000000000000000", 18 [pid 572] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 596] <... futex resumed>) = 0 [pid 577] <... write resumed>) = 18 [pid 572] <... futex resumed>) = 0 [pid 577] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] newfstatat(AT_FDCWD, "./7/binderfs", [pid 577] <... futex resumed>) = 0 [pid 572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 577] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 572] <... mmap resumed>) = 0x7faaf7ac0000 [pid 360] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 596] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 572] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 360] unlink("./7/binderfs" [pid 572] <... mprotect resumed>) = 0 [pid 360] <... unlink resumed>) = 0 [pid 596] <... rt_sigaction resumed>NULL, 8) = 0 [pid 572] rt_sigprocmask(SIG_BLOCK, ~[], [pid 360] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 572] <... rt_sigprocmask resumed>[], 8) = 0 [pid 596] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 572] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 596] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 596] rt_sigprocmask(SIG_BLOCK, ~[], [pid 572] <... clone3 resumed> => {parent_tid=[598]}, 88) = 598 [pid 596] <... rt_sigprocmask resumed>[], 8) = 0 [pid 596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 572] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 596] <... clone3 resumed> => {parent_tid=[599]}, 88) = 599 [pid 596] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 596] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 572] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 596] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 572] <... futex resumed>) = 0 ./strace-static-x86_64: Process 597 attached [pid 597] set_robust_list(0x5555893a06a0, 24) = 0 [pid 572] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 597] chdir("./7") = 0 [pid 597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 597] setpgid(0, 0) = 0 executing program [pid 597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 597] write(3, "1000", 4) = 4 [pid 597] close(3) = 0 [pid 597] symlink("/dev/binderfs", "./binderfs") = 0 [pid 597] write(1, "executing program\n", 18) = 18 [pid 597] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 597] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 597] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 597] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 597] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[600]}, 88) = 600 [pid 597] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 597] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 598 attached ./strace-static-x86_64: Process 600 attached ) = 0 [pid 597] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 599 attached [pid 600] set_robust_list(0x7faaf7b019a0, 24 [pid 598] set_robust_list(0x7faaf7ae09a0, 24 [pid 600] <... set_robust_list resumed>) = 0 [pid 599] set_robust_list(0x7faaf7b019a0, 24 [pid 598] <... set_robust_list resumed>) = 0 [pid 600] rt_sigprocmask(SIG_SETMASK, [], [pid 599] <... set_robust_list resumed>) = 0 [pid 598] rt_sigprocmask(SIG_SETMASK, [], [pid 600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 599] rt_sigprocmask(SIG_SETMASK, [], [pid 598] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 600] memfd_create("syzkaller", 0 [pid 599] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 598] write(4, "0x0000000000000000", 18 [pid 599] memfd_create("syzkaller", 0 [pid 598] <... write resumed>) = 18 [pid 598] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 600] <... memfd_create resumed>) = 3 [pid 599] <... memfd_create resumed>) = 3 [pid 598] <... futex resumed>) = 1 [pid 572] <... futex resumed>) = 0 [pid 572] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 577] <... futex resumed>) = 0 [pid 572] <... futex resumed>) = 1 [pid 577] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 572] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 600] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 599] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 598] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 577] <... mmap resumed>) = 0x20000000 [pid 577] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 572] <... futex resumed>) = 0 [pid 600] <... mmap resumed>) = 0x7faaef6e1000 [pid 599] <... mmap resumed>) = 0x7faaef6e1000 [pid 577] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 572] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 27.624075][ T580] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 572] <... futex resumed>) = 0 [pid 600] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 599] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 577] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 572] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... umount2 resumed>) = 0 [pid 572] <... futex resumed>) = ? [pid 598] <... futex resumed>) = ? [pid 360] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 598] +++ killed by SIGBUS +++ [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 577] +++ killed by SIGBUS +++ [pid 572] +++ killed by SIGBUS +++ [pid 360] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=572, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 600] <... write resumed>) = 1048576 [pid 362] restart_syscall(<... resuming interrupted clone ...> [pid 360] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 599] <... write resumed>) = 1048576 [pid 599] munmap(0x7faaef6e1000, 138412032 [pid 600] munmap(0x7faaef6e1000, 138412032 [pid 360] <... openat resumed>) = 4 [pid 360] newfstatat(4, "", [pid 599] <... munmap resumed>) = 0 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 599] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 360] getdents64(4, [pid 599] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 599] close(3) = 0 [pid 599] close(4 [pid 600] <... munmap resumed>) = 0 [pid 600] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 360] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 360] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] close(4) = 0 [pid 360] rmdir("./7/file0") = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] close(3) = 0 [pid 360] rmdir("./7") = 0 [pid 360] mkdir("./8", 0777) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 362] <... restart_syscall resumed>) = 0 [pid 362] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 591] <... mount resumed>) = 0 [pid 362] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, [pid 591] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 362] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 591] <... openat resumed>) = 3 [pid 362] unlink("./7/binderfs" [pid 591] chdir("./file0" [pid 362] <... unlink resumed>) = 0 [pid 362] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 591] <... chdir resumed>) = 0 [pid 591] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 599] <... close resumed>) = 0 [pid 599] mkdir("./file0", 0777) = 0 [ 27.682027][ T577] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 27.710877][ T591] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 599] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 600] <... openat resumed>) = 4 [pid 600] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 600] close(3) = 0 [pid 600] close(4) = 0 [pid 591] <... openat resumed>) = 4 [pid 600] mkdir("./file0", 0777 [pid 360] <... openat resumed>) = 3 [pid 600] <... mkdir resumed>) = 0 [pid 591] ioctl(4, LOOP_CLR_FD [pid 360] ioctl(3, LOOP_CLR_FD [pid 600] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 591] <... ioctl resumed>) = 0 [pid 362] <... umount2 resumed>) = 0 [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 591] close(4 [pid 362] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] close(3 [pid 591] <... close resumed>) = 0 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] <... close resumed>) = 0 [pid 591] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] newfstatat(AT_FDCWD, "./7/file0", [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 590] <... futex resumed>) = 0 [pid 591] <... futex resumed>) = 1 [pid 590] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 591] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 590] <... futex resumed>) = 0 [pid 362] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 590] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 606 [pid 591] <... openat resumed>) = 4 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 591] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] <... futex resumed>) = 0 [pid 591] write(4, "0x0000000000000000", 18 [pid 590] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... write resumed>) = 18 [pid 590] <... futex resumed>) = 0 [pid 591] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 590] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... futex resumed>) = 0 [pid 590] <... futex resumed>) = 0 [pid 591] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 362] <... openat resumed>) = 4 [pid 590] <... mmap resumed>) = 0x7faaf7ac0000 [pid 590] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 362] newfstatat(4, "", [pid 590] <... mprotect resumed>) = 0 [pid 590] rt_sigprocmask(SIG_BLOCK, ~[], [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 590] <... rt_sigprocmask resumed>[], 8) = 0 [pid 590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 362] getdents64(4, [pid 590] <... clone3 resumed> => {parent_tid=[608]}, 88) = 608 [pid 590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 362] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 590] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] getdents64(4, [pid 590] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 362] close(4) = 0 ./strace-static-x86_64: Process 606 attached [pid 606] set_robust_list(0x5555893a06a0, 24) = 0 [pid 606] chdir("./8") = 0 [pid 606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 606] setpgid(0, 0) = 0 [pid 606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 608 attached ) = 3 [pid 608] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 608] write(4, "0x0000000000000000", 18) = 18 [pid 608] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 590] <... futex resumed>) = 0 [pid 590] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... futex resumed>) = 0 [pid 590] <... futex resumed>) = 1 [pid 591] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 590] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 591] <... mmap resumed>) = 0x20000000 [pid 591] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] <... futex resumed>) = 0 [pid 591] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 590] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 590] <... futex resumed>) = 0 [pid 608] <... futex resumed>) = 1 [pid 606] write(3, "1000", 4 [pid 600] <... mount resumed>) = 0 [pid 362] rmdir("./7/file0") = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 362] close(3) = 0 [pid 362] rmdir("./7") = 0 [pid 362] mkdir("./8", 0777) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 362] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 362] close(3) = 0 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 611 [pid 600] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 606] <... write resumed>) = 4 [pid 600] <... openat resumed>) = 3 [pid 608] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 606] close(3) = 0 [pid 600] chdir("./file0" [pid 606] symlink("/dev/binderfs", "./binderfs" [pid 600] <... chdir resumed>) = 0 [pid 606] <... symlink resumed>) = 0 [pid 600] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 600] ioctl(4, LOOP_CLR_FD) = 0 [pid 600] close(4) = 0 [pid 600] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] <... futex resumed>) = 0 [pid 597] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 600] <... futex resumed>) = 1 [pid 600] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 606] write(1, "executing program\n", 18executing program ) = 18 [pid 606] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 606] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 606] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 606] rt_sigprocmask(SIG_BLOCK, ~[], [pid 600] <... openat resumed>) = 4 [pid 600] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] <... futex resumed>) = 0 [pid 600] <... futex resumed>) = 1 [pid 597] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 606] <... rt_sigprocmask resumed>[], 8) = 0 [pid 600] write(4, "0x0000000000000000", 18 [pid 597] <... futex resumed>) = 0 [pid 606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 600] <... write resumed>) = 18 [pid 597] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 600] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] <... futex resumed>) = 0 [pid 606] <... clone3 resumed> => {parent_tid=[612]}, 88) = 612 [pid 600] <... futex resumed>) = 0 [pid 597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 606] rt_sigprocmask(SIG_SETMASK, [], [pid 600] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 597] <... mmap resumed>) = 0x7faaf7ac0000 [pid 606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 597] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 606] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] <... mprotect resumed>) = 0 [pid 606] <... futex resumed>) = 0 [pid 597] rt_sigprocmask(SIG_BLOCK, ~[], [pid 606] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 597] <... rt_sigprocmask resumed>[], 8) = 0 [pid 597] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[613]}, 88) = 613 [pid 597] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 597] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 613 attached [pid 613] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 613] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 613] write(4, "0x0000000000000000", 18) = 18 [pid 590] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 612 attached [pid 612] set_robust_list(0x7faaf7b019a0, 24 [pid 613] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 612] <... set_robust_list resumed>) = 0 [pid 597] <... futex resumed>) = 0 [pid 597] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 600] <... futex resumed>) = 0 [pid 597] <... futex resumed>) = 1 [pid 600] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 597] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 600] <... mmap resumed>) = 0x20000000 [pid 600] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000executing program ) = 1 [pid 597] <... futex resumed>) = 0 ./strace-static-x86_64: Process 611 attached [pid 613] <... futex resumed>) = 1 [pid 612] rt_sigprocmask(SIG_SETMASK, [], [pid 597] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 611] set_robust_list(0x5555893a06a0, 24 [pid 590] <... futex resumed>) = ? [pid 611] <... set_robust_list resumed>) = 0 [pid 611] chdir("./8") = 0 [pid 611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 611] setpgid(0, 0) = 0 [pid 611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 611] write(3, "1000", 4) = 4 [pid 611] close(3) = 0 [pid 611] symlink("/dev/binderfs", "./binderfs") = 0 [pid 611] write(1, "executing program\n", 18) = 18 [pid 611] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] <... futex resumed>) = 0 [ 27.897419][ T600] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 27.899125][ T591] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 27.926569][ T600] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 613] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 608] <... futex resumed>) = ? [pid 600] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 597] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 612] memfd_create("syzkaller", 0 [pid 613] <... futex resumed>) = ? [pid 613] +++ killed by SIGBUS +++ [pid 600] +++ killed by SIGBUS +++ [pid 597] +++ killed by SIGBUS +++ [pid 612] <... memfd_create resumed>) = 3 [pid 612] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 611] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=597, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 611] <... rt_sigaction resumed>NULL, 8) = 0 [pid 608] +++ killed by SIGBUS +++ [pid 611] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 591] +++ killed by SIGBUS +++ [pid 590] +++ killed by SIGBUS +++ [pid 611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 599] <... mount resumed>) = 0 [pid 358] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=590, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 611] <... mmap resumed>) = 0x7faaf7ae1000 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 611] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 358] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 611] <... mprotect resumed>) = 0 [pid 358] <... openat resumed>) = 3 [pid 612] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 611] rt_sigprocmask(SIG_BLOCK, ~[], [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 611] <... rt_sigprocmask resumed>[], 8) = 0 [pid 599] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 358] getdents64(3, [pid 611] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0}./strace-static-x86_64: Process 615 attached [pid 599] <... openat resumed>) = 3 [pid 358] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 611] <... clone3 resumed> => {parent_tid=[615]}, 88) = 615 [pid 599] chdir("./file0" [pid 358] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 611] rt_sigprocmask(SIG_SETMASK, [], [pid 599] <... chdir resumed>) = 0 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 611] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 599] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 358] newfstatat(AT_FDCWD, "./7/binderfs", [pid 615] set_robust_list(0x7faaf7b019a0, 24 [pid 612] <... write resumed>) = 1048576 [pid 611] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 599] <... openat resumed>) = 4 [pid 358] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 611] <... futex resumed>) = 0 [pid 599] ioctl(4, LOOP_CLR_FD [pid 358] unlink("./7/binderfs" [pid 615] <... set_robust_list resumed>) = 0 [pid 612] munmap(0x7faaef6e1000, 138412032 [pid 611] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 599] <... ioctl resumed>) = 0 [pid 358] <... unlink resumed>) = 0 [pid 599] close(4 [pid 358] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 615] rt_sigprocmask(SIG_SETMASK, [], [pid 612] <... munmap resumed>) = 0 [pid 599] <... close resumed>) = 0 [pid 615] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 612] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 599] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] <... futex resumed>) = 0 [pid 357] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 615] memfd_create("syzkaller", 0 [pid 612] <... openat resumed>) = 4 [pid 599] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 596] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 612] ioctl(4, LOOP_SET_FD, 3 [pid 596] <... futex resumed>) = 0 [pid 357] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 596] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... openat resumed>) = 3 [pid 357] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, [pid 615] <... memfd_create resumed>) = 3 [pid 599] <... openat resumed>) = 4 [pid 357] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 357] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 599] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 599] <... futex resumed>) = 1 [pid 596] <... futex resumed>) = 0 [pid 357] newfstatat(AT_FDCWD, "./7/binderfs", [pid 599] write(4, "0x0000000000000000", 18 [pid 596] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 596] <... futex resumed>) = 0 [pid 357] unlink("./7/binderfs" [pid 596] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 599] <... write resumed>) = 18 [pid 596] <... futex resumed>) = 0 [pid 357] <... unlink resumed>) = 0 [pid 599] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 357] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 599] <... futex resumed>) = 0 [pid 596] <... mmap resumed>) = 0x7faaf7ac0000 [pid 596] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 596] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[616]}, 88) = 616 [pid 596] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 596] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 599] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 616 attached [pid 615] <... write resumed>) = 1048576 [pid 616] set_robust_list(0x7faaf7ae09a0, 24 [pid 615] munmap(0x7faaef6e1000, 138412032 [pid 616] <... set_robust_list resumed>) = 0 [pid 615] <... munmap resumed>) = 0 [pid 616] rt_sigprocmask(SIG_SETMASK, [], [pid 615] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 616] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 616] write(4, "0x0000000000000000", 18) = 18 [pid 616] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] <... futex resumed>) = 0 [pid 596] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 596] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 599] <... futex resumed>) = 0 [pid 599] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 616] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 599] <... mmap resumed>) = 0x20000000 [pid 599] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 596] <... futex resumed>) = 0 [pid 596] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 596] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 599] <... futex resumed>) = 1 [ 27.941907][ T599] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 599] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 596] <... futex resumed>) = ? [pid 616] <... futex resumed>) = ? [pid 616] +++ killed by SIGBUS +++ [pid 599] +++ killed by SIGBUS +++ [pid 596] +++ killed by SIGBUS +++ [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=596, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 359] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 359] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 359] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./7/binderfs") = 0 [pid 359] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 612] <... ioctl resumed>) = 0 [pid 358] <... umount2 resumed>) = 0 [pid 612] close(3 [pid 358] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 612] <... close resumed>) = 0 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 612] close(4 [pid 358] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 358] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 358] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 358] close(4) = 0 [pid 358] rmdir("./7/file0") = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] close(3) = 0 [pid 358] rmdir("./7") = 0 [pid 358] mkdir("./8", 0777) = 0 [ 27.982021][ T599] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 615] <... openat resumed>) = 4 [pid 615] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 612] <... close resumed>) = 0 [pid 359] <... umount2 resumed>) = 0 [pid 358] <... openat resumed>) = 3 [pid 357] <... umount2 resumed>) = 0 [pid 615] close(3 [pid 612] mkdir("./file0", 0777 [pid 359] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] ioctl(3, LOOP_CLR_FD [pid 357] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 615] <... close resumed>) = 0 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 615] close(4 [pid 612] <... mkdir resumed>) = 0 [pid 359] newfstatat(AT_FDCWD, "./7/file0", [pid 358] close(3 [pid 357] newfstatat(AT_FDCWD, "./7/file0", [pid 615] <... close resumed>) = 0 [pid 612] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] <... close resumed>) = 0 [pid 615] mkdir("./file0", 0777 [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 359] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 359] newfstatat(4, "", [pid 615] <... mkdir resumed>) = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(4, [pid 357] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] close(4) = 0 [pid 359] rmdir("./7/file0" [pid 615] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 359] <... rmdir resumed>) = 0 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] getdents64(3, ./strace-static-x86_64: Process 619 attached 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 619] set_robust_list(0x5555893a06a0, 24 [pid 359] close(3 [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 619 [pid 357] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 619] <... set_robust_list resumed>) = 0 [pid 359] <... close resumed>) = 0 [pid 619] chdir("./8" [pid 359] rmdir("./7" [pid 357] <... openat resumed>) = 4 [pid 619] <... chdir resumed>) = 0 [pid 359] <... rmdir resumed>) = 0 [pid 357] newfstatat(4, "", [pid 619] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 359] mkdir("./8", 0777 [pid 619] <... prctl resumed>) = 0 [pid 359] <... mkdir resumed>) = 0 [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 619] setpgid(0, 0 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 619] <... setpgid resumed>) = 0 [pid 357] getdents64(4, [pid 619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 357] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 619] <... openat resumed>) = 3 [pid 357] getdents64(4, [pid 619] write(3, "1000", 4 [pid 357] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 619] <... write resumed>) = 4 [pid 357] close(4 [pid 619] close(3 [pid 357] <... close resumed>) = 0 [pid 619] <... close resumed>) = 0 [pid 357] rmdir("./7/file0" [pid 619] symlink("/dev/binderfs", "./binderfs") = 0 [pid 357] <... rmdir resumed>) = 0 [pid 619] write(1, "executing program\n", 18 [pid 357] getdents64(3, [pid 619] <... write resumed>) = 18 executing program [pid 357] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 619] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] close(3) = 0 [pid 619] <... futex resumed>) = 0 [pid 357] rmdir("./7" [pid 619] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 357] <... rmdir resumed>) = 0 [pid 619] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 357] mkdir("./8", 0777 [pid 619] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 619] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 619] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 619] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 357] <... mkdir resumed>) = 0 [pid 619] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 619] <... clone3 resumed> => {parent_tid=[620]}, 88) = 620 [pid 619] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 619] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 620 attached ) = 0 [pid 619] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 620] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 620] memfd_create("syzkaller", 0) = 3 [pid 620] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 620] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 620] munmap(0x7faaef6e1000, 138412032) = 0 [pid 620] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 359] <... openat resumed>) = 3 [pid 357] <... openat resumed>) = 3 [pid 620] ioctl(4, LOOP_SET_FD, 3 [pid 359] ioctl(3, LOOP_CLR_FD [pid 357] ioctl(3, LOOP_CLR_FD [pid 620] <... ioctl resumed>) = 0 [pid 359] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 620] close(3 [pid 612] <... mount resumed>) = 0 [pid 359] close(3 [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 620] <... close resumed>) = 0 [pid 620] close(4) = 0 [pid 620] mkdir("./file0", 0777) = 0 [pid 620] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 612] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 357] close(3 [pid 359] <... close resumed>) = 0 [pid 612] <... openat resumed>) = 3 [pid 612] chdir("./file0") = 0 [pid 612] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 357] <... close resumed>) = 0 [pid 612] ioctl(4, LOOP_CLR_FD) = 0 [pid 612] close(4) = 0 [pid 612] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 606] <... futex resumed>) = 1 [pid 612] <... futex resumed>) = 0 [pid 612] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 606] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... clone resumed>, child_tidptr=0x5555893a0690) = 627 [pid 612] <... openat resumed>) = 4 [pid 357] <... clone resumed>, child_tidptr=0x5555893a0690) = 628 [pid 612] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 606] <... futex resumed>) = 0 ./strace-static-x86_64: Process 628 attached [pid 606] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 628] set_robust_list(0x5555893a06a0, 24) = 0 [pid 628] chdir("./8" [pid 606] <... futex resumed>) = 1 [pid 612] <... futex resumed>) = 0 [pid 606] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 612] write(4, "0x0000000000000000", 18) = 18 [pid 612] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 628] <... chdir resumed>) = 0 [pid 628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 628] setpgid(0, 0 [pid 606] <... futex resumed>) = 0 [pid 628] <... setpgid resumed>) = 0 [pid 606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 606] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 606] <... mprotect resumed>) = 0 [pid 606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[630]}, 88) = 630 [pid 606] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 606] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] <... openat resumed>) = 3 [pid 628] write(3, "1000", 4 [pid 606] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] <... write resumed>) = 4 [pid 628] close(3) = 0 [pid 628] symlink("/dev/binderfs", "./binderfs"executing program ./strace-static-x86_64: Process 627 attached ) = 0 [pid 628] write(1, "executing program\n", 18) = 18 [pid 628] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 628] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 628] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 628] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[631]}, 88) = 631 [pid 628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 628] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 630 attached [pid 630] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 630] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 630] write(4, "0x0000000000000000", 18) = 18 [pid 630] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 612] <... futex resumed>) = 0 [pid 606] <... futex resumed>) = 1 [pid 612] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 606] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 612] <... mmap resumed>) = 0x20000000 [pid 612] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 606] <... futex resumed>) = 0 [pid 612] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 606] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 612] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 606] <... futex resumed>) = 0 ./strace-static-x86_64: Process 631 attached [pid 630] <... futex resumed>) = 1 [pid 627] set_robust_list(0x5555893a06a0, 24 [pid 615] <... mount resumed>) = 0 [pid 606] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 627] <... set_robust_list resumed>) = 0 [pid 627] chdir("./8") = 0 [pid 627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 627] setpgid(0, 0) = 0 [pid 627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 627] write(3, "1000", 4) = 4 [pid 627] close(3) = 0 [pid 627] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 627] write(1, "executing program\n", 18) = 18 [pid 627] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 627] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 627] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[632]}, 88) = 632 [pid 627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 627] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 615] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 28.180778][ T612] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 28.184680][ T615] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 615] chdir("./file0") = 0 [pid 615] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 615] ioctl(4, LOOP_CLR_FD) = 0 [pid 615] close(4) = 0 [pid 615] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 615] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 630] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 612] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 630] <... futex resumed>) = ? [pid 606] <... futex resumed>) = ? [pid 630] +++ killed by SIGBUS +++ [pid 612] +++ killed by SIGBUS +++ [pid 606] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=606, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 360] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 632 attached [pid 632] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 632] memfd_create("syzkaller", 0) = 3 [pid 632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 632] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 360] <... restart_syscall resumed>) = 0 [pid 360] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 611] <... futex resumed>) = 0 [pid 360] <... openat resumed>) = 3 [pid 360] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 611] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 611] <... futex resumed>) = 1 [pid 631] set_robust_list(0x7faaf7b019a0, 24 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 631] <... set_robust_list resumed>) = 0 [pid 611] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 631] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 620] <... mount resumed>) = 0 [pid 615] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 360] newfstatat(AT_FDCWD, "./8/binderfs", [pid 631] memfd_create("syzkaller", 0 [pid 620] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 615] <... openat resumed>) = 4 [pid 360] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 631] <... memfd_create resumed>) = 3 [pid 620] <... openat resumed>) = 3 [pid 615] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] unlink("./8/binderfs" [pid 631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 620] chdir("./file0" [pid 615] <... futex resumed>) = 1 [pid 611] <... futex resumed>) = 0 [pid 360] <... unlink resumed>) = 0 [pid 615] write(4, "0x0000000000000000", 18 [pid 611] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 615] <... write resumed>) = 18 [pid 611] <... futex resumed>) = 0 [pid 615] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 611] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 611] <... futex resumed>) = 0 [pid 615] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 611] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 611] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 611] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[633]}, 88) = 633 [pid 611] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 611] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 611] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 633 attached [pid 633] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 633] write(4, "0x0000000000000000", 18) = 18 [pid 633] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 611] <... futex resumed>) = 0 [pid 611] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... futex resumed>) = 0 [pid 611] <... futex resumed>) = 1 [pid 615] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 611] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 615] <... mmap resumed>) = 0x20000000 [pid 615] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 611] <... futex resumed>) = 0 [pid 633] <... futex resumed>) = 1 [pid 632] <... write resumed>) = 1048576 [pid 631] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 620] <... chdir resumed>) = 0 [pid 611] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 632] munmap(0x7faaef6e1000, 138412032 [pid 620] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 611] <... futex resumed>) = 0 [pid 620] <... openat resumed>) = 4 [pid 611] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] ioctl(4, LOOP_CLR_FD) = 0 [pid 620] close(4 [pid 633] <... futex resumed>) = ? [pid 632] <... munmap resumed>) = 0 [pid 631] <... write resumed>) = 1048576 [pid 620] <... close resumed>) = 0 [pid 611] <... futex resumed>) = ? [pid 632] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 632] ioctl(4, LOOP_SET_FD, 3 [pid 631] munmap(0x7faaef6e1000, 138412032) = 0 [pid 631] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 633] +++ killed by SIGBUS +++ [pid 620] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 619] <... futex resumed>) = 0 [pid 620] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 632] <... ioctl resumed>) = 0 [pid 620] <... futex resumed>) = 0 [pid 619] <... futex resumed>) = 1 [pid 620] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 619] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] close(3 [pid 620] <... openat resumed>) = 4 [pid 620] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 632] <... close resumed>) = 0 [pid 632] close(4 [pid 620] <... futex resumed>) = 1 [pid 619] <... futex resumed>) = 0 [pid 632] <... close resumed>) = 0 [pid 620] write(4, "0x0000000000000000", 18 [pid 619] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 632] mkdir("./file0", 0777 [pid 620] <... write resumed>) = 18 [pid 619] <... futex resumed>) = 0 [pid 620] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 620] <... futex resumed>) = 0 [pid 619] <... futex resumed>) = 0 [pid 632] <... mkdir resumed>) = 0 [pid 620] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 619] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 619] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 619] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[635]}, 88) = 635 [pid 619] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 619] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 631] <... openat resumed>) = 4 [pid 631] ioctl(4, LOOP_SET_FD, 3 [pid 632] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 615] +++ killed by SIGBUS +++ [pid 611] +++ killed by SIGBUS +++ [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=611, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 362] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 635 attached [pid 631] <... ioctl resumed>) = 0 [pid 635] set_robust_list(0x7faaf7ae09a0, 24 [pid 631] close(3 [pid 635] <... set_robust_list resumed>) = 0 [pid 631] <... close resumed>) = 0 [pid 635] rt_sigprocmask(SIG_SETMASK, [], [pid 631] close(4 [pid 635] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 635] write(4, "0x0000000000000000", 18) = 18 [pid 635] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 619] <... futex resumed>) = 0 [pid 635] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 620] <... futex resumed>) = 0 [pid 619] <... futex resumed>) = 1 [pid 620] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 619] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] <... mmap resumed>) = 0x20000000 [pid 620] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 619] <... futex resumed>) = 0 [ 28.220446][ T612] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 28.239829][ T620] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 28.258585][ T615] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 620] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 620] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... restart_syscall resumed>) = 0 [pid 362] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 620] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 635] <... futex resumed>) = ? [pid 619] <... futex resumed>) = ? [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 635] +++ killed by SIGBUS +++ [pid 362] <... openat resumed>) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 620] +++ killed by SIGBUS +++ [pid 619] +++ killed by SIGBUS +++ [pid 362] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=619, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 362] unlink("./8/binderfs" [pid 358] restart_syscall(<... resuming interrupted clone ...> [pid 362] <... unlink resumed>) = 0 [pid 362] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] <... restart_syscall resumed>) = 0 [pid 358] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./8/binderfs") = 0 [pid 358] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 631] <... close resumed>) = 0 [pid 631] mkdir("./file0", 0777) = 0 [ 28.291456][ T620] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 631] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 632] <... mount resumed>) = 0 [pid 632] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 632] chdir("./file0") = 0 [pid 632] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 362] <... umount2 resumed>) = 0 [pid 360] <... umount2 resumed>) = 0 [pid 632] <... openat resumed>) = 4 [pid 362] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 28.339037][ T632] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 360] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] <... umount2 resumed>) = 0 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 632] ioctl(4, LOOP_CLR_FD) = 0 [pid 632] close(4) = 0 [pid 632] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 627] <... futex resumed>) = 0 [pid 632] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 627] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 627] <... futex resumed>) = 0 [pid 632] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 627] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] <... openat resumed>) = 4 [pid 632] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 627] <... futex resumed>) = 0 [pid 632] write(4, "0x0000000000000000", 18 [pid 627] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 632] <... write resumed>) = 18 [pid 627] <... futex resumed>) = 0 [pid 632] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 632] <... futex resumed>) = 0 [pid 627] <... futex resumed>) = 0 [pid 632] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 627] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[641]}, 88) = 641 [pid 627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 627] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 641 attached [pid 641] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 641] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 641] write(4, "0x0000000000000000", 18) = 18 [pid 641] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 632] <... futex resumed>) = 0 [pid 627] <... futex resumed>) = 1 [pid 632] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 627] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] <... mmap resumed>) = 0x20000000 [pid 632] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 627] <... futex resumed>) = 0 [pid 641] <... futex resumed>) = 1 [pid 631] <... mount resumed>) = 0 [pid 627] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] newfstatat(AT_FDCWD, "./8/file0", [pid 360] newfstatat(AT_FDCWD, "./8/file0", [pid 358] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] newfstatat(AT_FDCWD, "./8/file0", [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 360] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 358] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] <... openat resumed>) = 4 [pid 360] <... openat resumed>) = 4 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(4, "", [pid 360] newfstatat(4, "", [pid 358] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] <... openat resumed>) = 4 [pid 362] getdents64(4, [pid 360] getdents64(4, [pid 358] newfstatat(4, "", [pid 362] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(4, [pid 360] getdents64(4, [pid 358] getdents64(4, [pid 362] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 358] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 362] close(4 [pid 360] close(4 [pid 358] getdents64(4, [pid 362] <... close resumed>) = 0 [pid 360] <... close resumed>) = 0 [pid 358] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 362] rmdir("./8/file0" [pid 360] rmdir("./8/file0" [pid 358] close(4 [pid 362] <... rmdir resumed>) = 0 [pid 360] <... rmdir resumed>) = 0 [pid 358] <... close resumed>) = 0 [pid 362] getdents64(3, [pid 360] getdents64(3, [pid 358] rmdir("./8/file0" [pid 362] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] <... rmdir resumed>) = 0 [pid 362] close(3 [pid 360] close(3 [pid 358] getdents64(3, [pid 362] <... close resumed>) = 0 [pid 360] <... close resumed>) = 0 [pid 358] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 362] rmdir("./8" [pid 360] rmdir("./8" [pid 358] close(3 [pid 362] <... rmdir resumed>) = 0 [pid 360] <... rmdir resumed>) = 0 [pid 358] <... close resumed>) = 0 [pid 362] mkdir("./9", 0777 [pid 360] mkdir("./9", 0777 [pid 358] rmdir("./8" [pid 362] <... mkdir resumed>) = 0 [pid 360] <... mkdir resumed>) = 0 [pid 358] <... rmdir resumed>) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 358] mkdir("./9", 0777 [pid 362] <... openat resumed>) = 3 [pid 360] <... openat resumed>) = 3 [pid 358] <... mkdir resumed>) = 0 [pid 362] ioctl(3, LOOP_CLR_FD [pid 360] ioctl(3, LOOP_CLR_FD [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 358] <... openat resumed>) = 3 [pid 362] close(3 [pid 360] close(3 [pid 358] ioctl(3, LOOP_CLR_FD [pid 641] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 632] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 631] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 627] <... futex resumed>) = 0 [pid 362] <... close resumed>) = 0 [pid 627] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 631] <... openat resumed>) = 3 [pid 641] <... futex resumed>) = ? [pid 627] <... futex resumed>) = ? [pid 631] chdir("./file0" [pid 641] +++ killed by SIGBUS +++ [pid 631] <... chdir resumed>) = 0 [pid 632] +++ killed by SIGBUS +++ [pid 627] +++ killed by SIGBUS +++ [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 360] <... close resumed>) = 0 [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=627, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 359] restart_syscall(<... resuming interrupted clone ...> [pid 631] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 631] ioctl(4, LOOP_CLR_FD) = 0 [pid 631] close(4) = 0 [pid 631] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 628] <... futex resumed>) = 0 [pid 628] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 631] <... futex resumed>) = 1 [pid 631] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 358] close(3 [pid 631] <... openat resumed>) = 4 [pid 358] <... close resumed>) = 0 [pid 631] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 628] <... futex resumed>) = 0 [pid 628] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 642 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 628] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 628] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 628] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 643 [pid 628] <... clone3 resumed> => {parent_tid=[645]}, 88) = 645 [pid 628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 628] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 631] <... futex resumed>) = 1 [pid 631] write(4, "0x0000000000000000", 18) = 18 [pid 631] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 642 attached [pid 642] set_robust_list(0x5555893a06a0, 24 [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 644 [pid 642] <... set_robust_list resumed>) = 0 [pid 642] chdir("./9") = 0 [pid 642] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 359] <... restart_syscall resumed>) = 0 [pid 359] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 359] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./8/binderfs") = 0 [pid 359] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 645 attached ./strace-static-x86_64: Process 644 attached ./strace-static-x86_64: Process 643 attached [pid 645] set_robust_list(0x7faaf7ae09a0, 24 [pid 644] set_robust_list(0x5555893a06a0, 24 [pid 645] <... set_robust_list resumed>) = 0 [pid 644] <... set_robust_list resumed>) = 0 [pid 643] set_robust_list(0x5555893a06a0, 24 [pid 642] <... prctl resumed>) = 0 [pid 645] rt_sigprocmask(SIG_SETMASK, [], [pid 644] chdir("./9" [pid 643] <... set_robust_list resumed>) = 0 [pid 645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 644] <... chdir resumed>) = 0 [pid 645] write(4, "0x0000000000000000", 18 [pid 644] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 643] chdir("./9" [pid 645] <... write resumed>) = 18 [pid 644] <... prctl resumed>) = 0 [pid 643] <... chdir resumed>) = 0 [pid 642] setpgid(0, 0 [pid 645] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 644] setpgid(0, 0 [pid 643] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 642] <... setpgid resumed>) = 0 [pid 645] <... futex resumed>) = 1 [pid 644] <... setpgid resumed>) = 0 [pid 643] <... prctl resumed>) = 0 [pid 628] <... futex resumed>) = 0 [pid 628] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... futex resumed>) = 0 [pid 628] <... futex resumed>) = 1 [pid 631] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 628] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 645] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 643] setpgid(0, 0 [pid 642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 631] <... mmap resumed>) = 0x20000000 [pid 631] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 628] <... futex resumed>) = 0 [ 28.393667][ T631] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 28.404214][ T632] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 644] <... openat resumed>) = 3 [pid 643] <... setpgid resumed>) = 0 [pid 642] <... openat resumed>) = 3 [pid 628] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 644] write(3, "1000", 4) = 4 [pid 644] close(3) = 0 [pid 644] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 644] write(1, "executing program\n", 18) = 18 [pid 644] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 644] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 644] <... rt_sigaction resumed>NULL, 8) = 0 [pid 644] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 644] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 644] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 643] <... openat resumed>) = 3 [pid 644] rt_sigprocmask(SIG_BLOCK, ~[], [pid 643] write(3, "1000", 4 [pid 644] <... rt_sigprocmask resumed>[], 8) = 0 [pid 643] <... write resumed>) = 4 [pid 644] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 643] close(3) = 0 [pid 643] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 644] <... clone3 resumed> => {parent_tid=[646]}, 88) = 646 [pid 644] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 644] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 644] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 643] write(1, "executing program\n", 18) = 18 [pid 643] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 643] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 643] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[647]}, 88) = 647 [pid 643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 643] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 642] write(3, "1000", 4) = 4 [pid 642] close(3) = 0 [pid 642] symlink("/dev/binderfs", "./binderfs") = 0 [pid 642] write(1, "executing program\n", 18executing program ) = 18 [pid 642] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 642] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 642] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 642] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 642] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 642] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[648]}, 88) = 648 [pid 642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 642] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 642] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 648 attached [pid 648] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 648] memfd_create("syzkaller", 0) = 3 [pid 648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 628] <... futex resumed>) = 0 [pid 628] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 647 attached ./strace-static-x86_64: Process 646 attached [pid 648] <... write resumed>) = 1048576 [pid 631] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 359] <... umount2 resumed>) = 0 [pid 647] set_robust_list(0x7faaf7b019a0, 24 [pid 646] set_robust_list(0x7faaf7b019a0, 24 [pid 359] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 647] <... set_robust_list resumed>) = 0 [pid 646] <... set_robust_list resumed>) = 0 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 647] rt_sigprocmask(SIG_SETMASK, [], [pid 646] rt_sigprocmask(SIG_SETMASK, [], [pid 359] newfstatat(AT_FDCWD, "./8/file0", [pid 647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 646] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 647] memfd_create("syzkaller", 0 [pid 646] memfd_create("syzkaller", 0 [pid 359] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 647] <... memfd_create resumed>) = 3 [pid 646] <... memfd_create resumed>) = 3 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 359] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 647] <... mmap resumed>) = 0x7faaef6e1000 [pid 646] <... mmap resumed>) = 0x7faaef6e1000 [pid 359] <... openat resumed>) = 4 [pid 648] munmap(0x7faaef6e1000, 138412032 [pid 647] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 645] <... futex resumed>) = ? [pid 628] <... futex resumed>) = ? [pid 359] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] close(4) = 0 [pid 359] rmdir("./8/file0") = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] close(3) = 0 [pid 359] rmdir("./8") = 0 [pid 359] mkdir("./9", 0777) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 359] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 359] close(3 [pid 648] <... munmap resumed>) = 0 [pid 646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 645] +++ killed by SIGBUS +++ [pid 359] <... close resumed>) = 0 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 649 ./strace-static-x86_64: Process 649 attached [pid 649] set_robust_list(0x5555893a06a0, 24) = 0 [pid 649] chdir("./9") = 0 [pid 649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 649] setpgid(0, 0) = 0 [pid 649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 649] write(3, "1000", 4) = 4 [pid 649] close(3) = 0 [pid 649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 649] write(1, "executing program\n", 18) = 18 [pid 649] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 649] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 649] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 649] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[650]}, 88) = 650 [pid 649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 649] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] +++ killed by SIGBUS +++ [pid 628] +++ killed by SIGBUS +++ [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=628, si_uid=0, si_status=SIGBUS, si_utime=1, si_stime=3} --- [pid 357] restart_syscall(<... resuming interrupted clone ...> [pid 649] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 650 attached [pid 650] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 650] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 650] memfd_create("syzkaller", 0) = 3 [pid 650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 646] <... write resumed>) = 1048576 [pid 650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 647] <... write resumed>) = 1048576 [pid 648] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 646] munmap(0x7faaef6e1000, 138412032 [pid 648] <... openat resumed>) = 4 [pid 357] <... restart_syscall resumed>) = 0 [pid 648] ioctl(4, LOOP_SET_FD, 3 [pid 647] munmap(0x7faaef6e1000, 138412032 [pid 646] <... munmap resumed>) = 0 [pid 357] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 357] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, [pid 647] <... munmap resumed>) = 0 [pid 646] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 357] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 648] <... ioctl resumed>) = 0 [pid 647] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 646] <... openat resumed>) = 4 [pid 357] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./8/binderfs" [pid 648] close(3 [pid 647] <... openat resumed>) = 4 [pid 646] ioctl(4, LOOP_SET_FD, 3 [pid 357] <... unlink resumed>) = 0 [pid 357] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 648] <... close resumed>) = 0 [pid 647] ioctl(4, LOOP_SET_FD, 3 [pid 648] close(4 [pid 650] <... write resumed>) = 1048576 [pid 650] munmap(0x7faaef6e1000, 138412032 [pid 646] <... ioctl resumed>) = 0 [pid 650] <... munmap resumed>) = 0 [pid 648] <... close resumed>) = 0 [pid 647] <... ioctl resumed>) = 0 [pid 646] close(3 [pid 647] close(3 [pid 646] <... close resumed>) = 0 [pid 647] <... close resumed>) = 0 [pid 646] close(4 [pid 647] close(4 [pid 650] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 648] mkdir("./file0", 0777) = 0 [ 28.438096][ T631] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 648] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 650] <... openat resumed>) = 4 [pid 647] <... close resumed>) = 0 [pid 646] <... close resumed>) = 0 [pid 357] <... umount2 resumed>) = 0 [pid 650] ioctl(4, LOOP_SET_FD, 3 [pid 647] mkdir("./file0", 0777 [pid 646] mkdir("./file0", 0777 [pid 357] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 647] <... mkdir resumed>) = 0 [pid 647] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 646] <... mkdir resumed>) = 0 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 646] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 357] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 357] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 357] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] close(4) = 0 [pid 357] rmdir("./8/file0") = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] close(3) = 0 [pid 357] rmdir("./8") = 0 [pid 357] mkdir("./9", 0777) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 646] <... mount resumed>) = 0 [pid 646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 646] chdir("./file0") = 0 [pid 646] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 648] <... mount resumed>) = 0 [pid 648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 648] chdir("./file0") = 0 [pid 648] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 650] <... ioctl resumed>) = 0 [pid 648] <... openat resumed>) = 4 [pid 357] <... openat resumed>) = 3 [pid 648] ioctl(4, LOOP_CLR_FD [pid 650] close(3 [pid 648] <... ioctl resumed>) = 0 [pid 357] ioctl(3, LOOP_CLR_FD [pid 648] close(4 [pid 650] <... close resumed>) = 0 [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 650] close(4 [pid 648] <... close resumed>) = 0 [pid 646] <... openat resumed>) = 4 [pid 357] close(3 [pid 650] <... close resumed>) = 0 [pid 648] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] ioctl(4, LOOP_CLR_FD [pid 357] <... close resumed>) = 0 [pid 648] <... futex resumed>) = 1 [pid 650] mkdir("./file0", 0777 [pid 648] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 642] <... futex resumed>) = 0 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 650] <... mkdir resumed>) = 0 [pid 642] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 650] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 648] <... futex resumed>) = 0 [pid 642] <... futex resumed>) = 1 [pid 357] <... clone resumed>, child_tidptr=0x5555893a0690) = 660 [pid 648] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 642] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 648] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 642] <... futex resumed>) = 0 [pid 648] write(4, "0x0000000000000000", 18 [pid 642] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 648] <... write resumed>) = 18 [pid 642] <... futex resumed>) = 0 [pid 648] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 642] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 648] <... futex resumed>) = 0 [pid 642] <... futex resumed>) = 0 [ 28.569322][ T646] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 28.569359][ T648] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 648] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 642] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 642] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 642] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 642] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[662]}, 88) = 662 [pid 642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 642] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 642] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 660 attached [pid 660] set_robust_list(0x5555893a06a0, 24) = 0 [pid 660] chdir("./9") = 0 [pid 660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 660] setpgid(0, 0) = 0 [pid 660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 660] write(3, "1000", 4) = 4 [pid 660] close(3) = 0 [pid 660] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 660] write(1, "executing program\n", 18) = 18 [pid 660] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 660] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 660] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 660] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 660] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 660] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[663]}, 88) = 663 [pid 660] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 660] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 660] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 663 attached [pid 663] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 663] memfd_create("syzkaller", 0) = 3 [pid 663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 ./strace-static-x86_64: Process 662 attached [pid 662] set_robust_list(0x7faaf7ae09a0, 24 [pid 647] <... mount resumed>) = 0 [pid 662] <... set_robust_list resumed>) = 0 [pid 647] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 662] write(4, "0x0000000000000000", 18 [pid 647] <... openat resumed>) = 3 [pid 663] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 662] <... write resumed>) = 18 [pid 662] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 647] chdir("./file0" [pid 662] <... futex resumed>) = 1 [pid 642] <... futex resumed>) = 0 [pid 647] <... chdir resumed>) = 0 [pid 642] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 648] <... futex resumed>) = 0 [pid 642] <... futex resumed>) = 1 [pid 648] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 642] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 662] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 648] <... mmap resumed>) = 0x20000000 [pid 647] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 648] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 642] <... futex resumed>) = 0 [pid 642] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 642] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 663] <... write resumed>) = 1048576 [pid 663] munmap(0x7faaef6e1000, 138412032) = 0 [pid 663] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 648] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 662] <... futex resumed>) = ? [pid 642] <... futex resumed>) = ? [pid 663] <... openat resumed>) = 4 [pid 662] +++ killed by SIGBUS +++ [pid 647] <... openat resumed>) = 4 [pid 646] <... ioctl resumed>) = 0 [pid 647] ioctl(4, LOOP_CLR_FD [pid 646] close(4 [pid 647] <... ioctl resumed>) = 0 [pid 646] <... close resumed>) = 0 [pid 647] close(4 [pid 646] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 647] <... close resumed>) = 0 [pid 646] <... futex resumed>) = 1 [pid 644] <... futex resumed>) = 0 [pid 647] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 644] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 647] <... futex resumed>) = 1 [pid 644] <... futex resumed>) = 0 [pid 643] <... futex resumed>) = 0 [pid 646] <... openat resumed>) = 4 [pid 647] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 644] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 643] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 647] <... openat resumed>) = 4 [pid 646] <... futex resumed>) = 1 [pid 644] <... futex resumed>) = 0 [pid 663] ioctl(4, LOOP_SET_FD, 3 [pid 648] +++ killed by SIGBUS +++ [pid 642] +++ killed by SIGBUS +++ [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=642, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 362] restart_syscall(<... resuming interrupted clone ...> [pid 647] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] write(4, "0x0000000000000000", 18 [pid 644] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 647] <... futex resumed>) = 1 [pid 646] <... write resumed>) = 18 [pid 644] <... futex resumed>) = 0 [pid 643] <... futex resumed>) = 0 [pid 647] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 646] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 646] <... futex resumed>) = 0 [pid 644] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 643] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... ioctl resumed>) = 0 [pid 663] close(3) = 0 [pid 663] close(4 [pid 647] write(4, "0x0000000000000000", 18) = 18 [pid 647] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 647] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 646] write(4, "0x0000000000000000", 18) = 18 [pid 646] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 646] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 644] <... futex resumed>) = 1 [pid 646] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 644] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 644] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] <... futex resumed>) = 0 [pid 644] <... futex resumed>) = 1 [pid 646] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [ 28.622045][ T647] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 28.636600][ T648] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 644] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 646] <... mmap resumed>) = 0x20000000 [pid 646] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 644] <... futex resumed>) = 0 [pid 647] <... futex resumed>) = 0 [pid 644] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 643] <... futex resumed>) = 1 [pid 362] <... restart_syscall resumed>) = 0 [pid 647] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 644] <... futex resumed>) = 0 [pid 643] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 643] <... futex resumed>) = 0 [pid 647] write(4, "0x0000000000000000", 18 [pid 643] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 647] <... write resumed>) = 18 [pid 644] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 647] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 362] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 647] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 643] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 643] <... futex resumed>) = 0 [pid 647] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 643] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 647] <... mmap resumed>) = 0x20000000 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 647] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 647] <... futex resumed>) = 1 [pid 643] <... futex resumed>) = 0 [pid 650] <... mount resumed>) = 0 [pid 647] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 643] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 643] <... futex resumed>) = 0 [pid 650] <... openat resumed>) = 3 [pid 362] <... openat resumed>) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./9/binderfs") = 0 [pid 362] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 663] <... close resumed>) = 0 [pid 663] mkdir("./file0", 0777) = 0 [pid 663] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 643] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] chdir("./file0" [pid 647] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 646] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 650] <... chdir resumed>) = 0 [pid 644] <... futex resumed>) = ? [pid 650] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 646] +++ killed by SIGBUS +++ [pid 644] +++ killed by SIGBUS +++ [pid 643] <... futex resumed>) = ? [pid 647] +++ killed by SIGBUS +++ [pid 643] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=643, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 360] restart_syscall(<... resuming interrupted clone ...> [pid 650] <... openat resumed>) = 4 [pid 650] ioctl(4, LOOP_CLR_FD) = 0 [pid 650] close(4) = 0 [pid 650] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 650] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 649] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=644, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 358] restart_syscall(<... resuming interrupted clone ...> [pid 650] <... openat resumed>) = 4 [pid 650] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 650] write(4, "0x0000000000000000", 18 [pid 649] <... futex resumed>) = 0 [pid 650] <... write resumed>) = 18 [pid 649] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 650] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 649] <... futex resumed>) = 0 [pid 650] <... futex resumed>) = 0 [pid 649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 650] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 649] <... mmap resumed>) = 0x7faaf7ac0000 [pid 649] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 649] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[667]}, 88) = 667 [pid 649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 649] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 667 attached [pid 667] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 667] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 667] write(4, "0x0000000000000000", 18) = 18 [pid 667] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 667] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 649] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] <... futex resumed>) = 0 [pid 650] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 650] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 28.669870][ T650] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 28.672918][ T646] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 28.697442][ T647] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 649] <... futex resumed>) = 0 [pid 650] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 649] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 650] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 649] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... restart_syscall resumed>) = 0 [pid 358] <... restart_syscall resumed>) = 0 [pid 360] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 358] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 650] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 360] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./9/binderfs", [pid 649] <... futex resumed>) = ? [pid 360] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] unlink("./9/binderfs") = 0 [pid 358] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 360] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 667] <... futex resumed>) = ? [pid 358] <... openat resumed>) = 3 [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 663] <... mount resumed>) = 0 [pid 358] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 650] +++ killed by SIGBUS +++ [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] <... umount2 resumed>) = 0 [pid 358] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./9/binderfs") = 0 [pid 358] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 667] +++ killed by SIGBUS +++ [pid 649] +++ killed by SIGBUS +++ [pid 362] newfstatat(AT_FDCWD, "./9/file0", [pid 663] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 663] <... openat resumed>) = 3 [pid 362] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=649, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 359] restart_syscall(<... resuming interrupted clone ...> [pid 663] chdir("./file0" [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 663] <... chdir resumed>) = 0 [pid 362] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 663] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 362] <... openat resumed>) = 4 [pid 362] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 362] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 362] close(4) = 0 [pid 362] rmdir("./9/file0") = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 362] close(3) = 0 [pid 362] rmdir("./9") = 0 [pid 362] mkdir("./10", 0777) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 359] <... restart_syscall resumed>) = 0 [pid 359] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 359] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./9/binderfs") = 0 [ 28.724131][ T650] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 28.742345][ T663] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 359] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] <... umount2 resumed>) = 0 [pid 360] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 360] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 360] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] close(4) = 0 [pid 360] rmdir("./9/file0") = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] close(3) = 0 [pid 360] rmdir("./9") = 0 [pid 360] mkdir("./10", 0777 [pid 663] <... openat resumed>) = 4 [pid 362] <... openat resumed>) = 3 [pid 362] ioctl(3, LOOP_CLR_FD [pid 360] <... mkdir resumed>) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 663] ioctl(4, LOOP_CLR_FD [pid 360] <... openat resumed>) = 3 [pid 360] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 360] close(3) = 0 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 671 ./strace-static-x86_64: Process 671 attached [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 663] <... ioctl resumed>) = 0 [pid 362] close(3 [pid 359] <... umount2 resumed>) = 0 [pid 358] <... umount2 resumed>) = 0 [pid 358] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 671] set_robust_list(0x5555893a06a0, 24 [pid 663] close(4 [pid 362] <... close resumed>) = 0 [pid 359] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] newfstatat(4, "", [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 672 [pid 663] <... close resumed>) = 0 [pid 663] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 660] <... futex resumed>) = 0 [pid 660] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 660] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 663] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 672 attached [pid 671] <... set_robust_list resumed>) = 0 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] getdents64(4, [pid 672] set_robust_list(0x5555893a06a0, 24 [pid 359] newfstatat(AT_FDCWD, "./9/file0", [pid 672] <... set_robust_list resumed>) = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 671] chdir("./10" [pid 359] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] getdents64(4, [pid 672] chdir("./10" [pid 671] <... chdir resumed>) = 0 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 663] <... openat resumed>) = 4 [pid 663] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 358] close(4 [pid 672] <... chdir resumed>) = 0 [pid 671] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 359] <... openat resumed>) = 4 [pid 358] <... close resumed>) = 0 [pid 672] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 359] newfstatat(4, "", [pid 358] rmdir("./9/file0" [pid 672] <... prctl resumed>) = 0 [pid 671] <... prctl resumed>) = 0 [pid 663] <... futex resumed>) = 1 [pid 660] <... futex resumed>) = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 663] write(4, "0x0000000000000000", 18 [pid 660] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] <... write resumed>) = 18 [pid 660] <... futex resumed>) = 0 [pid 359] getdents64(4, [pid 660] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 660] <... futex resumed>) = 0 [pid 663] <... futex resumed>) = 0 [pid 660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 359] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 358] <... rmdir resumed>) = 0 [pid 671] setpgid(0, 0 [pid 663] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 660] <... mmap resumed>) = 0x7faaf7ac0000 [pid 359] getdents64(4, [pid 672] setpgid(0, 0 [pid 358] getdents64(3, [pid 672] <... setpgid resumed>) = 0 [pid 671] <... setpgid resumed>) = 0 [pid 660] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 359] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 358] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 660] <... mprotect resumed>) = 0 [pid 359] close(4 [pid 660] rt_sigprocmask(SIG_BLOCK, ~[], [pid 359] <... close resumed>) = 0 [pid 358] close(3 [pid 660] <... rt_sigprocmask resumed>[], 8) = 0 [pid 660] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 359] rmdir("./9/file0" [pid 358] <... close resumed>) = 0 ./strace-static-x86_64: Process 673 attached [pid 660] <... clone3 resumed> => {parent_tid=[673]}, 88) = 673 [pid 660] rt_sigprocmask(SIG_SETMASK, [], [pid 359] <... rmdir resumed>) = 0 [pid 660] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 358] rmdir("./9" [pid 660] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] getdents64(3, [pid 660] <... futex resumed>) = 0 [pid 660] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 673] set_robust_list(0x7faaf7ae09a0, 24 [pid 358] <... rmdir resumed>) = 0 [pid 359] close(3 [pid 673] <... set_robust_list resumed>) = 0 [pid 673] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 673] write(4, "0x0000000000000000", 18) = 18 [pid 673] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 660] <... futex resumed>) = 0 [pid 660] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 663] <... futex resumed>) = 0 [pid 660] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 663] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 663] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 660] <... futex resumed>) = 0 [pid 359] <... close resumed>) = 0 [pid 673] <... futex resumed>) = 1 [pid 672] <... openat resumed>) = 3 [pid 671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 660] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] rmdir("./9" [pid 358] mkdir("./10", 0777 [pid 359] <... rmdir resumed>) = 0 [pid 359] mkdir("./10", 0777) = 0 [pid 358] <... mkdir resumed>) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 359] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 359] close(3) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 358] <... openat resumed>) = 3 [pid 358] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 358] close(3) = 0 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 359] <... clone resumed>, child_tidptr=0x5555893a0690) = 674 [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 675 [pid 671] <... openat resumed>) = 3 [pid 671] write(3, "1000", 4) = 4 [pid 671] close(3) = 0 [pid 671] symlink("/dev/binderfs", "./binderfs") = 0 [pid 660] <... futex resumed>) = 0 [pid 672] write(3, "1000", 4 [pid 673] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 674 attached [pid 660] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 675 attached [pid 675] set_robust_list(0x5555893a06a0, 24 [pid 674] set_robust_list(0x5555893a06a0, 24 [pid 675] <... set_robust_list resumed>) = 0 [pid 674] <... set_robust_list resumed>) = 0 [pid 671] write(1, "executing program\n", 18 [pid 663] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- executing program [pid 675] chdir("./10" [pid 674] chdir("./10" [pid 671] <... write resumed>) = 18 [pid 660] <... futex resumed>) = ? [pid 675] <... chdir resumed>) = 0 [pid 674] <... chdir resumed>) = 0 [pid 675] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 674] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 675] <... prctl resumed>) = 0 [pid 674] <... prctl resumed>) = 0 [pid 671] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] setpgid(0, 0 [pid 674] setpgid(0, 0 [pid 675] <... setpgid resumed>) = 0 [pid 674] <... setpgid resumed>) = 0 [pid 671] <... futex resumed>) = 0 [pid 675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 671] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 675] <... openat resumed>) = 3 [pid 674] <... openat resumed>) = 3 [pid 671] <... rt_sigaction resumed>NULL, 8) = 0 [pid 675] write(3, "1000", 4 [pid 674] write(3, "1000", 4 [pid 675] <... write resumed>) = 4 [pid 671] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 674] <... write resumed>) = 4 [pid 675] close(3 [pid 674] close(3 [pid 671] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 675] <... close resumed>) = 0 [pid 674] <... close resumed>) = 0 [pid 675] symlink("/dev/binderfs", "./binderfs" [pid 674] symlink("/dev/binderfs", "./binderfs" [pid 671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 672] <... write resumed>) = 4 executing program executing program [pid 675] <... symlink resumed>) = 0 [pid 674] <... symlink resumed>) = 0 [pid 671] <... mmap resumed>) = 0x7faaf7ae1000 [pid 675] write(1, "executing program\n", 18 [pid 674] write(1, "executing program\n", 18 [pid 675] <... write resumed>) = 18 [pid 671] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 674] <... write resumed>) = 18 [pid 675] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] <... futex resumed>) = 0 [pid 674] <... futex resumed>) = 0 [pid 671] <... mprotect resumed>) = 0 [pid 675] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 674] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 675] <... rt_sigaction resumed>NULL, 8) = 0 [pid 674] <... rt_sigaction resumed>NULL, 8) = 0 [pid 675] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 674] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 674] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 671] rt_sigprocmask(SIG_BLOCK, ~[], [pid 675] <... mmap resumed>) = 0x7faaf7ae1000 [pid 674] <... mmap resumed>) = 0x7faaf7ae1000 [pid 675] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 671] <... rt_sigprocmask resumed>[], 8) = 0 [pid 674] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 675] <... mprotect resumed>) = 0 [pid 674] <... mprotect resumed>) = 0 [pid 671] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 675] rt_sigprocmask(SIG_BLOCK, ~[], [pid 674] rt_sigprocmask(SIG_BLOCK, ~[], [pid 673] <... futex resumed>) = ? [pid 672] close(3 [pid 675] <... rt_sigprocmask resumed>[], 8) = 0 [pid 674] <... rt_sigprocmask resumed>[], 8) = 0 [pid 675] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 674] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 671] <... clone3 resumed> => {parent_tid=[676]}, 88) = 676 [pid 675] <... clone3 resumed> => {parent_tid=[677]}, 88) = 677 [pid 672] <... close resumed>) = 0 [pid 671] rt_sigprocmask(SIG_SETMASK, [], [pid 675] rt_sigprocmask(SIG_SETMASK, [], [pid 674] <... clone3 resumed> => {parent_tid=[678]}, 88) = 678 [pid 675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 674] rt_sigprocmask(SIG_SETMASK, [], [pid 673] +++ killed by SIGBUS +++ [pid 672] symlink("/dev/binderfs", "./binderfs" [pid 671] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 675] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 675] <... futex resumed>) = 0 [pid 674] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 674] <... futex resumed>) = 0 [pid 674] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 672] <... symlink resumed>) = 0 [pid 663] +++ killed by SIGBUS +++ [pid 660] +++ killed by SIGBUS +++ [pid 671] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 672] write(1, "executing program\n", 18 [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=660, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 671] <... futex resumed>) = 0 [pid 672] <... write resumed>) = 18 [pid 671] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 357] restart_syscall(<... resuming interrupted clone ...> [pid 672] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 672] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 672] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 672] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 672] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 672] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0}./strace-static-x86_64: Process 679 attached ./strace-static-x86_64: Process 678 attached ./strace-static-x86_64: Process 677 attached ./strace-static-x86_64: Process 676 attached [pid 679] set_robust_list(0x7faaf7b019a0, 24 [pid 678] set_robust_list(0x7faaf7b019a0, 24 [pid 677] set_robust_list(0x7faaf7b019a0, 24 [pid 676] set_robust_list(0x7faaf7b019a0, 24 [pid 672] <... clone3 resumed> => {parent_tid=[679]}, 88) = 679 [pid 679] <... set_robust_list resumed>) = 0 [pid 678] <... set_robust_list resumed>) = 0 [pid 677] <... set_robust_list resumed>) = 0 [pid 679] rt_sigprocmask(SIG_SETMASK, [], [pid 678] rt_sigprocmask(SIG_SETMASK, [], [pid 677] rt_sigprocmask(SIG_SETMASK, [], [pid 676] <... set_robust_list resumed>) = 0 [pid 679] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 678] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 677] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 679] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 676] rt_sigprocmask(SIG_SETMASK, [], [pid 677] memfd_create("syzkaller", 0 [pid 676] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 678] memfd_create("syzkaller", 0 [pid 672] rt_sigprocmask(SIG_SETMASK, [], [pid 677] <... memfd_create resumed>) = 3 [pid 677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 672] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 677] <... mmap resumed>) = 0x7faaef6e1000 [pid 672] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 679] <... futex resumed>) = 0 [pid 672] <... futex resumed>) = 1 [pid 679] memfd_create("syzkaller", 0) = 3 [pid 672] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 679] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 678] <... memfd_create resumed>) = 3 [pid 677] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 676] memfd_create("syzkaller", 0 [pid 357] <... restart_syscall resumed>) = 0 [pid 678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 676] <... memfd_create resumed>) = 3 [pid 678] <... mmap resumed>) = 0x7faaef6e1000 [pid 676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 357] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 676] <... mmap resumed>) = 0x7faaef6e1000 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 357] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 679] <... write resumed>) = 1048576 [pid 357] newfstatat(AT_FDCWD, "./9/binderfs", [pid 679] munmap(0x7faaef6e1000, 138412032 [pid 357] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./9/binderfs" [pid 679] <... munmap resumed>) = 0 [pid 357] <... unlink resumed>) = 0 [pid 679] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 357] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 679] <... openat resumed>) = 4 [pid 679] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 679] close(3) = 0 [pid 679] close(4 [pid 677] <... write resumed>) = 1048576 [pid 677] munmap(0x7faaef6e1000, 138412032) = 0 [pid 677] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 678] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 678] <... write resumed>) = 1048576 [pid 678] munmap(0x7faaef6e1000, 138412032) = 0 [pid 676] <... write resumed>) = 1048576 [pid 676] munmap(0x7faaef6e1000, 138412032 [pid 678] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 676] <... munmap resumed>) = 0 [ 28.881005][ T663] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 676] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 679] <... close resumed>) = 0 [pid 679] mkdir("./file0", 0777) = 0 [pid 679] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 677] <... openat resumed>) = 4 [pid 676] <... openat resumed>) = 4 [pid 677] ioctl(4, LOOP_SET_FD, 3 [pid 678] <... openat resumed>) = 4 [pid 678] ioctl(4, LOOP_SET_FD, 3 [pid 677] <... ioctl resumed>) = 0 [pid 677] close(3 [pid 676] ioctl(4, LOOP_SET_FD, 3 [pid 357] <... umount2 resumed>) = 0 [pid 677] <... close resumed>) = 0 [pid 677] close(4 [pid 357] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 357] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 357] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] close(4) = 0 [pid 357] rmdir("./9/file0") = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] close(3) = 0 [pid 357] rmdir("./9") = 0 [pid 357] mkdir("./10", 0777) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 678] <... ioctl resumed>) = 0 [pid 678] close(3) = 0 [pid 678] close(4 [pid 679] <... mount resumed>) = 0 [pid 679] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 679] chdir("./file0") = 0 [pid 679] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 678] <... close resumed>) = 0 [pid 678] mkdir("./file0", 0777) = 0 [ 29.038896][ T679] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 678] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 677] <... close resumed>) = 0 [pid 676] <... ioctl resumed>) = 0 [pid 357] <... openat resumed>) = 3 [pid 676] close(3) = 0 [pid 676] close(4 [pid 677] mkdir("./file0", 0777) = 0 [pid 677] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 357] ioctl(3, LOOP_CLR_FD [pid 676] <... close resumed>) = 0 [pid 676] mkdir("./file0", 0777) = 0 [pid 676] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 678] <... mount resumed>) = 0 [pid 678] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 678] chdir("./file0") = 0 [ 29.188944][ T678] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 678] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 679] <... openat resumed>) = 4 [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 679] ioctl(4, LOOP_CLR_FD [pid 357] close(3 [pid 679] <... ioctl resumed>) = 0 [pid 357] <... close resumed>) = 0 [pid 679] close(4 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 679] <... close resumed>) = 0 [pid 679] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... clone resumed>, child_tidptr=0x5555893a0690) = 688 [pid 679] <... futex resumed>) = 1 [pid 679] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 688 attached [pid 688] set_robust_list(0x5555893a06a0, 24) = 0 [pid 688] chdir("./10" [pid 672] <... futex resumed>) = 0 [pid 688] <... chdir resumed>) = 0 [pid 688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 672] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 688] setpgid(0, 0) = 0 [pid 688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 672] <... futex resumed>) = 1 [pid 679] <... futex resumed>) = 0 [pid 688] <... openat resumed>) = 3 [pid 688] write(3, "1000", 4 [pid 679] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 672] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] <... write resumed>) = 4 [pid 688] close(3) = 0 [pid 688] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 688] write(1, "executing program\n", 18) = 18 [pid 688] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 688] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 688] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 688] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 688] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 688] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[691]}, 88) = 691 [pid 688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 688] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 688] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 679] <... openat resumed>) = 4 [pid 679] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 672] <... futex resumed>) = 0 [pid 679] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 672] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 679] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 672] <... futex resumed>) = 0 [pid 679] write(4, "0x0000000000000000", 18 [pid 672] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 679] <... write resumed>) = 18 [pid 672] <... futex resumed>) = 0 [pid 679] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 679] <... futex resumed>) = 0 [pid 672] <... mmap resumed>) = 0x7faaf7ac0000 [pid 679] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 672] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 672] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 672] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[693]}, 88) = 693 [pid 672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 693 attached [pid 693] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 672] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 693] rt_sigprocmask(SIG_SETMASK, [], [pid 672] <... futex resumed>) = 0 [pid 693] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 672] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 693] write(4, "0x0000000000000000", 18) = 18 [pid 678] <... openat resumed>) = 4 [pid 693] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 672] <... futex resumed>) = 0 [pid 672] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 672] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 679] <... futex resumed>) = 0 [pid 679] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 679] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 672] <... futex resumed>) = 0 [pid 672] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 672] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 691 attached [pid 678] ioctl(4, LOOP_CLR_FD [pid 693] <... futex resumed>) = 1 [pid 693] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 676] <... mount resumed>) = 0 [pid 676] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 676] chdir("./file0") = 0 [pid 676] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 676] ioctl(4, LOOP_CLR_FD) = 0 [pid 678] <... ioctl resumed>) = 0 [pid 676] close(4 [pid 678] close(4 [pid 691] set_robust_list(0x7faaf7b019a0, 24 [pid 678] <... close resumed>) = 0 [pid 691] <... set_robust_list resumed>) = 0 [pid 678] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 674] <... futex resumed>) = 0 [pid 674] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] <... close resumed>) = 0 [pid 676] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 671] <... futex resumed>) = 0 [pid 671] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] <... futex resumed>) = 1 [pid 676] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 676] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 671] <... futex resumed>) = 0 [pid 671] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 671] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 671] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 671] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[695]}, 88) = 695 [pid 671] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 671] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] <... futex resumed>) = 1 [pid 676] write(4, "0x0000000000000000", 18) = 18 [pid 676] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 676] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 695 attached [pid 695] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 695] write(4, "0x0000000000000000", 18) = 18 [pid 695] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 671] <... futex resumed>) = 0 [pid 671] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 671] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] <... futex resumed>) = 0 [pid 676] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 676] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 671] <... futex resumed>) = 0 [pid 671] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] <... futex resumed>) = 1 [pid 691] rt_sigprocmask(SIG_SETMASK, [], [pid 678] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 691] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 691] memfd_create("syzkaller", 0) = 3 [pid 691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [ 29.261600][ T676] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 29.274375][ T679] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 29.292234][ T677] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 691] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 695] <... futex resumed>) = 1 [pid 695] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 678] <... openat resumed>) = 4 [pid 678] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 674] <... futex resumed>) = 0 [pid 678] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 674] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 678] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 674] <... futex resumed>) = 0 [pid 678] write(4, "0x0000000000000000", 18 [pid 674] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 678] <... write resumed>) = 18 [pid 674] <... futex resumed>) = 0 [pid 678] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 678] <... futex resumed>) = 0 [pid 674] <... mmap resumed>) = 0x7faaf7ac0000 [pid 678] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 674] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 674] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 674] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[696]}, 88) = 696 [pid 674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 674] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 696 attached [pid 696] set_robust_list(0x7faaf7ae09a0, 24 [pid 676] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 696] <... set_robust_list resumed>) = 0 [pid 696] rt_sigprocmask(SIG_SETMASK, [], [pid 677] <... mount resumed>) = 0 [pid 671] <... futex resumed>) = ? [pid 696] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 679] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 677] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 696] write(4, "0x0000000000000000", 18 [pid 691] munmap(0x7faaef6e1000, 138412032 [pid 693] <... futex resumed>) = ? [pid 672] <... futex resumed>) = ? [pid 696] <... write resumed>) = 18 [pid 696] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 677] <... openat resumed>) = 3 [pid 696] <... futex resumed>) = 1 [pid 674] <... futex resumed>) = 0 [pid 693] +++ killed by SIGBUS +++ [pid 696] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 677] chdir("./file0" [pid 674] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 678] <... futex resumed>) = 0 [pid 677] <... chdir resumed>) = 0 [pid 674] <... futex resumed>) = 1 [pid 678] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 674] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 677] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 678] <... mmap resumed>) = 0x20000000 [pid 678] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 677] <... openat resumed>) = 4 [pid 678] <... futex resumed>) = 1 [pid 674] <... futex resumed>) = 0 [pid 677] ioctl(4, LOOP_CLR_FD [pid 678] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 674] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 678] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 677] <... ioctl resumed>) = 0 [pid 674] <... futex resumed>) = 0 [pid 695] <... futex resumed>) = ? [pid 691] <... munmap resumed>) = 0 [pid 691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 691] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 691] close(3) = 0 [pid 691] close(4 [pid 679] +++ killed by SIGBUS +++ [pid 672] +++ killed by SIGBUS +++ [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=672, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 362] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 362] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./10/binderfs") = 0 [pid 362] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 677] close(4 [pid 674] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 695] +++ killed by SIGBUS +++ [pid 676] +++ killed by SIGBUS +++ [pid 671] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=671, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 360] restart_syscall(<... resuming interrupted clone ...> [pid 678] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 696] <... futex resumed>) = ? [pid 674] <... futex resumed>) = ? [pid 696] +++ killed by SIGBUS +++ [pid 678] +++ killed by SIGBUS +++ [pid 674] +++ killed by SIGBUS +++ [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=674, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 359] restart_syscall(<... resuming interrupted clone ...> [pid 360] <... restart_syscall resumed>) = 0 [pid 359] <... restart_syscall resumed>) = 0 [pid 360] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 359] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 360] <... openat resumed>) = 3 [pid 359] <... openat resumed>) = 3 [pid 360] newfstatat(3, "", [pid 359] newfstatat(3, "", [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, [pid 359] getdents64(3, [pid 360] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./10/binderfs", [pid 359] newfstatat(AT_FDCWD, "./10/binderfs", [pid 360] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./10/binderfs" [pid 359] unlink("./10/binderfs" [pid 360] <... unlink resumed>) = 0 [pid 360] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] <... unlink resumed>) = 0 [pid 359] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 691] <... close resumed>) = 0 [pid 691] mkdir("./file0", 0777) = 0 [ 29.296992][ T676] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 29.324037][ T678] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 691] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 677] <... close resumed>) = 0 [pid 360] <... umount2 resumed>) = 0 [pid 677] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 677] <... futex resumed>) = 1 [pid 675] <... futex resumed>) = 0 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 677] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 675] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] newfstatat(AT_FDCWD, "./10/file0", [pid 677] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 675] <... futex resumed>) = 0 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 677] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 675] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 677] <... openat resumed>) = 4 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 677] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 677] <... futex resumed>) = 1 [pid 675] <... futex resumed>) = 0 [pid 360] <... openat resumed>) = 4 [pid 677] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 675] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] newfstatat(4, "", [pid 677] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 675] <... futex resumed>) = 0 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 677] write(4, "0x0000000000000000", 18 [pid 675] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] getdents64(4, [pid 677] <... write resumed>) = 18 [pid 675] <... futex resumed>) = 0 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 677] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 360] getdents64(4, [pid 677] <... futex resumed>) = 0 [pid 675] <... mmap resumed>) = 0x7faaf7ac0000 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 677] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 675] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 360] close(4 [pid 675] <... mprotect resumed>) = 0 [pid 360] <... close resumed>) = 0 [pid 360] rmdir("./10/file0" [pid 675] rt_sigprocmask(SIG_BLOCK, ~[], [pid 360] <... rmdir resumed>) = 0 [pid 675] <... rt_sigprocmask resumed>[], 8) = 0 [pid 360] getdents64(3, [pid 675] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 360] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] close(3) = 0 [pid 360] rmdir("./10"./strace-static-x86_64: Process 698 attached [pid 675] <... clone3 resumed> => {parent_tid=[698]}, 88) = 698 [pid 360] <... rmdir resumed>) = 0 [pid 675] rt_sigprocmask(SIG_SETMASK, [], [pid 360] mkdir("./11", 0777 [pid 698] set_robust_list(0x7faaf7ae09a0, 24 [pid 675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 360] <... mkdir resumed>) = 0 [pid 675] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 675] <... futex resumed>) = 0 [pid 675] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 698] <... set_robust_list resumed>) = 0 [pid 698] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 698] write(4, "0x0000000000000000", 18) = 18 [pid 698] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 675] <... futex resumed>) = 0 [pid 698] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 675] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 677] <... futex resumed>) = 0 [pid 675] <... futex resumed>) = 1 [pid 677] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 675] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 677] <... mmap resumed>) = 0x20000000 [pid 677] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 675] <... futex resumed>) = 0 [pid 675] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 675] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 677] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 675] <... futex resumed>) = ? [pid 698] <... futex resumed>) = ? [pid 698] +++ killed by SIGBUS +++ [pid 677] +++ killed by SIGBUS +++ [pid 675] +++ killed by SIGBUS +++ [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=675, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 358] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 358] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./10/binderfs") = 0 [ 29.434427][ T677] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 358] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 691] <... mount resumed>) = 0 [pid 691] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 691] chdir("./file0") = 0 [pid 691] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 362] <... umount2 resumed>) = 0 [pid 362] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 29.528972][ T691] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 362] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 362] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 362] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 362] close(4) = 0 [pid 362] rmdir("./10/file0") = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 362] close(3) = 0 [pid 362] rmdir("./10") = 0 [pid 362] mkdir("./11", 0777) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 359] <... umount2 resumed>) = 0 [pid 359] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] <... openat resumed>) = 3 [pid 360] <... openat resumed>) = 3 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... umount2 resumed>) = 0 [pid 691] <... openat resumed>) = 4 [pid 362] ioctl(3, LOOP_CLR_FD [pid 360] ioctl(3, LOOP_CLR_FD [pid 359] newfstatat(AT_FDCWD, "./10/file0", [pid 358] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] close(3 [pid 360] close(3 [pid 359] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] newfstatat(AT_FDCWD, "./10/file0", [pid 362] <... close resumed>) = 0 [pid 360] <... close resumed>) = 0 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 691] ioctl(4, LOOP_CLR_FD [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 359] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 358] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] <... openat resumed>) = 4 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 702 attached ./strace-static-x86_64: Process 701 attached [pid 691] <... ioctl resumed>) = 0 [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 701 [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 702 [pid 359] newfstatat(4, "", [pid 702] set_robust_list(0x5555893a06a0, 24 [pid 701] set_robust_list(0x5555893a06a0, 24 [pid 691] close(4 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 702] <... set_robust_list resumed>) = 0 [pid 701] <... set_robust_list resumed>) = 0 [pid 691] <... close resumed>) = 0 [pid 359] getdents64(4, [pid 691] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 691] <... futex resumed>) = 1 [pid 688] <... futex resumed>) = 0 [pid 359] getdents64(4, [pid 691] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 688] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 688] <... futex resumed>) = 0 [pid 359] close(4) = 0 [pid 691] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 688] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] rmdir("./10/file0") = 0 [pid 358] <... openat resumed>) = 4 [pid 691] <... openat resumed>) = 4 [pid 359] getdents64(3, [pid 691] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 691] <... futex resumed>) = 1 [pid 688] <... futex resumed>) = 0 [pid 359] close(3 [pid 691] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 688] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... close resumed>) = 0 [pid 691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 688] <... futex resumed>) = 0 [pid 359] rmdir("./10" [pid 691] write(4, "0x0000000000000000", 18 [pid 688] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... rmdir resumed>) = 0 [pid 691] <... write resumed>) = 18 [pid 688] <... futex resumed>) = 0 [pid 359] mkdir("./11", 0777 [pid 691] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 359] <... mkdir resumed>) = 0 [pid 691] <... futex resumed>) = 0 [pid 688] <... mmap resumed>) = 0x7faaf7ac0000 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 691] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 688] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 359] <... openat resumed>) = 3 [pid 688] <... mprotect resumed>) = 0 [pid 359] ioctl(3, LOOP_CLR_FD [pid 688] rt_sigprocmask(SIG_BLOCK, ~[], [pid 359] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 688] <... rt_sigprocmask resumed>[], 8) = 0 [pid 359] close(3 [pid 688] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 359] <... close resumed>) = 0 [pid 702] chdir("./11" [pid 701] chdir("./11" [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 358] newfstatat(4, "", [pid 702] <... chdir resumed>) = 0 [pid 701] <... chdir resumed>) = 0 [pid 688] <... clone3 resumed> => {parent_tid=[703]}, 88) = 703 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 702] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 701] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 358] getdents64(4, [pid 702] <... prctl resumed>) = 0 [pid 701] <... prctl resumed>) = 0 [pid 688] rt_sigprocmask(SIG_SETMASK, [], [pid 358] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 702] setpgid(0, 0 [pid 701] setpgid(0, 0 [pid 688] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 359] <... clone resumed>, child_tidptr=0x5555893a0690) = 704 [pid 358] getdents64(4, [pid 702] <... setpgid resumed>) = 0 [pid 701] <... setpgid resumed>) = 0 [pid 688] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 688] <... futex resumed>) = 0 [pid 358] close(4 [pid 702] <... openat resumed>) = 3 [pid 701] <... openat resumed>) = 3 [pid 688] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... close resumed>) = 0 [pid 702] write(3, "1000", 4 [pid 701] write(3, "1000", 4 [pid 358] rmdir("./10/file0" [pid 702] <... write resumed>) = 4 [pid 701] <... write resumed>) = 4 [pid 358] <... rmdir resumed>) = 0 [pid 702] close(3 [pid 701] close(3 [pid 358] getdents64(3, [pid 702] <... close resumed>) = 0 [pid 701] <... close resumed>) = 0 [pid 358] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 702] symlink("/dev/binderfs", "./binderfs" [pid 701] symlink("/dev/binderfs", "./binderfs" [pid 358] close(3 executing program executing program [pid 702] <... symlink resumed>) = 0 [pid 701] <... symlink resumed>) = 0 [pid 358] <... close resumed>) = 0 [pid 702] write(1, "executing program\n", 18 [pid 701] write(1, "executing program\n", 18 [pid 358] rmdir("./10" [pid 702] <... write resumed>) = 18 [pid 701] <... write resumed>) = 18 [pid 358] <... rmdir resumed>) = 0 [pid 702] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] mkdir("./11", 0777 [pid 702] <... futex resumed>) = 0 [pid 701] <... futex resumed>) = 0 [pid 358] <... mkdir resumed>) = 0 [pid 702] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 701] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 704 attached ./strace-static-x86_64: Process 703 attached [pid 702] <... rt_sigaction resumed>NULL, 8) = 0 [pid 701] <... rt_sigaction resumed>NULL, 8) = 0 [pid 358] <... openat resumed>) = 3 [pid 702] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 701] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 358] ioctl(3, LOOP_CLR_FD [pid 702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 701] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 704] set_robust_list(0x5555893a06a0, 24 [pid 703] set_robust_list(0x7faaf7ae09a0, 24 [pid 702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 358] close(3 [pid 704] <... set_robust_list resumed>) = 0 [pid 703] <... set_robust_list resumed>) = 0 [pid 702] <... mmap resumed>) = 0x7faaf7ae1000 [pid 701] <... mmap resumed>) = 0x7faaf7ae1000 [pid 358] <... close resumed>) = 0 [pid 702] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 701] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 702] <... mprotect resumed>) = 0 [pid 701] <... mprotect resumed>) = 0 [pid 702] rt_sigprocmask(SIG_BLOCK, ~[], [pid 701] rt_sigprocmask(SIG_BLOCK, ~[], [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 705 [pid 702] <... rt_sigprocmask resumed>[], 8) = 0 [pid 701] <... rt_sigprocmask resumed>[], 8) = 0 [pid 702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 701] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 702] <... clone3 resumed> => {parent_tid=[706]}, 88) = 706 [pid 701] <... clone3 resumed> => {parent_tid=[707]}, 88) = 707 [pid 702] rt_sigprocmask(SIG_SETMASK, [], [pid 701] rt_sigprocmask(SIG_SETMASK, [], [pid 702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 701] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 702] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 702] <... futex resumed>) = 0 [pid 701] <... futex resumed>) = 0 [pid 702] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 701] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 706 attached [pid 706] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 706] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 706] memfd_create("syzkaller", 0) = 3 [pid 706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 executing program [pid 703] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 705 attached [pid 704] chdir("./11" [pid 703] write(4, "0x0000000000000000", 18 [pid 705] set_robust_list(0x5555893a06a0, 24) = 0 [pid 705] chdir("./11") = 0 [pid 705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 705] setpgid(0, 0) = 0 [pid 705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 705] write(3, "1000", 4) = 4 [pid 705] close(3) = 0 [pid 705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 705] write(1, "executing program\n", 18) = 18 [pid 705] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 705] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 705] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 705] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 707 attached [pid 704] <... chdir resumed>) = 0 [pid 703] <... write resumed>) = 18 [pid 704] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 705] <... rt_sigprocmask resumed>[], 8) = 0 [pid 705] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 704] <... prctl resumed>) = 0 [pid 703] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 704] setpgid(0, 0 [pid 703] <... futex resumed>) = 1 [pid 688] <... futex resumed>) = 0 [pid 704] <... setpgid resumed>) = 0 [pid 703] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 688] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] <... clone3 resumed> => {parent_tid=[708]}, 88) = 708 [pid 705] rt_sigprocmask(SIG_SETMASK, [], [pid 691] <... futex resumed>) = 0 [pid 688] <... futex resumed>) = 1 [pid 691] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 688] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 705] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 705] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] <... mmap resumed>) = 0x20000000 [pid 705] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 691] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 688] <... futex resumed>) = 0 [pid 691] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 688] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 688] <... futex resumed>) = 0 [pid 706] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 706] munmap(0x7faaef6e1000, 138412032) = 0 [pid 706] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 706] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 706] close(3) = 0 [pid 706] close(4 [pid 707] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 707] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 707] memfd_create("syzkaller", 0) = 3 [pid 707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 707] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 708 attached [pid 708] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 708] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 708] memfd_create("syzkaller", 0) = 3 [pid 708] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 688] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 704] <... openat resumed>) = 3 [pid 704] write(3, "1000", 4) = 4 [pid 704] close(3) = 0 [pid 691] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 708] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 707] <... write resumed>) = 1048576 [pid 706] <... close resumed>) = 0 [pid 704] symlink("/dev/binderfs", "./binderfs" [pid 706] mkdir("./file0", 0777executing program ) = 0 [pid 704] <... symlink resumed>) = 0 [pid 704] write(1, "executing program\n", 18 [pid 706] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 704] <... write resumed>) = 18 [pid 704] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 707] munmap(0x7faaef6e1000, 138412032 [pid 704] <... futex resumed>) = 0 [pid 704] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 704] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 707] <... munmap resumed>) = 0 [pid 707] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 704] <... mmap resumed>) = 0x7faaf7ae1000 [pid 704] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 704] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 704] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[710]}, 88) = 710 [pid 704] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 704] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 704] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 703] <... futex resumed>) = ? [pid 688] <... futex resumed>) = ? [pid 703] +++ killed by SIGBUS +++ [pid 691] +++ killed by SIGBUS +++ [pid 688] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 710 attached [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=688, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 710] set_robust_list(0x7faaf7b019a0, 24 [pid 357] restart_syscall(<... resuming interrupted clone ...> [pid 710] <... set_robust_list resumed>) = 0 [pid 710] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 710] memfd_create("syzkaller", 0 [pid 708] <... write resumed>) = 1048576 [pid 710] <... memfd_create resumed>) = 3 [pid 708] munmap(0x7faaef6e1000, 138412032 [pid 710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 708] <... munmap resumed>) = 0 [pid 708] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 710] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 357] <... restart_syscall resumed>) = 0 [pid 357] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 357] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./10/binderfs") = 0 [pid 357] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 710] <... write resumed>) = 1048576 [pid 707] <... openat resumed>) = 4 [pid 707] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 707] close(3) = 0 [pid 707] close(4 [pid 708] <... openat resumed>) = 4 [pid 708] ioctl(4, LOOP_SET_FD, 3 [pid 710] munmap(0x7faaef6e1000, 138412032) = 0 [ 29.669887][ T691] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 710] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 706] <... mount resumed>) = 0 [pid 706] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 706] chdir("./file0") = 0 [ 29.719248][ T706] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 706] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 707] <... close resumed>) = 0 [pid 710] <... openat resumed>) = 4 [pid 708] <... ioctl resumed>) = 0 [pid 706] <... openat resumed>) = 4 [pid 706] ioctl(4, LOOP_CLR_FD) = 0 [pid 706] close(4) = 0 [pid 706] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 702] <... futex resumed>) = 0 [pid 710] ioctl(4, LOOP_SET_FD, 3 [pid 708] close(3 [pid 707] mkdir("./file0", 0777 [pid 702] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... umount2 resumed>) = 0 [pid 708] <... close resumed>) = 0 [pid 707] <... mkdir resumed>) = 0 [pid 702] <... futex resumed>) = 0 [pid 708] close(4 [pid 707] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 702] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 357] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 357] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] close(4) = 0 [pid 357] rmdir("./10/file0") = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] close(3) = 0 [pid 357] rmdir("./10") = 0 [pid 357] mkdir("./11", 0777) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 706] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 706] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 702] <... futex resumed>) = 0 [pid 702] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 702] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 702] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 702] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[715]}, 88) = 715 [pid 702] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 702] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 702] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] write(4, "0x0000000000000000", 18) = 18 [pid 706] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 706] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 715 attached [pid 715] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 715] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 715] write(4, "0x0000000000000000", 18) = 18 [pid 715] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 702] <... futex resumed>) = 0 [pid 702] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 706] <... futex resumed>) = 0 [pid 702] <... futex resumed>) = 1 [pid 706] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 702] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 715] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 706] <... mmap resumed>) = 0x20000000 [pid 706] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 702] <... futex resumed>) = 0 [pid 702] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 702] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 702] <... futex resumed>) = ? [pid 715] <... futex resumed>) = ? [pid 715] +++ killed by SIGBUS +++ [pid 706] +++ killed by SIGBUS +++ [pid 702] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=702, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 360] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 360] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 360] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./11/binderfs") = 0 [pid 360] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 710] <... ioctl resumed>) = 0 [pid 710] close(3) = 0 [ 29.840590][ T706] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 710] close(4 [pid 708] <... close resumed>) = 0 [pid 357] <... openat resumed>) = 3 [pid 708] mkdir("./file0", 0777 [pid 357] ioctl(3, LOOP_CLR_FD [pid 708] <... mkdir resumed>) = 0 [pid 708] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 707] <... mount resumed>) = 0 [pid 710] <... close resumed>) = 0 [pid 707] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 710] mkdir("./file0", 0777) = 0 [pid 707] <... openat resumed>) = 3 [pid 710] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 707] chdir("./file0") = 0 [ 29.919093][ T707] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 707] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 357] close(3) = 0 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 720 [pid 360] <... umount2 resumed>) = 0 [pid 707] <... openat resumed>) = 4 [pid 360] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 707] ioctl(4, LOOP_CLR_FD [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 707] <... ioctl resumed>) = 0 [pid 360] newfstatat(AT_FDCWD, "./11/file0", [pid 707] close(4 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 707] <... close resumed>) = 0 [pid 360] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 707] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 707] <... futex resumed>) = 1 [pid 701] <... futex resumed>) = 0 [pid 360] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 707] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 701] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... openat resumed>) = 4 [pid 701] <... futex resumed>) = 0 [pid 360] newfstatat(4, "", [pid 701] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(4, [pid 707] <... openat resumed>) = 4 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 707] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] getdents64(4, [pid 707] <... futex resumed>) = 1 [pid 701] <... futex resumed>) = 0 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 707] write(4, "0x0000000000000000", 18 [pid 701] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] close(4 [pid 707] <... write resumed>) = 18 [pid 701] <... futex resumed>) = 0 [pid 360] <... close resumed>) = 0 [pid 707] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] rmdir("./11/file0" [pid 707] <... futex resumed>) = 0 [pid 701] <... futex resumed>) = 0 [pid 360] <... rmdir resumed>) = 0 [pid 707] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 360] getdents64(3, [pid 701] <... mmap resumed>) = 0x7faaf7ac0000 [pid 360] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 701] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 360] close(3 [pid 701] <... mprotect resumed>) = 0 [pid 360] <... close resumed>) = 0 ./strace-static-x86_64: Process 720 attached [pid 708] <... mount resumed>) = 0 [pid 720] set_robust_list(0x5555893a06a0, 24 [pid 708] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 720] <... set_robust_list resumed>) = 0 [pid 708] <... openat resumed>) = 3 [pid 720] chdir("./11" [pid 708] chdir("./file0" [pid 720] <... chdir resumed>) = 0 [pid 708] <... chdir resumed>) = 0 [pid 720] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 708] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 720] <... prctl resumed>) = 0 [pid 708] <... openat resumed>) = 4 [pid 720] setpgid(0, 0 [pid 708] ioctl(4, LOOP_CLR_FD [pid 720] <... setpgid resumed>) = 0 [pid 708] <... ioctl resumed>) = 0 [pid 720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 708] close(4 [pid 720] <... openat resumed>) = 3 [pid 708] <... close resumed>) = 0 [pid 701] rt_sigprocmask(SIG_BLOCK, ~[], [pid 360] rmdir("./11" [pid 720] write(3, "1000", 4 [pid 708] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 720] <... write resumed>) = 4 [pid 708] <... futex resumed>) = 1 [pid 705] <... futex resumed>) = 0 [pid 720] close(3 [pid 708] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 705] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 720] <... close resumed>) = 0 [pid 708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 705] <... futex resumed>) = 0 [pid 720] symlink("/dev/binderfs", "./binderfs" [pid 708] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 705] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 720] <... symlink resumed>) = 0 [pid 708] <... openat resumed>) = 4 [pid 701] <... rt_sigprocmask resumed>[], 8) = 0 executing program [pid 720] write(1, "executing program\n", 18 [pid 708] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... rmdir resumed>) = 0 [pid 720] <... write resumed>) = 18 [pid 708] <... futex resumed>) = 1 [pid 705] <... futex resumed>) = 0 [pid 720] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 708] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 705] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 720] <... futex resumed>) = 0 [pid 708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 705] <... futex resumed>) = 0 [pid 720] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 708] write(4, "0x0000000000000000", 18 [pid 705] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 720] <... rt_sigaction resumed>NULL, 8) = 0 [pid 708] <... write resumed>) = 18 [pid 705] <... futex resumed>) = 0 [pid 720] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 708] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 708] <... futex resumed>) = 0 [pid 705] <... mmap resumed>) = 0x7faaf7ac0000 [pid 720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 708] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 705] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 720] <... mmap resumed>) = 0x7faaf7ae1000 [pid 705] <... mprotect resumed>) = 0 [pid 720] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 705] rt_sigprocmask(SIG_BLOCK, ~[], [pid 720] <... mprotect resumed>) = 0 [pid 705] <... rt_sigprocmask resumed>[], 8) = 0 [pid 720] rt_sigprocmask(SIG_BLOCK, ~[], [pid 705] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 720] <... rt_sigprocmask resumed>[], 8) = 0 [pid 720] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 705] <... clone3 resumed> => {parent_tid=[725]}, 88) = 725 [pid 705] rt_sigprocmask(SIG_SETMASK, [], [pid 720] <... clone3 resumed> => {parent_tid=[726]}, 88) = 726 [pid 705] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 720] rt_sigprocmask(SIG_SETMASK, [], [pid 705] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 705] <... futex resumed>) = 0 [pid 720] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 720] <... futex resumed>) = 0 [pid 720] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 726 attached [pid 726] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 726] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 726] memfd_create("syzkaller", 0) = 3 [pid 726] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 701] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 360] mkdir("./12", 0777 [pid 701] <... clone3 resumed> => {parent_tid=[727]}, 88) = 727 [pid 360] <... mkdir resumed>) = 0 [pid 701] rt_sigprocmask(SIG_SETMASK, [], [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 701] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 360] <... openat resumed>) = 3 [pid 701] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] ioctl(3, LOOP_CLR_FD [pid 701] <... futex resumed>) = 0 [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 701] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] close(3./strace-static-x86_64: Process 727 attached ./strace-static-x86_64: Process 725 attached [pid 726] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 710] <... mount resumed>) = 0 [pid 360] <... close resumed>) = 0 [pid 727] set_robust_list(0x7faaf7ae09a0, 24 [pid 725] set_robust_list(0x7faaf7ae09a0, 24 [pid 710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 727] <... set_robust_list resumed>) = 0 [pid 725] <... set_robust_list resumed>) = 0 [pid 710] <... openat resumed>) = 3 [pid 727] rt_sigprocmask(SIG_SETMASK, [], [pid 725] rt_sigprocmask(SIG_SETMASK, [], [pid 710] chdir("./file0" [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 728 ./strace-static-x86_64: Process 728 attached [pid 727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 726] <... write resumed>) = 1048576 [pid 725] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 710] <... chdir resumed>) = 0 [pid 728] set_robust_list(0x5555893a06a0, 24 [pid 727] write(4, "0x0000000000000000", 18 [pid 726] munmap(0x7faaef6e1000, 138412032 [pid 725] write(4, "0x0000000000000000", 18 [pid 710] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 727] <... write resumed>) = 18 [pid 725] <... write resumed>) = 18 [pid 710] <... openat resumed>) = 4 [pid 727] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 725] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 710] ioctl(4, LOOP_CLR_FD [pid 727] <... futex resumed>) = 1 [pid 725] <... futex resumed>) = 1 [pid 710] <... ioctl resumed>) = 0 [pid 705] <... futex resumed>) = 0 [pid 701] <... futex resumed>) = 0 [ 30.043985][ T708] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 30.045612][ T710] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 727] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 725] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 710] close(4 [pid 705] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 710] <... close resumed>) = 0 [pid 708] <... futex resumed>) = 0 [pid 707] <... futex resumed>) = 0 [pid 705] <... futex resumed>) = 1 [pid 701] <... futex resumed>) = 1 [pid 710] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 708] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 707] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 705] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 701] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] <... futex resumed>) = 1 [pid 708] <... mmap resumed>) = 0x20000000 [pid 707] <... mmap resumed>) = 0x20000000 [pid 704] <... futex resumed>) = 0 [pid 710] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 708] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 707] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 704] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 710] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 708] <... futex resumed>) = 1 [pid 707] <... futex resumed>) = 1 [pid 705] <... futex resumed>) = 0 [pid 704] <... futex resumed>) = 0 [pid 701] <... futex resumed>) = 0 [pid 710] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 708] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 707] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 705] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 704] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 701] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 710] <... openat resumed>) = 4 [pid 708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 707] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 705] <... futex resumed>) = 0 [pid 701] <... futex resumed>) = 0 [pid 728] <... set_robust_list resumed>) = 0 [pid 726] <... munmap resumed>) = 0 [pid 710] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 726] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 726] ioctl(4, LOOP_SET_FD, 3 [pid 728] chdir("./12") = 0 [pid 728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 728] setpgid(0, 0) = 0 [pid 728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 728] write(3, "1000", 4) = 4 [pid 728] close(3) = 0 executing program [pid 728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 728] write(1, "executing program\n", 18) = 18 [pid 728] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 728] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 728] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 728] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 728] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 728] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[729]}, 88) = 729 [pid 728] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 728] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 728] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 729 attached [pid 729] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 729] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 729] memfd_create("syzkaller", 0) = 3 [pid 729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 729] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 729] munmap(0x7faaef6e1000, 138412032) = 0 [pid 729] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 708] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 725] <... futex resumed>) = ? [pid 725] +++ killed by SIGBUS +++ [pid 708] +++ killed by SIGBUS +++ [pid 705] +++ killed by SIGBUS +++ [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=705, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 358] restart_syscall(<... resuming interrupted clone ...> [pid 701] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] <... futex resumed>) = 1 [pid 704] <... futex resumed>) = 0 [pid 704] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 704] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 704] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 704] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 704] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[730]}, 88) = 730 [pid 704] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 704] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 710] write(4, "0x0000000000000000", 18 [pid 704] <... futex resumed>) = 0 [pid 710] <... write resumed>) = 18 [pid 704] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 710] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 730 attached [pid 730] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 730] write(4, "0x0000000000000000", 18) = 18 [pid 730] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 704] <... futex resumed>) = 0 [pid 704] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 710] <... futex resumed>) = 0 [pid 704] <... futex resumed>) = 1 [pid 710] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 704] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] <... mmap resumed>) = 0x20000000 [pid 710] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 704] <... futex resumed>) = 0 [pid 730] <... futex resumed>) = 1 [pid 707] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 704] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 730] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 358] <... restart_syscall resumed>) = 0 [pid 358] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./11/binderfs") = 0 [pid 358] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 726] <... ioctl resumed>) = 0 [pid 726] close(3) = 0 [pid 726] close(4 [pid 704] <... futex resumed>) = 0 [pid 704] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 701] <... futex resumed>) = ? [pid 727] <... futex resumed>) = ? [pid 727] +++ killed by SIGBUS +++ [pid 707] +++ killed by SIGBUS +++ [pid 701] +++ killed by SIGBUS +++ [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=701, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 362] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 362] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./11/binderfs") = 0 [pid 362] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 710] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 704] <... futex resumed>) = ? [pid 730] <... futex resumed>) = ? [pid 730] +++ killed by SIGBUS +++ [pid 710] +++ killed by SIGBUS +++ [pid 704] +++ killed by SIGBUS +++ [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=704, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 359] restart_syscall(<... resuming interrupted clone ...> [pid 729] <... openat resumed>) = 4 [pid 726] <... close resumed>) = 0 [pid 729] ioctl(4, LOOP_SET_FD, 3 [pid 726] mkdir("./file0", 0777) = 0 [pid 726] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 359] <... restart_syscall resumed>) = 0 [pid 359] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 359] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./11/binderfs") = 0 [ 30.090044][ T708] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 30.104767][ T707] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 30.116074][ T710] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 359] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 729] <... ioctl resumed>) = 0 [pid 729] close(3) = 0 [pid 729] close(4 [pid 358] <... umount2 resumed>) = 0 [pid 362] <... umount2 resumed>) = 0 [pid 362] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 362] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 362] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 362] close(4) = 0 [pid 362] rmdir("./11/file0" [pid 358] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] <... rmdir resumed>) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 362] close(3) = 0 [pid 362] rmdir("./11") = 0 [pid 362] mkdir("./12", 0777) = 0 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 358] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 358] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 358] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 358] close(4) = 0 [pid 358] rmdir("./11/file0") = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] close(3) = 0 [pid 358] rmdir("./11") = 0 [pid 358] mkdir("./12", 0777) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 729] <... close resumed>) = 0 [pid 729] mkdir("./file0", 0777) = 0 [pid 729] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue"executing program [pid 362] <... openat resumed>) = 3 [pid 359] <... umount2 resumed>) = 0 [pid 362] ioctl(3, LOOP_CLR_FD [pid 359] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] close(3 [pid 359] newfstatat(AT_FDCWD, "./11/file0", [pid 362] <... close resumed>) = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 359] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 733 [pid 359] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] close(4) = 0 [pid 359] rmdir("./11/file0") = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] close(3) = 0 [pid 359] rmdir("./11") = 0 [pid 359] mkdir("./12", 0777) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 359] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 359] close(3) = 0 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 734 ./strace-static-x86_64: Process 734 attached [pid 734] set_robust_list(0x5555893a06a0, 24) = 0 [pid 734] chdir("./12") = 0 [pid 734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 734] setpgid(0, 0) = 0 [pid 734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 734] write(3, "1000", 4) = 4 [pid 734] close(3) = 0 [pid 734] symlink("/dev/binderfs", "./binderfs") = 0 [pid 734] write(1, "executing program\n", 18) = 18 [pid 734] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 734] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 734] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 734] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 734] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 734] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 734] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[735]}, 88) = 735 [pid 734] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 734] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 734] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 735 attached [pid 735] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 735] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 735] memfd_create("syzkaller", 0) = 3 [pid 735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 735] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 735] munmap(0x7faaef6e1000, 138412032) = 0 [pid 735] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 735] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 735] close(3) = 0 [pid 735] close(4./strace-static-x86_64: Process 733 attached [pid 733] set_robust_list(0x5555893a06a0, 24) = 0 [pid 733] chdir("./12") = 0 [pid 733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 733] setpgid(0, 0) = 0 [pid 733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 358] <... openat resumed>) = 3 [pid 358] ioctl(3, LOOP_CLR_FD [pid 733] <... openat resumed>) = 3 [pid 733] write(3, "1000", 4) = 4 [pid 733] close(3) = 0 [pid 733] symlink("/dev/binderfs", "./binderfs") = 0 [pid 733] write(1, "executing program\n", 18 [pid 729] <... mount resumed>) = 0 [pid 729] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 729] chdir("./file0") = 0 [pid 729] openat(AT_FDCWD, "/dev/loop3", O_RDWRexecuting program [pid 733] <... write resumed>) = 18 [pid 733] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 733] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 733] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 733] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 733] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[741]}, 88) = 741 [pid 733] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 733] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 741 attached [pid 741] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 741] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 741] memfd_create("syzkaller", 0) = 3 [pid 741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 741] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 726] <... mount resumed>) = 0 [pid 726] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 726] chdir("./file0" [pid 741] <... write resumed>) = 1048576 [pid 726] <... chdir resumed>) = 0 [pid 741] munmap(0x7faaef6e1000, 138412032) = 0 [pid 726] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 741] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 735] <... close resumed>) = 0 [pid 735] mkdir("./file0", 0777) = 0 [ 30.349447][ T729] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 30.350116][ T726] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 735] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 741] <... openat resumed>) = 4 [pid 729] <... openat resumed>) = 4 [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 741] ioctl(4, LOOP_SET_FD, 3 [pid 729] ioctl(4, LOOP_CLR_FD [pid 358] close(3 [pid 729] <... ioctl resumed>) = 0 [pid 358] <... close resumed>) = 0 [pid 729] close(4 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 741] <... ioctl resumed>) = 0 [pid 741] close(3 [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 743 [pid 741] <... close resumed>) = 0 [pid 741] close(4) = 0 [pid 741] mkdir("./file0", 0777) = 0 [pid 741] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 729] <... close resumed>) = 0 [pid 729] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 728] <... futex resumed>) = 0 [pid 729] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 728] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 728] <... futex resumed>) = 0 [pid 729] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 728] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 729] <... openat resumed>) = 4 [pid 729] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 728] <... futex resumed>) = 0 [pid 729] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 728] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 728] <... futex resumed>) = 0 [pid 729] write(4, "0x0000000000000000", 18 [pid 728] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 729] <... write resumed>) = 18 [pid 728] <... futex resumed>) = 0 [pid 729] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 729] <... futex resumed>) = 0 [pid 728] <... mmap resumed>) = 0x7faaf7ac0000 [pid 729] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 728] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 728] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 728] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[746]}, 88) = 746 [pid 728] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 728] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 728] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 726] <... openat resumed>) = 4 [pid 726] ioctl(4, LOOP_CLR_FD) = 0 [pid 726] close(4) = 0 [pid 726] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 720] <... futex resumed>) = 0 [pid 720] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 720] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 726] <... futex resumed>) = 1 [pid 726] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 743 attached [pid 743] set_robust_list(0x5555893a06a0, 24) = 0 [pid 743] chdir("./12") = 0 [pid 743] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 743] setpgid(0, 0) = 0 [pid 743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 743] write(3, "1000", 4) = 4 executing program [pid 743] close(3) = 0 [pid 743] symlink("/dev/binderfs", "./binderfs") = 0 [pid 743] write(1, "executing program\n", 18) = 18 [pid 743] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 743] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 743] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 743] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 743] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 743] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[747]}, 88) = 747 [pid 743] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 743] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 743] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 747 attached [pid 747] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 747] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 747] memfd_create("syzkaller", 0) = 3 [pid 747] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 ./strace-static-x86_64: Process 746 attached [pid 726] <... openat resumed>) = 4 [pid 726] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 720] <... futex resumed>) = 0 [pid 726] write(4, "0x0000000000000000", 18 [pid 720] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 726] <... write resumed>) = 18 [pid 720] <... futex resumed>) = 0 [pid 726] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 720] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 726] <... futex resumed>) = 0 [pid 720] <... futex resumed>) = 0 [pid 726] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 720] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 720] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 720] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[750]}, 88) = 750 [pid 720] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 720] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 720] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 747] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 750 attached [pid 750] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 750] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 750] write(4, "0x0000000000000000", 18) = 18 [pid 750] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 720] <... futex resumed>) = 0 [pid 720] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 726] <... futex resumed>) = 0 [pid 720] <... futex resumed>) = 1 [pid 726] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 720] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 726] <... mmap resumed>) = 0x20000000 [pid 726] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 720] <... futex resumed>) = 0 [pid 750] <... futex resumed>) = 1 [pid 747] <... write resumed>) = 1048576 [pid 746] set_robust_list(0x7faaf7ae09a0, 24 [pid 741] <... mount resumed>) = 0 [pid 735] <... mount resumed>) = 0 [pid 720] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 746] <... set_robust_list resumed>) = 0 [pid 735] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 746] rt_sigprocmask(SIG_SETMASK, [], [pid 735] <... openat resumed>) = 3 [pid 746] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 735] chdir("./file0" [pid 746] write(4, "0x0000000000000000", 18 [pid 735] <... chdir resumed>) = 0 [pid 746] <... write resumed>) = 18 [pid 735] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 746] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 735] <... openat resumed>) = 4 [pid 746] <... futex resumed>) = 1 [pid 741] <... openat resumed>) = 3 [pid 735] ioctl(4, LOOP_CLR_FD [pid 746] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 741] chdir("./file0" [pid 735] <... ioctl resumed>) = 0 [pid 741] <... chdir resumed>) = 0 [pid 735] close(4 [pid 741] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 735] <... close resumed>) = 0 [pid 720] <... futex resumed>) = 0 [pid 741] <... openat resumed>) = 4 [pid 728] <... futex resumed>) = 0 [pid 741] ioctl(4, LOOP_CLR_FD [pid 735] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... ioctl resumed>) = 0 [pid 735] <... futex resumed>) = 1 [pid 741] close(4 [pid 735] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 741] <... close resumed>) = 0 [pid 741] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 741] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 747] munmap(0x7faaef6e1000, 138412032 [pid 750] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 747] <... munmap resumed>) = 0 [pid 747] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 747] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 734] <... futex resumed>) = 0 [pid 728] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 720] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 747] close(3) = 0 [pid 747] close(4 [pid 726] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 750] <... futex resumed>) = ? [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = 0 [pid 733] <... futex resumed>) = 1 [pid 741] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 733] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 741] <... openat resumed>) = 4 [pid 741] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 741] write(4, "0x0000000000000000", 18 [pid 733] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... write resumed>) = 18 [pid 733] <... futex resumed>) = 0 [pid 741] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 733] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = 0 [pid 733] <... futex resumed>) = 0 [pid 741] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 733] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 733] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 734] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 733] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 729] <... futex resumed>) = 0 [pid 728] <... futex resumed>) = 1 [pid 720] <... futex resumed>) = ? [pid 734] <... futex resumed>) = 1 [pid 729] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 728] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 729] <... mmap resumed>) = 0x20000000 ./strace-static-x86_64: Process 752 attached [pid 750] +++ killed by SIGBUS +++ [pid 735] <... futex resumed>) = 0 [pid 729] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 752] set_robust_list(0x7faaf7ae09a0, 24 [pid 735] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 729] <... futex resumed>) = 1 [pid 728] <... futex resumed>) = 0 [pid 733] <... clone3 resumed> => {parent_tid=[752]}, 88) = 752 [pid 752] <... set_robust_list resumed>) = 0 [pid 735] <... openat resumed>) = 4 [pid 733] rt_sigprocmask(SIG_SETMASK, [], [pid 729] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 728] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 752] rt_sigprocmask(SIG_SETMASK, [], [pid 735] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 728] <... futex resumed>) = 0 [pid 752] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 735] <... futex resumed>) = 1 [pid 734] <... futex resumed>) = 0 [pid 733] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 733] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 30.432040][ T735] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 30.448543][ T741] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 30.459491][ T726] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 733] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 726] +++ killed by SIGBUS +++ [pid 720] +++ killed by SIGBUS +++ [pid 728] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=720, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 357] restart_syscall(<... resuming interrupted clone ...> [pid 752] write(4, "0x0000000000000000", 18) = 18 [pid 752] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 733] <... futex resumed>) = 0 [pid 733] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = 0 [pid 733] <... futex resumed>) = 1 [pid 741] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 733] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 741] <... mmap resumed>) = 0x20000000 [pid 741] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 733] <... futex resumed>) = 0 [pid 741] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 733] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 733] <... futex resumed>) = 0 [pid 752] <... futex resumed>) = 1 [pid 735] write(4, "0x0000000000000000", 18 [pid 734] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 729] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 735] <... write resumed>) = 18 [pid 734] <... futex resumed>) = 0 [pid 735] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 734] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 735] <... futex resumed>) = 0 [pid 734] <... futex resumed>) = 0 [pid 735] write(4, "0x0000000000000000", 18 [pid 734] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 735] <... write resumed>) = 18 [pid 735] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 734] <... futex resumed>) = 0 [pid 735] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 734] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 734] <... futex resumed>) = 0 [pid 735] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 734] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 735] <... mmap resumed>) = 0x20000000 [pid 735] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 734] <... futex resumed>) = 0 [pid 735] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 734] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 734] <... futex resumed>) = 0 [pid 752] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 746] <... futex resumed>) = ? [pid 741] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 733] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] <... futex resumed>) = ? [pid 357] <... restart_syscall resumed>) = 0 [pid 357] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 357] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./11/binderfs") = 0 [pid 357] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 733] <... futex resumed>) = ? [pid 752] <... futex resumed>) = ? [pid 752] +++ killed by SIGBUS +++ [pid 746] +++ killed by SIGBUS +++ [pid 741] +++ killed by SIGBUS +++ [pid 733] +++ killed by SIGBUS +++ [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=733, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 362] restart_syscall(<... resuming interrupted clone ...> [pid 729] +++ killed by SIGBUS +++ [pid 728] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=728, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 360] restart_syscall(<... resuming interrupted clone ...> [pid 734] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 747] <... close resumed>) = 0 [pid 747] mkdir("./file0", 0777) = 0 [pid 747] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 362] <... restart_syscall resumed>) = 0 [pid 360] <... restart_syscall resumed>) = 0 [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 734] <... futex resumed>) = ? [pid 735] +++ killed by SIGBUS +++ [pid 734] +++ killed by SIGBUS +++ [pid 362] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=734, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 360] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 362] <... openat resumed>) = 3 [pid 360] <... openat resumed>) = 3 [pid 362] newfstatat(3, "", [pid 360] newfstatat(3, "", [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, [pid 360] getdents64(3, [pid 362] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./12/binderfs", [pid 360] newfstatat(AT_FDCWD, "./12/binderfs", [pid 362] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./12/binderfs" [pid 360] unlink("./12/binderfs") = 0 [pid 362] <... unlink resumed>) = 0 [pid 360] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 747] <... mount resumed>) = 0 [pid 747] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 747] chdir("./file0") = 0 [pid 747] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 359] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 359] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./12/binderfs") = 0 [ 30.483943][ T729] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 30.488450][ T741] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 30.499825][ T735] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 359] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] <... umount2 resumed>) = 0 [pid 357] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 357] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 357] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] close(4) = 0 [pid 357] rmdir("./11/file0") = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] close(3) = 0 [pid 357] rmdir("./11") = 0 [pid 357] mkdir("./12", 0777) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 747] <... openat resumed>) = 4 [pid 747] ioctl(4, LOOP_CLR_FD) = 0 [pid 359] <... umount2 resumed>) = 0 [pid 747] close(4) = 0 [pid 362] <... umount2 resumed>) = 0 [pid 360] <... umount2 resumed>) = 0 [pid 357] <... openat resumed>) = 3 [pid 747] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] ioctl(3, LOOP_CLR_FD [pid 747] <... futex resumed>) = 1 [pid 743] <... futex resumed>) = 0 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 747] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 743] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] newfstatat(AT_FDCWD, "./12/file0", [pid 360] newfstatat(AT_FDCWD, "./12/file0", [pid 357] close(3 [pid 747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 743] <... futex resumed>) = 0 [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] <... close resumed>) = 0 [pid 747] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 743] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 747] <... openat resumed>) = 4 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 747] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 360] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 357] <... clone resumed>, child_tidptr=0x5555893a0690) = 755 [pid 747] <... futex resumed>) = 1 [pid 743] <... futex resumed>) = 0 [pid 362] <... openat resumed>) = 4 [pid 360] <... openat resumed>) = 4 [pid 747] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 743] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] newfstatat(4, "", [pid 360] newfstatat(4, "", [pid 359] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 743] <... futex resumed>) = 0 [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 747] write(4, "0x0000000000000000", 18 [pid 743] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] getdents64(4, [pid 360] getdents64(4, [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 747] <... write resumed>) = 18 [pid 743] <... futex resumed>) = 0 [pid 362] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 747] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 362] getdents64(4, [pid 360] getdents64(4, [pid 359] newfstatat(AT_FDCWD, "./12/file0", [pid 747] <... futex resumed>) = 0 [pid 743] <... mmap resumed>) = 0x7faaf7ac0000 [pid 362] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 747] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 743] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 362] close(4 [pid 360] close(4 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 743] <... mprotect resumed>) = 0 [pid 362] <... close resumed>) = 0 [pid 360] <... close resumed>) = 0 [pid 743] rt_sigprocmask(SIG_BLOCK, ~[], [pid 362] rmdir("./12/file0" [pid 360] rmdir("./12/file0" [pid 359] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 743] <... rt_sigprocmask resumed>[], 8) = 0 [pid 362] <... rmdir resumed>) = 0 [pid 360] <... rmdir resumed>) = 0 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 743] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 362] getdents64(3, [pid 360] getdents64(3, [pid 359] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 362] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 756 attached ./strace-static-x86_64: Process 755 attached [pid 743] <... clone3 resumed> => {parent_tid=[756]}, 88) = 756 [pid 362] close(3 [pid 360] close(3 [pid 359] <... openat resumed>) = 4 [pid 756] set_robust_list(0x7faaf7ae09a0, 24 [pid 755] set_robust_list(0x5555893a06a0, 24 [pid 743] rt_sigprocmask(SIG_SETMASK, [], [pid 362] <... close resumed>) = 0 [pid 360] <... close resumed>) = 0 [pid 359] newfstatat(4, "", [pid 756] <... set_robust_list resumed>) = 0 [pid 755] <... set_robust_list resumed>) = 0 [pid 743] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 362] rmdir("./12" [pid 360] rmdir("./12" [pid 756] rt_sigprocmask(SIG_SETMASK, [], [pid 755] chdir("./12" [pid 743] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... rmdir resumed>) = 0 [pid 360] <... rmdir resumed>) = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 756] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 755] <... chdir resumed>) = 0 [pid 743] <... futex resumed>) = 0 [pid 362] mkdir("./13", 0777 [pid 360] mkdir("./13", 0777 [pid 756] write(4, "0x0000000000000000", 18 [pid 755] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 743] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... mkdir resumed>) = 0 [pid 360] <... mkdir resumed>) = 0 [pid 359] getdents64(4, [pid 756] <... write resumed>) = 18 [pid 755] <... prctl resumed>) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 756] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 755] setpgid(0, 0 [pid 362] <... openat resumed>) = 3 [pid 360] <... openat resumed>) = 3 [pid 359] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 756] <... futex resumed>) = 1 [pid 755] <... setpgid resumed>) = 0 [pid 743] <... futex resumed>) = 0 [pid 362] ioctl(3, LOOP_CLR_FD [pid 360] ioctl(3, LOOP_CLR_FD [pid 359] getdents64(4, executing program executing program [pid 756] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 743] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 359] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 747] <... futex resumed>) = 0 [pid 743] <... futex resumed>) = 1 [pid 362] close(3 [pid 360] close(3 [pid 359] close(4 [pid 755] <... openat resumed>) = 3 [pid 747] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 743] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... close resumed>) = 0 [pid 360] <... close resumed>) = 0 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 757 [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 758 ./strace-static-x86_64: Process 758 attached [pid 758] set_robust_list(0x5555893a06a0, 24) = 0 [pid 758] chdir("./13") = 0 [pid 758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 758] setpgid(0, 0) = 0 [pid 758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 758] write(3, "1000", 4) = 4 [pid 758] close(3) = 0 [pid 758] symlink("/dev/binderfs", "./binderfs") = 0 [pid 758] write(1, "executing program\n", 18) = 18 [pid 758] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 758] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 758] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 758] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 758] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 758] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 758] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[759]}, 88) = 759 ./strace-static-x86_64: Process 757 attached [pid 758] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 758] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] set_robust_list(0x5555893a06a0, 24 [pid 758] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 757] <... set_robust_list resumed>) = 0 [pid 757] chdir("./13") = 0 [pid 757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 757] setpgid(0, 0) = 0 [pid 757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 757] write(3, "1000", 4) = 4 [pid 757] close(3) = 0 [pid 757] symlink("/dev/binderfs", "./binderfs" [pid 359] <... close resumed>) = 0 [pid 747] <... mmap resumed>) = 0x20000000 [pid 359] rmdir("./12/file0" [pid 747] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 757] <... symlink resumed>) = 0 [pid 757] write(1, "executing program\n", 18) = 18 [pid 757] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] <... rmdir resumed>) = 0 [pid 747] <... futex resumed>) = 1 [pid 743] <... futex resumed>) = 0 [pid 359] getdents64(3, [pid 747] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 743] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 359] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 743] <... futex resumed>) = 0 [pid 757] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 757] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 757] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 757] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 757] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[760]}, 88) = 760 [pid 757] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 757] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 759 attached [pid 759] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 759] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 759] memfd_create("syzkaller", 0) = 3 [pid 759] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 ./strace-static-x86_64: Process 760 attached [pid 760] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 760] memfd_create("syzkaller", 0) = 3 [pid 760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 759] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 760] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 743] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] close(3) = 0 [pid 359] rmdir("./12") = 0 [pid 759] <... write resumed>) = 1048576 [pid 759] munmap(0x7faaef6e1000, 138412032) = 0 [pid 759] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 759] ioctl(4, LOOP_SET_FD, 3 [pid 760] munmap(0x7faaef6e1000, 138412032) = 0 [pid 760] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 759] <... ioctl resumed>) = 0 [pid 759] close(3) = 0 [pid 759] close(4executing program [pid 755] write(3, "1000", 4) = 4 [pid 755] close(3) = 0 [pid 755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 755] write(1, "executing program\n", 18) = 18 [pid 755] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 755] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 755] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 755] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 755] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[762]}, 88) = 762 [pid 755] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 755] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 755] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 359] mkdir("./13", 0777 [pid 747] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 359] <... mkdir resumed>) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 762 attached [pid 762] set_robust_list(0x7faaf7b019a0, 24 [pid 743] <... futex resumed>) = ? [pid 756] <... futex resumed>) = ? [pid 762] <... set_robust_list resumed>) = 0 [pid 747] +++ killed by SIGBUS +++ [pid 762] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 762] memfd_create("syzkaller", 0) = 3 [pid 762] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 756] +++ killed by SIGBUS +++ [pid 743] +++ killed by SIGBUS +++ [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=743, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 358] restart_syscall(<... resuming interrupted clone ...> [pid 762] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 759] <... close resumed>) = 0 [pid 760] <... openat resumed>) = 4 [pid 759] mkdir("./file0", 0777 [pid 760] ioctl(4, LOOP_SET_FD, 3 [pid 759] <... mkdir resumed>) = 0 [pid 359] <... openat resumed>) = 3 [pid 759] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 359] ioctl(3, LOOP_CLR_FD [pid 762] <... write resumed>) = 1048576 [pid 762] munmap(0x7faaef6e1000, 138412032 [pid 760] <... ioctl resumed>) = 0 [pid 359] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 760] close(3 [pid 359] close(3 [pid 760] <... close resumed>) = 0 [pid 359] <... close resumed>) = 0 [pid 760] close(4 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 764 ./strace-static-x86_64: Process 764 attached [pid 762] <... munmap resumed>) = 0 [pid 764] set_robust_list(0x5555893a06a0, 24 [pid 762] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 358] <... restart_syscall resumed>) = 0 [pid 358] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 764] <... set_robust_list resumed>) = 0 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 358] newfstatat(3, "", [pid 764] chdir("./13") = 0 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./12/binderfs") = 0 [pid 358] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 764] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 759] <... mount resumed>) = 0 [pid 764] <... prctl resumed>) = 0 [pid 759] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 764] setpgid(0, 0 [pid 759] chdir("./file0") = 0 [pid 759] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 764] <... setpgid resumed>) = 0 [pid 764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 764] write(3, "1000", 4) = 4 [pid 764] close(3) = 0 [pid 764] symlink("/dev/binderfs", "./binderfs") = 0 [pid 764] write(1, "executing program\n", 18executing program ) = 18 [pid 764] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 764] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 764] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 764] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 764] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 764] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0}./strace-static-x86_64: Process 767 attached => {parent_tid=[767]}, 88) = 767 [pid 767] set_robust_list(0x7faaf7b019a0, 24 [pid 764] rt_sigprocmask(SIG_SETMASK, [], [pid 767] <... set_robust_list resumed>) = 0 [pid 764] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 764] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] rt_sigprocmask(SIG_SETMASK, [], [pid 764] <... futex resumed>) = 0 [pid 767] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 764] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 767] memfd_create("syzkaller", 0) = 3 [pid 767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 767] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 767] munmap(0x7faaef6e1000, 138412032) = 0 [pid 767] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 762] <... openat resumed>) = 4 [pid 760] <... close resumed>) = 0 [ 30.714263][ T747] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 762] ioctl(4, LOOP_SET_FD, 3 [pid 760] mkdir("./file0", 0777) = 0 [pid 760] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 759] <... openat resumed>) = 4 [pid 767] <... openat resumed>) = 4 [pid 762] <... ioctl resumed>) = 0 [pid 759] ioctl(4, LOOP_CLR_FD [pid 358] <... umount2 resumed>) = 0 [pid 762] close(3 [pid 759] <... ioctl resumed>) = 0 [pid 767] ioctl(4, LOOP_SET_FD, 3 [pid 762] <... close resumed>) = 0 [pid 759] close(4 [pid 358] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 762] close(4 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 759] <... close resumed>) = 0 [pid 358] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 358] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 358] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 358] close(4 [pid 767] <... ioctl resumed>) = 0 [pid 759] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... close resumed>) = 0 [pid 759] <... futex resumed>) = 1 [pid 758] <... futex resumed>) = 0 [pid 358] rmdir("./12/file0" [pid 767] close(3 [pid 759] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 758] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] <... close resumed>) = 0 [pid 760] <... mount resumed>) = 0 [pid 758] <... futex resumed>) = 0 [pid 358] <... rmdir resumed>) = 0 [pid 767] close(4 [pid 760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 759] <... openat resumed>) = 4 [pid 758] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] getdents64(3, [pid 760] <... openat resumed>) = 3 [pid 759] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 758] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 760] chdir("./file0" [pid 759] <... futex resumed>) = 0 [pid 758] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 760] <... chdir resumed>) = 0 [pid 759] write(4, "0x0000000000000000", 18 [pid 758] <... futex resumed>) = 0 [pid 760] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 759] <... write resumed>) = 18 [pid 758] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] close(3 [pid 759] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 758] <... futex resumed>) = 0 [pid 358] <... close resumed>) = 0 [pid 759] <... futex resumed>) = 0 [pid 758] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 358] rmdir("./12" [pid 759] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 758] <... mmap resumed>) = 0x7faaf7ac0000 [pid 358] <... rmdir resumed>) = 0 [pid 758] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 358] mkdir("./13", 0777 [pid 758] <... mprotect resumed>) = 0 [pid 358] <... mkdir resumed>) = 0 [pid 758] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 758] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0}./strace-static-x86_64: Process 772 attached => {parent_tid=[772]}, 88) = 772 [pid 758] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 758] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 758] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 772] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 772] write(4, "0x0000000000000000", 18) = 18 [pid 772] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 758] <... futex resumed>) = 0 [pid 758] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 759] <... futex resumed>) = 0 [pid 758] <... futex resumed>) = 1 [pid 759] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 758] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 759] <... mmap resumed>) = 0x20000000 [pid 759] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 758] <... futex resumed>) = 0 [pid 772] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 759] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 758] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 758] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 762] <... close resumed>) = 0 [pid 762] mkdir("./file0", 0777) = 0 [pid 762] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 759] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 772] <... futex resumed>) = ? [pid 758] <... futex resumed>) = ? [pid 772] +++ killed by SIGBUS +++ [pid 759] +++ killed by SIGBUS +++ [pid 758] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=758, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 360] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 762] <... mount resumed>) = 0 [pid 762] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 360] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 762] <... openat resumed>) = 3 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 762] chdir("./file0" [pid 360] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 762] <... chdir resumed>) = 0 [pid 360] <... openat resumed>) = 3 [pid 762] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 360] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./13/binderfs") = 0 [pid 360] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 767] <... close resumed>) = 0 [pid 760] <... openat resumed>) = 4 [pid 358] <... openat resumed>) = 3 [pid 767] mkdir("./file0", 0777 [pid 762] <... openat resumed>) = 4 [pid 360] <... umount2 resumed>) = 0 [pid 358] ioctl(3, LOOP_CLR_FD [pid 767] <... mkdir resumed>) = 0 [pid 760] ioctl(4, LOOP_CLR_FD [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 767] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 762] ioctl(4, LOOP_CLR_FD [pid 760] <... ioctl resumed>) = 0 [pid 360] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] close(3 [pid 762] <... ioctl resumed>) = 0 [pid 760] close(4 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... close resumed>) = 0 [pid 762] close(4 [pid 760] <... close resumed>) = 0 [pid 360] newfstatat(AT_FDCWD, "./13/file0", [ 30.824043][ T759] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 762] <... close resumed>) = 0 [pid 760] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 776 [pid 762] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 760] <... futex resumed>) = 1 [pid 757] <... futex resumed>) = 0 [pid 360] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 762] <... futex resumed>) = 1 [pid 755] <... futex resumed>) = 0 [pid 757] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 755] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 757] <... futex resumed>) = 0 [pid 755] <... futex resumed>) = 0 [pid 757] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 755] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 762] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 760] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 360] newfstatat(4, "", [pid 760] <... openat resumed>) = 4 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 760] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] <... futex resumed>) = 0 [pid 360] getdents64(4, [pid 757] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 757] <... futex resumed>) = 0 [pid 360] getdents64(4, [pid 757] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 762] <... openat resumed>) = 4 [pid 760] write(4, "0x0000000000000000", 18 [pid 757] <... futex resumed>) = 0 [pid 360] close(4 [pid 762] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 760] <... write resumed>) = 18 [pid 757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 360] <... close resumed>) = 0 [pid 762] <... futex resumed>) = 1 [pid 760] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 757] <... mmap resumed>) = 0x7faaf7ac0000 [pid 755] <... futex resumed>) = 0 [pid 360] rmdir("./13/file0" [pid 762] write(4, "0x0000000000000000", 18 [pid 760] <... futex resumed>) = 0 [pid 757] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 755] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 762] <... write resumed>) = 18 [pid 760] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] <... mprotect resumed>) = 0 [pid 755] <... futex resumed>) = 0 [pid 360] <... rmdir resumed>) = 0 [pid 762] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 757] rt_sigprocmask(SIG_BLOCK, ~[], [pid 755] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] getdents64(3, [pid 762] <... futex resumed>) = 0 [pid 757] <... rt_sigprocmask resumed>[], 8) = 0 [pid 755] <... futex resumed>) = 0 [pid 360] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 762] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 360] close(3 [pid 755] <... mmap resumed>) = 0x7faaf7ac0000 [pid 360] <... close resumed>) = 0 [pid 757] <... clone3 resumed> => {parent_tid=[779]}, 88) = 779 [pid 755] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 360] rmdir("./13" [pid 757] rt_sigprocmask(SIG_SETMASK, [], [pid 755] <... mprotect resumed>) = 0 [pid 757] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 755] rt_sigprocmask(SIG_BLOCK, ~[], [pid 360] <... rmdir resumed>) = 0 [pid 757] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 755] <... rt_sigprocmask resumed>[], 8) = 0 [pid 360] mkdir("./14", 0777 [pid 757] <... futex resumed>) = 0 [pid 755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 757] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 755] <... clone3 resumed> => {parent_tid=[780]}, 88) = 780 [pid 755] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 755] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... mkdir resumed>) = 0 [pid 755] <... futex resumed>) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 755] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 780 attached [pid 780] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 780] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 780] write(4, "0x0000000000000000", 18) = 18 [pid 780] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 755] <... futex resumed>) = 0 [pid 755] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 762] <... futex resumed>) = 0 [pid 755] <... futex resumed>) = 1 [pid 762] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 755] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 762] <... mmap resumed>) = 0x20000000 [pid 762] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] <... mount resumed>) = 0 [pid 767] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 762] <... futex resumed>) = 1 [pid 755] <... futex resumed>) = 0 ./strace-static-x86_64: Process 779 attached ./strace-static-x86_64: Process 776 attached [pid 780] <... futex resumed>) = 1 [pid 767] <... openat resumed>) = 3 [pid 755] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] chdir("./file0") = 0 [pid 767] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 779] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 779] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 779] write(4, "0x0000000000000000", 18) = 18 [pid 779] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 779] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 780] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 776] set_robust_list(0x5555893a06a0, 24) = 0 [pid 776] chdir("./13") = 0 [pid 776] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 776] setpgid(0, 0) = 0 [pid 776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 776] write(3, "1000", 4) = 4 [pid 776] close(3) = 0 [pid 776] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 776] write(1, "executing program\n", 18) = 18 [pid 776] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 776] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 776] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 776] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 776] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 776] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 776] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[781]}, 88) = 781 [pid 776] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 776] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 776] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 755] <... futex resumed>) = 0 [pid 755] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 760] <... futex resumed>) = 0 [pid 757] <... futex resumed>) = 1 [pid 760] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 757] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 760] <... mmap resumed>) = 0x20000000 [pid 760] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 757] <... futex resumed>) = 0 ./strace-static-x86_64: Process 781 attached [pid 762] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 757] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 781] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 781] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 781] memfd_create("syzkaller", 0) = 3 [pid 781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 781] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 755] <... futex resumed>) = ? [pid 781] <... write resumed>) = 1048576 [pid 781] munmap(0x7faaef6e1000, 138412032) = 0 [pid 781] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 780] <... futex resumed>) = ? [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 779] <... futex resumed>) = ? [pid 757] <... futex resumed>) = ? [pid 779] +++ killed by SIGBUS +++ [pid 760] +++ killed by SIGBUS +++ [pid 757] +++ killed by SIGBUS +++ [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=757, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 362] restart_syscall(<... resuming interrupted clone ...> [pid 780] +++ killed by SIGBUS +++ [pid 762] +++ killed by SIGBUS +++ [pid 755] +++ killed by SIGBUS +++ [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=755, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 357] restart_syscall(<... resuming interrupted clone ...> [pid 362] <... restart_syscall resumed>) = 0 [pid 362] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./13/binderfs") = 0 [pid 362] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 767] <... openat resumed>) = 4 [pid 360] <... openat resumed>) = 3 [pid 357] <... restart_syscall resumed>) = 0 [pid 767] ioctl(4, LOOP_CLR_FD [pid 360] ioctl(3, LOOP_CLR_FD [pid 767] <... ioctl resumed>) = 0 [pid 767] close(4 [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 357] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 767] <... close resumed>) = 0 [pid 360] close(3 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 767] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... close resumed>) = 0 [pid 357] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 767] <... futex resumed>) = 1 [pid 764] <... futex resumed>) = 0 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 357] <... openat resumed>) = 3 [pid 767] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 764] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] newfstatat(3, "", [pid 764] <... futex resumed>) = 0 [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 764] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] getdents64(3, [pid 767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 357] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 767] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 782 [pid 357] unlink("./12/binderfs") = 0 [pid 357] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 781] <... openat resumed>) = 4 [pid 781] ioctl(4, LOOP_SET_FD, 3 [pid 767] <... openat resumed>) = 4 [pid 767] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 764] <... futex resumed>) = 0 [pid 764] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 764] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 767] write(4, "0x0000000000000000", 18 [pid 764] <... mmap resumed>) = 0x7faaf7ac0000 [pid 764] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 764] rt_sigprocmask(SIG_BLOCK, ~[], [pid 767] <... write resumed>) = 18 [pid 767] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 764] <... rt_sigprocmask resumed>[], 8) = 0 [pid 767] <... futex resumed>) = 0 [pid 767] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 764] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[784]}, 88) = 784 [pid 764] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 764] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 764] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 781] <... ioctl resumed>) = 0 [pid 781] close(3) = 0 [pid 781] close(4./strace-static-x86_64: Process 784 attached ./strace-static-x86_64: Process 782 attached [pid 784] set_robust_list(0x7faaf7ae09a0, 24 [pid 782] set_robust_list(0x5555893a06a0, 24 [pid 784] <... set_robust_list resumed>) = 0 [pid 782] <... set_robust_list resumed>) = 0 [pid 782] chdir("./14" [pid 784] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 782] <... chdir resumed>) = 0 [pid 784] write(4, "0x0000000000000000", 18 [pid 782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 784] <... write resumed>) = 18 [pid 784] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 782] setpgid(0, 0 [pid 784] <... futex resumed>) = 1 [pid 782] <... setpgid resumed>) = 0 [pid 764] <... futex resumed>) = 0 [pid 764] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] <... futex resumed>) = 0 [pid 764] <... futex resumed>) = 1 [pid 767] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 764] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 784] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 767] <... mmap resumed>) = 0x20000000 [pid 767] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 764] <... futex resumed>) = 0 [pid 767] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 764] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 764] <... futex resumed>) = 0 [ 30.894930][ T762] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 30.905258][ T760] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 782] <... openat resumed>) = 3 [pid 764] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] write(3, "1000", 4) = 4 [pid 782] close(3) = 0 [pid 782] symlink("/dev/binderfs", "./binderfs") = 0 [pid 782] write(1, "executing program\n", 18executing program ) = 18 [pid 782] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 782] <... futex resumed>) = 0 [pid 782] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 782] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 782] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 782] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 782] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 782] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[785]}, 88) = 785 [pid 782] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 782] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 782] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 785 attached [pid 785] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 785] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 785] memfd_create("syzkaller", 0) = 3 [pid 785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 784] <... futex resumed>) = ? [pid 764] <... futex resumed>) = ? [pid 784] +++ killed by SIGBUS +++ [pid 767] +++ killed by SIGBUS +++ [pid 764] +++ killed by SIGBUS +++ [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=764, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 359] restart_syscall(<... resuming interrupted clone ...> [pid 785] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 785] munmap(0x7faaef6e1000, 138412032 [pid 362] <... umount2 resumed>) = 0 [pid 362] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 785] <... munmap resumed>) = 0 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 785] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 362] newfstatat(AT_FDCWD, "./13/file0", [pid 359] <... restart_syscall resumed>) = 0 [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 359] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] <... openat resumed>) = 4 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(4, "", [pid 359] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] <... openat resumed>) = 3 [pid 362] getdents64(4, [pid 359] newfstatat(3, "", [pid 362] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] getdents64(3, [pid 362] close(4 [pid 359] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] <... close resumed>) = 0 [pid 359] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] rmdir("./13/file0" [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] <... rmdir resumed>) = 0 [pid 359] newfstatat(AT_FDCWD, "./13/binderfs", [pid 362] getdents64(3, [pid 359] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] unlink("./13/binderfs" [pid 362] close(3 [pid 359] <... unlink resumed>) = 0 [pid 362] <... close resumed>) = 0 [pid 359] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] rmdir("./13") = 0 [pid 362] mkdir("./14", 0777) = 0 [ 30.954797][ T767] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 781] <... close resumed>) = 0 [pid 781] mkdir("./file0", 0777) = 0 [pid 781] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 359] <... umount2 resumed>) = 0 [pid 359] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 359] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] close(4) = 0 [pid 359] rmdir("./13/file0") = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] close(3) = 0 [pid 359] rmdir("./13") = 0 [pid 359] mkdir("./14", 0777) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWRexecuting program [pid 785] <... openat resumed>) = 4 [pid 362] <... openat resumed>) = 3 [pid 359] <... openat resumed>) = 3 [pid 357] <... umount2 resumed>) = 0 [pid 359] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 359] close(3) = 0 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 786 ./strace-static-x86_64: Process 786 attached [pid 786] set_robust_list(0x5555893a06a0, 24) = 0 [pid 786] chdir("./14") = 0 [pid 786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 786] setpgid(0, 0) = 0 [pid 786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 786] write(3, "1000", 4) = 4 [pid 786] close(3) = 0 [pid 786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 786] write(1, "executing program\n", 18) = 18 [pid 786] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 786] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 786] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 786] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 786] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 786] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[787]}, 88) = 787 [pid 786] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 786] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 786] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 785] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 785] close(3) = 0 [pid 785] close(4 [pid 362] ioctl(3, LOOP_CLR_FD [pid 357] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 357] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 357] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] close(4) = 0 [pid 357] rmdir("./12/file0") = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] close(3./strace-static-x86_64: Process 787 attached ) = 0 [pid 357] rmdir("./12" [pid 787] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 357] <... rmdir resumed>) = 0 [pid 787] rt_sigprocmask(SIG_SETMASK, [], [pid 357] mkdir("./13", 0777 [pid 787] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 357] <... mkdir resumed>) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 787] memfd_create("syzkaller", 0) = 3 [pid 787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 787] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 781] <... mount resumed>) = 0 [pid 781] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 781] chdir("./file0") = 0 [pid 781] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 787] <... write resumed>) = 1048576 [pid 787] munmap(0x7faaef6e1000, 138412032) = 0 [pid 787] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 785] <... close resumed>) = 0 [pid 781] <... openat resumed>) = 4 [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 357] <... openat resumed>) = 3 [pid 785] mkdir("./file0", 0777) = 0 [pid 357] ioctl(3, LOOP_CLR_FD [pid 785] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 362] close(3 [pid 787] ioctl(4, LOOP_SET_FD, 3 [pid 781] ioctl(4, LOOP_CLR_FD [pid 787] <... ioctl resumed>) = 0 [pid 781] <... ioctl resumed>) = 0 [pid 362] <... close resumed>) = 0 [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 787] close(3 [pid 781] close(4 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 357] close(3 [pid 787] <... close resumed>) = 0 [pid 781] <... close resumed>) = 0 [pid 357] <... close resumed>) = 0 [pid 787] close(4 [pid 781] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 792 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 781] <... futex resumed>) = 1 [pid 776] <... futex resumed>) = 0 [pid 781] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 776] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... clone resumed>, child_tidptr=0x5555893a0690) = 793 ./strace-static-x86_64: Process 793 attached ./strace-static-x86_64: Process 792 attached [pid 781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 776] <... futex resumed>) = 0 [pid 793] set_robust_list(0x5555893a06a0, 24 [pid 792] set_robust_list(0x5555893a06a0, 24 [pid 785] <... mount resumed>) = 0 [pid 781] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 776] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 793] <... set_robust_list resumed>) = 0 [pid 792] <... set_robust_list resumed>) = 0 [pid 785] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 793] chdir("./13") = 0 [pid 792] chdir("./14" [pid 781] <... openat resumed>) = 4 [pid 793] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 792] <... chdir resumed>) = 0 [pid 785] <... openat resumed>) = 3 [pid 781] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 793] <... prctl resumed>) = 0 [pid 793] setpgid(0, 0 [pid 792] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 785] chdir("./file0" [pid 781] <... futex resumed>) = 1 [pid 776] <... futex resumed>) = 0 [pid 793] <... setpgid resumed>) = 0 [pid 792] <... prctl resumed>) = 0 [pid 781] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 776] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 793] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 785] <... chdir resumed>) = 0 [pid 792] setpgid(0, 0 [pid 793] <... openat resumed>) = 3 [pid 785] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 792] <... setpgid resumed>) = 0 [pid 776] <... futex resumed>) = 0 [pid 793] write(3, "1000", 4 [pid 781] write(4, "0x0000000000000000", 18 [pid 793] <... write resumed>) = 4 [pid 792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 776] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 793] close(3 [pid 781] <... write resumed>) = 18 [pid 793] <... close resumed>) = 0 [pid 793] symlink("/dev/binderfs", "./binderfs") = 0 [pid 792] <... openat resumed>) = 3 [pid 781] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 776] <... futex resumed>) = 0 executing program [pid 793] write(1, "executing program\n", 18 [pid 792] write(3, "1000", 4 [pid 781] <... futex resumed>) = 0 [pid 776] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 793] <... write resumed>) = 18 [pid 792] <... write resumed>) = 4 [pid 781] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 793] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 792] close(3 [pid 776] <... mmap resumed>) = 0x7faaf7ac0000 [pid 793] <... futex resumed>) = 0 [pid 792] <... close resumed>) = 0 [pid 776] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 793] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 792] symlink("/dev/binderfs", "./binderfs" [pid 793] <... rt_sigaction resumed>NULL, 8) = 0 [pid 776] <... mprotect resumed>) = 0 [pid 793] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 793] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 793] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITEexecuting program [pid 792] <... symlink resumed>) = 0 [pid 793] <... mprotect resumed>) = 0 [pid 776] rt_sigprocmask(SIG_BLOCK, ~[], [pid 792] write(1, "executing program\n", 18 [pid 793] rt_sigprocmask(SIG_BLOCK, ~[], [pid 776] <... rt_sigprocmask resumed>[], 8) = 0 [pid 793] <... rt_sigprocmask resumed>[], 8) = 0 [pid 792] <... write resumed>) = 18 [pid 776] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 793] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 792] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 793] <... clone3 resumed> => {parent_tid=[797]}, 88) = 797 [pid 792] <... futex resumed>) = 0 [pid 776] <... clone3 resumed> => {parent_tid=[796]}, 88) = 796 ./strace-static-x86_64: Process 796 attached [pid 793] rt_sigprocmask(SIG_SETMASK, [], [pid 792] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 776] rt_sigprocmask(SIG_SETMASK, [], [pid 793] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 792] <... rt_sigaction resumed>NULL, 8) = 0 [pid 776] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 793] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 792] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 776] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 793] <... futex resumed>) = 0 [pid 792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 776] <... futex resumed>) = 0 [pid 793] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 776] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 792] <... mmap resumed>) = 0x7faaf7ae1000 ./strace-static-x86_64: Process 797 attached [pid 792] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 797] set_robust_list(0x7faaf7b019a0, 24 [pid 792] <... mprotect resumed>) = 0 [pid 797] <... set_robust_list resumed>) = 0 [pid 792] rt_sigprocmask(SIG_BLOCK, ~[], [pid 797] rt_sigprocmask(SIG_SETMASK, [], [pid 792] <... rt_sigprocmask resumed>[], 8) = 0 [pid 797] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[798]}, 88) = 798 [pid 792] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 797] memfd_create("syzkaller", 0 [pid 792] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 798 attached [pid 796] set_robust_list(0x7faaf7ae09a0, 24 [pid 792] <... futex resumed>) = 0 [pid 792] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 797] <... memfd_create resumed>) = 3 [pid 798] set_robust_list(0x7faaf7b019a0, 24 [pid 796] <... set_robust_list resumed>) = 0 [pid 798] <... set_robust_list resumed>) = 0 [pid 797] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 796] rt_sigprocmask(SIG_SETMASK, [], [pid 798] rt_sigprocmask(SIG_SETMASK, [], [pid 797] <... mmap resumed>) = 0x7faaef6e1000 [pid 796] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 798] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 797] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 796] write(4, "0x0000000000000000", 18 [pid 797] <... write resumed>) = 1048576 [pid 798] memfd_create("syzkaller", 0 [pid 796] <... write resumed>) = 18 [pid 796] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 776] <... futex resumed>) = 0 [pid 776] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 781] <... futex resumed>) = 0 [pid 776] <... futex resumed>) = 1 [pid 781] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 776] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 798] <... memfd_create resumed>) = 3 [pid 797] munmap(0x7faaef6e1000, 138412032 [pid 796] <... futex resumed>) = 1 [pid 781] <... mmap resumed>) = 0x20000000 [pid 796] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 781] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 776] <... futex resumed>) = 0 [pid 776] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 776] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 798] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 798] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 798] munmap(0x7faaef6e1000, 138412032) = 0 [pid 798] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 797] <... munmap resumed>) = 0 [pid 797] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 787] <... close resumed>) = 0 [pid 787] mkdir("./file0", 0777) = 0 [pid 787] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 798] <... openat resumed>) = 4 [pid 798] ioctl(4, LOOP_SET_FD, 3 [pid 781] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 796] <... futex resumed>) = ? [pid 776] <... futex resumed>) = ? [pid 796] +++ killed by SIGBUS +++ [pid 798] <... ioctl resumed>) = 0 [pid 798] close(3 [pid 785] <... openat resumed>) = 4 [pid 798] <... close resumed>) = 0 [pid 785] ioctl(4, LOOP_CLR_FD [pid 798] close(4 [pid 785] <... ioctl resumed>) = 0 [pid 797] <... openat resumed>) = 4 [pid 785] close(4 [pid 797] ioctl(4, LOOP_SET_FD, 3 [pid 781] +++ killed by SIGBUS +++ [pid 776] +++ killed by SIGBUS +++ [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=776, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 358] restart_syscall(<... resuming interrupted clone ...> [pid 787] <... mount resumed>) = 0 [pid 787] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 787] chdir("./file0") = 0 [pid 787] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 358] <... restart_syscall resumed>) = 0 [pid 358] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./13/binderfs") = 0 [pid 358] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 798] <... close resumed>) = 0 [pid 798] mkdir("./file0", 0777) = 0 [pid 798] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 785] <... close resumed>) = 0 [pid 785] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 782] <... futex resumed>) = 0 [pid 785] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 782] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 785] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 782] <... futex resumed>) = 0 [pid 785] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 782] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 785] <... openat resumed>) = 4 [pid 785] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 782] <... futex resumed>) = 0 [pid 785] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 782] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 785] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 782] <... futex resumed>) = 0 [pid 785] write(4, "0x0000000000000000", 18 [pid 782] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 785] <... write resumed>) = 18 [pid 782] <... futex resumed>) = 0 [pid 785] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 782] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 785] <... futex resumed>) = 0 [pid 782] <... mmap resumed>) = 0x7faaf7ac0000 [pid 785] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 782] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 782] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 782] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[803]}, 88) = 803 [pid 782] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 782] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 782] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 803 attached [pid 803] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 803] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 803] write(4, "0x0000000000000000", 18) = 18 [pid 797] <... ioctl resumed>) = 0 [pid 787] <... openat resumed>) = 4 [pid 797] close(3 [pid 787] ioctl(4, LOOP_CLR_FD [pid 797] <... close resumed>) = 0 [ 31.285448][ T781] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 797] close(4 [pid 803] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 782] <... futex resumed>) = 0 [pid 782] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 785] <... futex resumed>) = 0 [pid 782] <... futex resumed>) = 1 [pid 785] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 782] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 803] <... futex resumed>) = 1 [pid 785] <... mmap resumed>) = 0x20000000 [pid 803] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 785] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 782] <... futex resumed>) = 0 [pid 785] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 782] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 785] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 782] <... futex resumed>) = 0 [pid 782] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 798] <... mount resumed>) = 0 [pid 798] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 798] chdir("./file0") = 0 [pid 798] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 803] <... futex resumed>) = ? [pid 782] <... futex resumed>) = ? [pid 803] +++ killed by SIGBUS +++ [pid 785] +++ killed by SIGBUS +++ [pid 782] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=782, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 360] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 360] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 360] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./14/binderfs") = 0 [pid 360] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 787] <... ioctl resumed>) = 0 [pid 358] <... umount2 resumed>) = 0 [pid 787] close(4 [pid 358] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 358] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 358] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 358] close(4) = 0 [pid 358] rmdir("./13/file0") = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] close(3) = 0 [pid 358] rmdir("./13") = 0 [pid 358] mkdir("./14", 0777) = 0 [ 31.347491][ T785] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 798] <... openat resumed>) = 4 [pid 797] <... close resumed>) = 0 [pid 798] ioctl(4, LOOP_CLR_FD) = 0 [pid 798] close(4) = 0 [pid 798] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 792] <... futex resumed>) = 0 [pid 798] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 792] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 798] <... openat resumed>) = 4 [pid 797] mkdir("./file0", 0777 [pid 792] <... futex resumed>) = 0 [pid 798] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 792] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 798] <... futex resumed>) = 0 [pid 792] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 798] write(4, "0x0000000000000000", 18 [pid 792] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 798] <... write resumed>) = 18 [pid 792] <... futex resumed>) = 0 [pid 798] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 797] <... mkdir resumed>) = 0 [pid 792] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 798] <... futex resumed>) = 0 [pid 792] <... futex resumed>) = 0 [pid 798] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 792] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 797] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 792] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[806]}, 88) = 806 [pid 792] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 792] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 792] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 806 attached [pid 806] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 806] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 806] write(4, "0x0000000000000000", 18) = 18 [pid 806] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 792] <... futex resumed>) = 0 [pid 792] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 798] <... futex resumed>) = 0 [pid 792] <... futex resumed>) = 1 [pid 798] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 792] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 798] <... mmap resumed>) = 0x20000000 [pid 798] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 792] <... futex resumed>) = 0 [pid 806] <... futex resumed>) = 1 [pid 792] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 806] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 792] <... futex resumed>) = 0 [pid 792] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 798] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 806] <... futex resumed>) = ? [pid 792] <... futex resumed>) = ? [pid 806] +++ killed by SIGBUS +++ [pid 798] +++ killed by SIGBUS +++ [pid 792] +++ killed by SIGBUS +++ [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=792, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 362] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 362] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./14/binderfs") = 0 [pid 362] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 787] <... close resumed>) = 0 [pid 358] <... openat resumed>) = 3 [pid 787] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 786] <... futex resumed>) = 0 [pid 358] ioctl(3, LOOP_CLR_FD [pid 787] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 786] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 786] <... futex resumed>) = 0 [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 787] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 786] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 787] <... openat resumed>) = 4 [pid 358] close(3 [pid 787] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 786] <... futex resumed>) = 0 [pid 358] <... close resumed>) = 0 [pid 787] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 786] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 786] <... futex resumed>) = 0 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 787] write(4, "0x0000000000000000", 18 [pid 786] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 787] <... write resumed>) = 18 [pid 786] <... futex resumed>) = 0 [pid 787] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 787] <... futex resumed>) = 0 [pid 786] <... mmap resumed>) = 0x7faaf7ac0000 [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 807 [pid 787] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 786] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 786] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 786] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[808]}, 88) = 808 [pid 786] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 786] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 786] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... umount2 resumed>) = 0 [pid 360] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 807 attached [pid 807] set_robust_list(0x5555893a06a0, 24) = 0 [pid 807] chdir("./14") = 0 [pid 807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 360] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 807] setpgid(0, 0) = 0 [pid 807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 808 attached [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 807] write(3, "1000", 4) = 4 [pid 807] close(3) = 0 [pid 807] symlink("/dev/binderfs", "./binderfs" [pid 808] set_robust_list(0x7faaf7ae09a0, 24 [pid 360] <... openat resumed>) = 4 [pid 360] newfstatat(4, "", [pid 808] <... set_robust_list resumed>) = 0 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 360] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] close(4) = 0 [pid 360] rmdir("./14/file0") = 0 [pid 360] getdents64(3, [pid 808] rt_sigprocmask(SIG_SETMASK, [], [pid 360] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] close(3) = 0 executing program [pid 360] rmdir("./14" [pid 807] <... symlink resumed>) = 0 [pid 807] write(1, "executing program\n", 18) = 18 [pid 807] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... rmdir resumed>) = 0 [pid 807] <... futex resumed>) = 0 [pid 807] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 808] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 360] mkdir("./15", 0777 [pid 807] <... rt_sigaction resumed>NULL, 8) = 0 [pid 807] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 807] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 360] <... mkdir resumed>) = 0 [pid 807] <... mprotect resumed>) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 808] write(4, "0x0000000000000000", 18 [pid 807] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 808] <... write resumed>) = 18 [pid 807] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 808] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 810 attached [pid 807] <... clone3 resumed> => {parent_tid=[810]}, 88) = 810 [pid 807] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 807] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 807] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 810] set_robust_list(0x7faaf7b019a0, 24 [pid 808] <... futex resumed>) = 1 [pid 786] <... futex resumed>) = 0 [pid 786] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 787] <... futex resumed>) = 0 [pid 786] <... futex resumed>) = 1 [pid 787] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 786] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 810] <... set_robust_list resumed>) = 0 [pid 808] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 787] <... mmap resumed>) = 0x20000000 [pid 787] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 786] <... futex resumed>) = 0 [ 31.430435][ T798] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 810] rt_sigprocmask(SIG_SETMASK, [], [pid 786] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 810] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 810] memfd_create("syzkaller", 0) = 3 [pid 810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 786] <... futex resumed>) = 0 [pid 786] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 797] <... mount resumed>) = 0 [pid 787] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 797] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 786] <... futex resumed>) = -1 (errno 18446744073709551359) [pid 797] <... openat resumed>) = 3 [pid 808] <... futex resumed>) = ? [pid 797] chdir("./file0" [pid 808] +++ killed by SIGBUS +++ [pid 797] <... chdir resumed>) = 0 [pid 797] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 787] +++ killed by SIGBUS +++ [pid 786] +++ killed by SIGBUS +++ [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=786, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 359] restart_syscall(<... resuming interrupted clone ...> [pid 810] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 810] munmap(0x7faaef6e1000, 138412032) = 0 [pid 810] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 359] <... restart_syscall resumed>) = 0 [pid 359] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 359] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./14/binderfs") = 0 [pid 359] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 810] <... openat resumed>) = 4 [pid 797] <... openat resumed>) = 4 [pid 362] <... umount2 resumed>) = 0 [pid 360] <... openat resumed>) = 3 [pid 797] ioctl(4, LOOP_CLR_FD [pid 360] ioctl(3, LOOP_CLR_FD [pid 797] <... ioctl resumed>) = 0 [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 797] close(4 [pid 360] close(3 [pid 797] <... close resumed>) = 0 [pid 360] <... close resumed>) = 0 [pid 797] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 797] <... futex resumed>) = 1 [pid 797] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 812 [pid 810] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 810] close(3) = 0 [pid 810] close(4 [pid 362] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 793] <... futex resumed>) = 0 ./strace-static-x86_64: Process 812 attached [pid 793] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 812] set_robust_list(0x5555893a06a0, 24 [pid 797] <... futex resumed>) = 0 [pid 793] <... futex resumed>) = 1 [pid 797] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 812] <... set_robust_list resumed>) = 0 [pid 793] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... openat resumed>) = 4 [pid 797] <... openat resumed>) = 4 [pid 797] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 797] write(4, "0x0000000000000000", 18 [pid 793] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 797] <... write resumed>) = 18 [pid 793] <... futex resumed>) = 0 [pid 797] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 793] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 797] <... futex resumed>) = 0 [pid 793] <... futex resumed>) = 0 [pid 797] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 793] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 793] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 793] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 793] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[814]}, 88) = 814 [pid 793] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 793] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 362] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 362] close(4) = 0 [pid 362] rmdir("./14/file0") = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 362] close(3) = 0 [pid 362] rmdir("./14") = 0 [pid 362] mkdir("./15", 0777) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 814 attached [pid 814] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 814] write(4, "0x0000000000000000", 18) = 18 [pid 814] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 797] <... futex resumed>) = 0 [pid 793] <... futex resumed>) = 1 [pid 797] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 793] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 797] <... mmap resumed>) = 0x20000000 [pid 797] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 31.474696][ T787] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 814] <... futex resumed>) = 1 [pid 812] chdir("./15" [pid 793] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 812] <... chdir resumed>) = 0 [pid 814] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 812] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 812] setpgid(0, 0) = 0 [pid 812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 812] write(3, "1000", 4) = 4 [pid 812] close(3) = 0 [pid 812] symlink("/dev/binderfs", "./binderfs") = 0 [pid 812] write(1, "executing program\n", 18executing program ) = 18 [pid 812] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 812] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 812] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 812] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 812] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[815]}, 88) = 815 [pid 812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 812] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 812] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 815 attached [pid 797] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 815] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 815] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 815] memfd_create("syzkaller", 0 [pid 793] <... futex resumed>) = ? [pid 814] <... futex resumed>) = ? [pid 815] <... memfd_create resumed>) = 3 [pid 815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 814] +++ killed by SIGBUS +++ [pid 797] +++ killed by SIGBUS +++ [pid 793] +++ killed by SIGBUS +++ [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=793, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 357] restart_syscall(<... resuming interrupted clone ...> [pid 815] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 815] munmap(0x7faaef6e1000, 138412032) = 0 [pid 815] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 357] <... restart_syscall resumed>) = 0 [pid 357] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 357] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./13/binderfs") = 0 [pid 357] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 810] <... close resumed>) = 0 [pid 810] mkdir("./file0", 0777) = 0 [ 31.523196][ T797] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 810] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 815] <... openat resumed>) = 4 [pid 362] <... openat resumed>) = 3 [pid 362] ioctl(3, LOOP_CLR_FD [pid 815] ioctl(4, LOOP_SET_FD, 3executing program [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 359] <... umount2 resumed>) = 0 [pid 362] close(3 [pid 359] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] <... close resumed>) = 0 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 359] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 816 [pid 359] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 359] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] close(4) = 0 [pid 359] rmdir("./14/file0") = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] close(3) = 0 [pid 359] rmdir("./14") = 0 [pid 359] mkdir("./15", 0777) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 359] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 359] close(3) = 0 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 817 ./strace-static-x86_64: Process 817 attached [pid 817] set_robust_list(0x5555893a06a0, 24) = 0 [pid 817] chdir("./15") = 0 [pid 817] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 817] setpgid(0, 0) = 0 [pid 817] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 817] write(3, "1000", 4) = 4 [pid 817] close(3) = 0 [pid 817] symlink("/dev/binderfs", "./binderfs") = 0 [pid 817] write(1, "executing program\n", 18) = 18 [pid 817] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 817] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 817] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 817] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 817] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 817] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[818]}, 88) = 818 [pid 817] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 817] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 817] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 818 attached [pid 818] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 818] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 816 attached [pid 815] <... ioctl resumed>) = 0 [pid 357] <... umount2 resumed>) = 0 [pid 357] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 357] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 357] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] close(4) = 0 [pid 818] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 357] rmdir("./13/file0" [pid 818] memfd_create("syzkaller", 0 [pid 810] <... mount resumed>) = 0 [pid 357] <... rmdir resumed>) = 0 [pid 818] <... memfd_create resumed>) = 3 [pid 357] getdents64(3, [pid 818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 357] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 818] <... mmap resumed>) = 0x7faaef6e1000 [pid 815] close(3 [pid 357] close(3 [pid 818] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 815] <... close resumed>) = 0 [pid 810] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 357] <... close resumed>) = 0 [pid 815] close(4 [pid 810] <... openat resumed>) = 3 [pid 357] rmdir("./13" [pid 810] chdir("./file0") = 0 [pid 357] <... rmdir resumed>) = 0 [pid 810] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 357] mkdir("./14", 0777) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 816] set_robust_list(0x5555893a06a0, 24) = 0 [pid 816] chdir("./15") = 0 [pid 816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 816] setpgid(0, 0) = 0 [pid 816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 816] write(3, "1000", 4) = 4 [pid 816] close(3) = 0 [pid 816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 816] write(1, "executing program\n", 18executing program ) = 18 [pid 816] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 816] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 816] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 816] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 816] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[822]}, 88) = 822 [pid 816] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 816] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 818] <... write resumed>) = 1048576 [pid 818] munmap(0x7faaef6e1000, 138412032./strace-static-x86_64: Process 822 attached [pid 816] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 822] set_robust_list(0x7faaf7b019a0, 24 [pid 818] <... munmap resumed>) = 0 [pid 818] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 822] <... set_robust_list resumed>) = 0 [pid 822] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 822] memfd_create("syzkaller", 0) = 3 [pid 822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 822] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 822] munmap(0x7faaef6e1000, 138412032) = 0 [pid 822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 815] <... close resumed>) = 0 [pid 810] <... openat resumed>) = 4 [pid 815] mkdir("./file0", 0777 [pid 810] ioctl(4, LOOP_CLR_FD [pid 815] <... mkdir resumed>) = 0 [pid 815] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 810] <... ioctl resumed>) = 0 [pid 357] <... openat resumed>) = 3 [pid 810] close(4 [pid 357] ioctl(3, LOOP_CLR_FD [pid 810] <... close resumed>) = 0 [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 810] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] close(3 [pid 810] <... futex resumed>) = 1 [pid 807] <... futex resumed>) = 0 [pid 357] <... close resumed>) = 0 [pid 810] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 807] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 807] <... futex resumed>) = 0 [pid 810] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 807] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... clone resumed>, child_tidptr=0x5555893a0690) = 824 [pid 810] <... openat resumed>) = 4 [pid 822] <... openat resumed>) = 4 [pid 810] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 822] ioctl(4, LOOP_SET_FD, 3 [pid 810] <... futex resumed>) = 1 [pid 807] <... futex resumed>) = 0 [pid 810] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 807] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 807] <... futex resumed>) = 0 [pid 810] write(4, "0x0000000000000000", 18 [pid 807] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 810] <... write resumed>) = 18 [pid 807] <... futex resumed>) = 0 [pid 822] <... ioctl resumed>) = 0 [pid 810] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 822] close(3 [pid 810] <... futex resumed>) = 0 [pid 807] <... mmap resumed>) = 0x7faaf7ac0000 [pid 822] <... close resumed>) = 0 [pid 810] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 807] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 822] close(4 [pid 807] <... mprotect resumed>) = 0 [pid 807] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 807] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[827]}, 88) = 827 [pid 807] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 807] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 807] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 818] <... openat resumed>) = 4 ./strace-static-x86_64: Process 824 attached [pid 818] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 827 attached [pid 824] set_robust_list(0x5555893a06a0, 24 [pid 827] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 824] <... set_robust_list resumed>) = 0 [pid 815] <... mount resumed>) = 0 [pid 827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 827] write(4, "0x0000000000000000", 18) = 18 [pid 827] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 807] <... futex resumed>) = 0 [pid 807] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 810] <... futex resumed>) = 0 [pid 807] <... futex resumed>) = 1 [pid 824] chdir("./14" [pid 815] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 810] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 807] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 810] <... mmap resumed>) = 0x20000000 [pid 815] <... openat resumed>) = 3 [pid 824] <... chdir resumed>) = 0 [pid 810] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 815] chdir("./file0" [pid 824] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 810] <... futex resumed>) = 1 [pid 807] <... futex resumed>) = 0 [pid 824] <... prctl resumed>) = 0 [pid 815] <... chdir resumed>) = 0 [pid 810] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 807] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 815] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 807] <... futex resumed>) = 0 [pid 824] setpgid(0, 0 [pid 827] <... futex resumed>) = 1 [pid 827] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 807] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 824] <... setpgid resumed>) = 0 [pid 824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 824] write(3, "1000", 4) = 4 [pid 824] close(3) = 0 [pid 824] symlink("/dev/binderfs", "./binderfs") = 0 [pid 824] write(1, "executing program\n", 18) = 18 [pid 824] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 824] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 824] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 824] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[828]}, 88) = 828 [pid 824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 824] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 828 attached [pid 828] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 828] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 828] memfd_create("syzkaller", 0) = 3 [pid 828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 810] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 828] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 822] <... close resumed>) = 0 [pid 807] <... futex resumed>) = ? [pid 822] mkdir("./file0", 0777 [pid 827] <... futex resumed>) = ? [pid 822] <... mkdir resumed>) = 0 [pid 822] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 827] +++ killed by SIGBUS +++ [pid 810] +++ killed by SIGBUS +++ [pid 807] +++ killed by SIGBUS +++ [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=807, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 358] restart_syscall(<... resuming interrupted clone ...> [pid 828] <... write resumed>) = 1048576 [pid 828] munmap(0x7faaef6e1000, 138412032) = 0 [pid 828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 358] <... restart_syscall resumed>) = 0 [pid 358] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./14/binderfs") = 0 [ 31.763323][ T810] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 358] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 818] <... ioctl resumed>) = 0 [pid 815] <... openat resumed>) = 4 [pid 815] ioctl(4, LOOP_CLR_FD) = 0 [pid 815] close(4 [pid 818] close(3 [pid 815] <... close resumed>) = 0 [pid 815] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 812] <... futex resumed>) = 0 [pid 815] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 812] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 815] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 812] <... futex resumed>) = 0 [pid 815] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 812] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 828] <... openat resumed>) = 4 [pid 818] <... close resumed>) = 0 [pid 815] <... openat resumed>) = 4 [pid 815] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 812] <... futex resumed>) = 0 [pid 815] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 812] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 828] ioctl(4, LOOP_SET_FD, 3 [pid 818] close(4 [pid 815] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 812] <... futex resumed>) = 0 [pid 815] write(4, "0x0000000000000000", 18 [pid 812] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 815] <... write resumed>) = 18 [pid 812] <... futex resumed>) = 0 [pid 815] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 815] <... futex resumed>) = 0 [pid 812] <... mmap resumed>) = 0x7faaf7ac0000 [pid 815] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 812] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 812] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[830]}, 88) = 830 ./strace-static-x86_64: Process 830 attached [pid 812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 812] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 812] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 830] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 830] write(4, "0x0000000000000000", 18) = 18 [pid 830] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 812] <... futex resumed>) = 0 [pid 812] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 815] <... futex resumed>) = 0 [pid 812] <... futex resumed>) = 1 [pid 815] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 812] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 830] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 815] <... mmap resumed>) = 0x20000000 [pid 815] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 812] <... futex resumed>) = 0 [pid 815] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 812] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 815] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 812] <... futex resumed>) = 0 [pid 812] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 830] <... futex resumed>) = ? [pid 812] <... futex resumed>) = ? [pid 830] +++ killed by SIGBUS +++ [pid 815] +++ killed by SIGBUS +++ [pid 812] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=812, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 360] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 360] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 360] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./15/binderfs") = 0 [pid 360] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 828] <... ioctl resumed>) = 0 [pid 818] <... close resumed>) = 0 [pid 358] <... umount2 resumed>) = 0 [pid 818] mkdir("./file0", 0777 [pid 358] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 828] close(3 [pid 818] <... mkdir resumed>) = 0 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 828] <... close resumed>) = 0 [pid 818] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 358] newfstatat(AT_FDCWD, "./14/file0", [pid 828] close(4 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 358] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(4, [pid 822] <... mount resumed>) = 0 [pid 358] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 822] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 358] getdents64(4, [pid 822] <... openat resumed>) = 3 [pid 358] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 822] chdir("./file0" [pid 358] close(4) = 0 [pid 822] <... chdir resumed>) = 0 [pid 358] rmdir("./14/file0" [pid 822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 358] <... rmdir resumed>) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] close(3) = 0 [pid 358] rmdir("./14") = 0 [pid 358] mkdir("./15", 0777) = 0 [ 31.849347][ T815] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 828] <... close resumed>) = 0 [pid 822] <... openat resumed>) = 4 [pid 358] <... openat resumed>) = 3 [pid 828] mkdir("./file0", 0777 [pid 358] ioctl(3, LOOP_CLR_FD [pid 828] <... mkdir resumed>) = 0 [pid 822] ioctl(4, LOOP_CLR_FD [pid 828] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 818] <... mount resumed>) = 0 [pid 818] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 818] chdir("./file0") = 0 [pid 818] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 360] <... umount2 resumed>) = 0 [pid 360] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 360] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 360] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] close(4) = 0 [pid 360] rmdir("./15/file0") = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] close(3) = 0 [pid 360] rmdir("./15") = 0 [pid 360] mkdir("./16", 0777) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 358] close(3) = 0 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 837 ./strace-static-x86_64: Process 837 attached [pid 822] <... ioctl resumed>) = 0 [pid 818] <... openat resumed>) = 4 [pid 818] ioctl(4, LOOP_CLR_FD) = 0 [pid 818] close(4 [pid 822] close(4 [pid 818] <... close resumed>) = 0 [pid 360] <... openat resumed>) = 3 [pid 818] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] ioctl(3, LOOP_CLR_FD [pid 818] <... futex resumed>) = 1 [pid 817] <... futex resumed>) = 0 [pid 818] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 817] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 818] <... openat resumed>) = 4 [pid 817] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 818] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 817] <... futex resumed>) = 0 [pid 818] write(4, "0x0000000000000000", 18 [pid 817] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 818] <... write resumed>) = 18 [pid 817] <... futex resumed>) = 0 [pid 818] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 817] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 818] <... futex resumed>) = 0 [pid 817] <... futex resumed>) = 0 [pid 818] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 817] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 817] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 817] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 360] close(3 [pid 817] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 360] <... close resumed>) = 0 [pid 817] <... clone3 resumed> => {parent_tid=[838]}, 88) = 838 [pid 817] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 817] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 817] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 837] set_robust_list(0x5555893a06a0, 24 [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 839 ./strace-static-x86_64: Process 838 attached [pid 822] <... close resumed>) = 0 [pid 838] set_robust_list(0x7faaf7ae09a0, 24 [pid 822] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 816] <... futex resumed>) = 0 [pid 838] <... set_robust_list resumed>) = 0 [pid 822] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 816] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 838] rt_sigprocmask(SIG_SETMASK, [], [pid 822] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 816] <... futex resumed>) = 0 [pid 838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 822] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 816] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 838] write(4, "0x0000000000000000", 18 [pid 822] <... openat resumed>) = 4 [pid 838] <... write resumed>) = 18 [pid 822] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 838] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 822] <... futex resumed>) = 1 [pid 816] <... futex resumed>) = 0 [pid 838] <... futex resumed>) = 1 [pid 822] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 817] <... futex resumed>) = 0 [pid 816] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 838] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 822] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 817] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 816] <... futex resumed>) = 0 [pid 822] write(4, "0x0000000000000000", 18 [pid 818] <... futex resumed>) = 0 [pid 817] <... futex resumed>) = 1 [pid 816] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 822] <... write resumed>) = 18 [pid 818] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 817] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 816] <... futex resumed>) = 0 [pid 822] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 818] <... mmap resumed>) = 0x20000000 [pid 816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 822] <... futex resumed>) = 0 [pid 818] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 837] <... set_robust_list resumed>) = 0 [pid 822] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 818] <... futex resumed>) = 1 [pid 817] <... futex resumed>) = 0 [pid 816] <... mmap resumed>) = 0x7faaf7ac0000 ./strace-static-x86_64: Process 839 attached [pid 837] chdir("./15" [pid 818] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 839] set_robust_list(0x5555893a06a0, 24 [pid 837] <... chdir resumed>) = 0 [pid 828] <... mount resumed>) = 0 [pid 818] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 817] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 816] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 839] <... set_robust_list resumed>) = 0 [pid 837] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 828] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 817] <... futex resumed>) = 0 [pid 816] <... mprotect resumed>) = 0 [pid 839] chdir("./16" [pid 837] <... prctl resumed>) = 0 [pid 828] <... openat resumed>) = 3 [pid 817] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 816] rt_sigprocmask(SIG_BLOCK, ~[], [pid 839] <... chdir resumed>) = 0 [pid 837] setpgid(0, 0 [pid 828] chdir("./file0" [pid 816] <... rt_sigprocmask resumed>[], 8) = 0 [pid 839] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 837] <... setpgid resumed>) = 0 [pid 828] <... chdir resumed>) = 0 [pid 816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 839] <... prctl resumed>) = 0 [pid 837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 828] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 839] setpgid(0, 0 [pid 837] <... openat resumed>) = 3 [pid 839] <... setpgid resumed>) = 0 [pid 828] <... openat resumed>) = 4 [pid 816] <... clone3 resumed> => {parent_tid=[842]}, 88) = 842 [pid 837] write(3, "1000", 4 [pid 839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 837] <... write resumed>) = 4 [pid 828] ioctl(4, LOOP_CLR_FD [pid 816] rt_sigprocmask(SIG_SETMASK, [], [pid 839] <... openat resumed>) = 3 [pid 837] close(3 [pid 828] <... ioctl resumed>) = 0 [pid 816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 839] write(3, "1000", 4 [pid 837] <... close resumed>) = 0 [pid 828] close(4 [pid 816] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 839] <... write resumed>) = 4 [pid 837] symlink("/dev/binderfs", "./binderfs" [pid 839] close(3 [pid 828] <... close resumed>) = 0 [pid 816] <... futex resumed>) = 0 executing program [pid 837] <... symlink resumed>) = 0 [pid 816] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] <... close resumed>) = 0 [pid 837] write(1, "executing program\n", 18 [pid 828] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 839] symlink("/dev/binderfs", "./binderfs" [pid 837] <... write resumed>) = 18 [pid 828] <... futex resumed>) = 1 executing program [pid 839] <... symlink resumed>) = 0 [pid 824] <... futex resumed>) = 0 [pid 837] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 828] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 839] write(1, "executing program\n", 18 [pid 837] <... futex resumed>) = 0 [pid 839] <... write resumed>) = 18 [pid 839] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 837] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 824] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 839] <... futex resumed>) = 0 [pid 837] <... rt_sigaction resumed>NULL, 8) = 0 [pid 839] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 837] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 839] <... rt_sigaction resumed>NULL, 8) = 0 [pid 837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 839] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 837] <... mmap resumed>) = 0x7faaf7ae1000 [pid 828] <... futex resumed>) = 0 [pid 824] <... futex resumed>) = 1 [pid 839] <... mmap resumed>) = 0x7faaf7ae1000 [pid 837] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 839] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 837] <... mprotect resumed>) = 0 [pid 839] <... mprotect resumed>) = 0 [pid 837] rt_sigprocmask(SIG_BLOCK, ~[], [pid 828] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 824] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] rt_sigprocmask(SIG_BLOCK, ~[], [pid 837] <... rt_sigprocmask resumed>[], 8) = 0 [pid 839] <... rt_sigprocmask resumed>[], 8) = 0 [pid 837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 839] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 828] <... openat resumed>) = 4 [pid 839] <... clone3 resumed> => {parent_tid=[844]}, 88) = 844 [pid 837] <... clone3 resumed> => {parent_tid=[843]}, 88) = 843 [pid 839] rt_sigprocmask(SIG_SETMASK, [], [pid 837] rt_sigprocmask(SIG_SETMASK, [], [pid 839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 839] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 837] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 839] <... futex resumed>) = 0 [pid 837] <... futex resumed>) = 0 [pid 839] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 837] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 828] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 824] <... futex resumed>) = 0 [pid 828] write(4, "0x0000000000000000", 18 [pid 824] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 828] <... write resumed>) = 18 [pid 824] <... futex resumed>) = 0 [pid 828] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 824] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 828] <... futex resumed>) = 0 [pid 824] <... futex resumed>) = 0 [pid 828] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 824] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 824] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[845]}, 88) = 845 [pid 824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 824] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 845 attached ./strace-static-x86_64: Process 844 attached ./strace-static-x86_64: Process 843 attached ./strace-static-x86_64: Process 842 attached [pid 818] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 844] set_robust_list(0x7faaf7b019a0, 24 [pid 843] set_robust_list(0x7faaf7b019a0, 24 [pid 844] <... set_robust_list resumed>) = 0 [pid 843] <... set_robust_list resumed>) = 0 [pid 844] rt_sigprocmask(SIG_SETMASK, [], [pid 843] rt_sigprocmask(SIG_SETMASK, [], [pid 844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 845] set_robust_list(0x7faaf7ae09a0, 24 [pid 844] memfd_create("syzkaller", 0 [pid 843] memfd_create("syzkaller", 0 [pid 842] set_robust_list(0x7faaf7ae09a0, 24 [pid 838] <... futex resumed>) = ? [pid 817] <... futex resumed>) = ? [pid 844] <... memfd_create resumed>) = 3 [pid 843] <... memfd_create resumed>) = 3 [pid 845] <... set_robust_list resumed>) = 0 [pid 842] <... set_robust_list resumed>) = 0 [pid 838] +++ killed by SIGBUS +++ [pid 844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 844] <... mmap resumed>) = 0x7faaef6e1000 [pid 843] <... mmap resumed>) = 0x7faaef6e1000 [pid 845] rt_sigprocmask(SIG_SETMASK, [], [pid 843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 842] rt_sigprocmask(SIG_SETMASK, [], [pid 818] +++ killed by SIGBUS +++ [pid 817] +++ killed by SIGBUS +++ [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=817, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 359] restart_syscall(<... resuming interrupted clone ...> [pid 845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 843] <... write resumed>) = 1048576 [pid 843] munmap(0x7faaef6e1000, 138412032) = 0 [pid 842] write(4, "0x0000000000000000", 18 [pid 843] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 843] ioctl(4, LOOP_SET_FD, 3 [pid 845] write(4, "0x0000000000000000", 18 [pid 842] <... write resumed>) = 18 [pid 842] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 843] <... ioctl resumed>) = 0 [pid 816] <... futex resumed>) = 0 [pid 816] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 843] close(3 [pid 822] <... futex resumed>) = 0 [pid 816] <... futex resumed>) = 1 [pid 843] <... close resumed>) = 0 [pid 822] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [ 32.074024][ T818] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 816] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 822] <... mmap resumed>) = 0x20000000 [pid 843] close(4 [pid 822] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 816] <... futex resumed>) = 0 [pid 822] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 816] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... restart_syscall resumed>) = 0 [pid 844] <... write resumed>) = 1048576 [pid 844] munmap(0x7faaef6e1000, 138412032) = 0 [pid 844] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 845] <... write resumed>) = 18 [pid 845] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 824] <... futex resumed>) = 0 [pid 824] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 828] <... futex resumed>) = 0 [pid 824] <... futex resumed>) = 1 [pid 828] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 824] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 828] <... mmap resumed>) = 0x20000000 [pid 828] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 824] <... futex resumed>) = 0 [pid 845] <... futex resumed>) = 1 [pid 824] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 822] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 816] <... futex resumed>) = 0 [pid 816] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 359] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./15/binderfs") = 0 [pid 359] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 845] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 816] <... futex resumed>) = ? [pid 842] <... futex resumed>) = ? [pid 842] +++ killed by SIGBUS +++ [pid 822] +++ killed by SIGBUS +++ [pid 816] +++ killed by SIGBUS +++ [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=816, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 362] restart_syscall(<... resuming interrupted clone ...> [pid 824] <... futex resumed>) = 0 [pid 824] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... restart_syscall resumed>) = 0 [pid 362] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./15/binderfs") = 0 [pid 362] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 828] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 824] <... futex resumed>) = ? [pid 845] <... futex resumed>) = ? [pid 845] +++ killed by SIGBUS +++ [pid 828] +++ killed by SIGBUS +++ [pid 824] +++ killed by SIGBUS +++ [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=824, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 357] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 357] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 357] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./14/binderfs") = 0 [pid 357] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 844] <... openat resumed>) = 4 [pid 843] <... close resumed>) = 0 [pid 844] ioctl(4, LOOP_SET_FD, 3 [pid 843] mkdir("./file0", 0777 [pid 844] <... ioctl resumed>) = 0 [pid 843] <... mkdir resumed>) = 0 [pid 844] close(3 [pid 843] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 844] <... close resumed>) = 0 [ 32.123580][ T822] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 32.126160][ T828] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 844] close(4) = 0 [pid 362] <... umount2 resumed>) = 0 [pid 359] <... umount2 resumed>) = 0 [pid 362] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 362] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 362] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 362] close(4) = 0 [pid 362] rmdir("./15/file0") = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 362] close(3) = 0 [pid 362] rmdir("./15") = 0 [pid 362] mkdir("./16", 0777) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 362] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 362] close(3) = 0 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 844] mkdir("./file0", 0777 [pid 359] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] <... umount2 resumed>) = 0 [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 848 ./strace-static-x86_64: Process 848 attached [pid 848] set_robust_list(0x5555893a06a0, 24) = 0 [pid 848] chdir("./16") = 0 [pid 848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 848] setpgid(0, 0) = 0 [pid 848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 848] write(3, "1000", 4) = 4 [pid 848] close(3) = 0 [pid 848] symlink("/dev/binderfs", "./binderfs") = 0 [pid 848] write(1, "executing program\n", 18) = 18 [pid 848] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 848] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 848] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 848] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[851]}, 88) = 851 [pid 848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 848] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 848] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 844] <... mkdir resumed>) = 0 [pid 843] <... mount resumed>) = 0 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 844] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 843] chdir("./file0") = 0 [pid 843] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 843] ioctl(4, LOOP_CLR_FD) = 0 [pid 843] close(4) = 0 [pid 843] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 837] <... futex resumed>) = 0 [pid 843] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 837] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 843] <... openat resumed>) = 4 [pid 837] <... futex resumed>) = 0 [pid 359] newfstatat(AT_FDCWD, "./15/file0", [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 843] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 837] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 843] <... futex resumed>) = 0 [pid 837] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 843] write(4, "0x0000000000000000", 18 [pid 837] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 843] <... write resumed>) = 18 [pid 837] <... futex resumed>) = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] newfstatat(AT_FDCWD, "./14/file0", [pid 843] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 837] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 843] <... futex resumed>) = 0 [pid 837] <... futex resumed>) = 0 [pid 843] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 837] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 837] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[852]}, 88) = 852 [pid 837] rt_sigprocmask(SIG_SETMASK, [], [pid 359] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 837] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 837] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 852 attached [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 852] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 852] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 852] write(4, "0x0000000000000000", 18) = 18 [pid 852] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 837] <... futex resumed>) = 0 [pid 837] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 843] <... futex resumed>) = 0 [pid 837] <... futex resumed>) = 1 [pid 843] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 837] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 843] <... mmap resumed>) = 0x20000000 [pid 359] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 843] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 837] <... futex resumed>) = 0 [pid 837] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... openat resumed>) = 4 [pid 357] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 837] <... futex resumed>) = 0 [pid 837] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 852] <... futex resumed>) = 1 [pid 359] newfstatat(4, "", [pid 357] <... openat resumed>) = 4 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] newfstatat(4, "", [pid 852] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 851 attached [pid 359] getdents64(4, [pid 851] set_robust_list(0x7faaf7b019a0, 24 [pid 844] <... mount resumed>) = 0 [pid 843] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 852] <... futex resumed>) = ? [pid 837] <... futex resumed>) = ? [pid 852] +++ killed by SIGBUS +++ [pid 359] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 851] <... set_robust_list resumed>) = 0 [pid 357] getdents64(4, [pid 359] getdents64(4, [pid 851] rt_sigprocmask(SIG_SETMASK, [], [pid 844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 843] +++ killed by SIGBUS +++ [pid 837] +++ killed by SIGBUS +++ [pid 359] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=837, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 358] restart_syscall(<... resuming interrupted clone ...> [pid 844] <... openat resumed>) = 3 [pid 844] chdir("./file0" [pid 851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 359] close(4 [pid 357] getdents64(4, [pid 844] <... chdir resumed>) = 0 [pid 844] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 851] memfd_create("syzkaller", 0 [pid 357] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] <... close resumed>) = 0 [pid 844] <... openat resumed>) = 4 [pid 357] close(4 [pid 851] <... memfd_create resumed>) = 3 [pid 359] rmdir("./15/file0" [pid 844] ioctl(4, LOOP_CLR_FD) = 0 [pid 844] close(4 [pid 851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 844] <... close resumed>) = 0 [pid 359] <... rmdir resumed>) = 0 [pid 357] <... close resumed>) = 0 [pid 844] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 839] <... futex resumed>) = 0 [pid 844] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 839] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] <... mmap resumed>) = 0x7faaef6e1000 [pid 839] <... futex resumed>) = 0 [pid 359] getdents64(3, [pid 357] rmdir("./14/file0" [pid 839] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 844] <... openat resumed>) = 4 [pid 844] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 839] <... futex resumed>) = 0 [pid 839] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] write(4, "0x0000000000000000", 18 [pid 839] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 844] <... write resumed>) = 18 [pid 839] <... futex resumed>) = 0 [pid 844] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 844] <... futex resumed>) = 0 [pid 839] <... mmap resumed>) = 0x7faaf7ac0000 [pid 844] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 839] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 839] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 839] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[855]}, 88) = 855 [pid 839] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 839] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 839] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 855 attached [pid 855] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 855] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 855] write(4, "0x0000000000000000", 18) = 18 [pid 855] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 839] <... futex resumed>) = 0 [pid 839] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 844] <... futex resumed>) = 0 [pid 839] <... futex resumed>) = 1 [pid 844] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 839] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 844] <... mmap resumed>) = 0x20000000 [pid 844] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 839] <... futex resumed>) = 0 [pid 855] <... futex resumed>) = 1 [pid 851] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 839] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] <... rmdir resumed>) = 0 [pid 359] close(3 [pid 357] getdents64(3, [pid 359] <... close resumed>) = 0 [pid 357] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] rmdir("./15" [pid 357] close(3 [pid 359] <... rmdir resumed>) = 0 [pid 357] <... close resumed>) = 0 [pid 359] mkdir("./16", 0777 [pid 357] rmdir("./14" [pid 359] <... mkdir resumed>) = 0 [pid 357] <... rmdir resumed>) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 357] mkdir("./15", 0777 [pid 359] <... openat resumed>) = 3 [pid 357] <... mkdir resumed>) = 0 [pid 359] ioctl(3, LOOP_CLR_FD [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 359] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 357] <... openat resumed>) = 3 [pid 359] close(3 [pid 357] ioctl(3, LOOP_CLR_FD [pid 359] <... close resumed>) = 0 [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 357] close(3) = 0 [pid 359] <... clone resumed>, child_tidptr=0x5555893a0690) = 856 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 857 ./strace-static-x86_64: Process 857 attached ./strace-static-x86_64: Process 856 attached [pid 855] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 844] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 839] <... futex resumed>) = 0 [pid 358] <... restart_syscall resumed>) = 0 [pid 839] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 358] newfstatat(3, "", [pid 857] set_robust_list(0x5555893a06a0, 24 [pid 856] set_robust_list(0x5555893a06a0, 24 [pid 851] <... write resumed>) = 1048576 [pid 839] <... futex resumed>) = ? [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, [pid 857] <... set_robust_list resumed>) = 0 [pid 856] <... set_robust_list resumed>) = 0 [pid 855] <... futex resumed>) = ? [pid 851] munmap(0x7faaef6e1000, 138412032 [pid 358] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 855] +++ killed by SIGBUS +++ [pid 358] unlink("./15/binderfs") = 0 [pid 358] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 857] chdir("./15" [pid 856] chdir("./16" [pid 851] <... munmap resumed>) = 0 [pid 844] +++ killed by SIGBUS +++ [pid 839] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=839, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 360] restart_syscall(<... resuming interrupted clone ...> [pid 856] <... chdir resumed>) = 0 [pid 856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 856] setpgid(0, 0) = 0 [pid 856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 857] <... chdir resumed>) = 0 [pid 856] write(3, "1000", 4) = 4 [pid 856] close(3) = 0 [pid 856] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 856] write(1, "executing program\n", 18) = 18 [pid 856] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 856] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 856] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 856] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 856] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 360] <... restart_syscall resumed>) = 0 [pid 857] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 851] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 360] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 360] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./16/binderfs") = 0 [pid 360] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 856] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 857] <... prctl resumed>) = 0 [pid 857] setpgid(0, 0./strace-static-x86_64: Process 858 attached ) = 0 [pid 856] <... clone3 resumed> => {parent_tid=[858]}, 88) = 858 [pid 858] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 856] rt_sigprocmask(SIG_SETMASK, [], [pid 857] <... openat resumed>) = 3 [pid 856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 858] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 857] write(3, "1000", 4 [pid 856] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 858] memfd_create("syzkaller", 0) = 3 [pid 858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 856] <... futex resumed>) = 0 [pid 857] <... write resumed>) = 4 [pid 858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 856] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 858] <... write resumed>) = 1048576 [pid 358] <... umount2 resumed>) = 0 [pid 858] munmap(0x7faaef6e1000, 138412032) = 0 [pid 858] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 858] close(3) = 0 [pid 858] close(4executing program [pid 857] close(3) = 0 [pid 857] symlink("/dev/binderfs", "./binderfs") = 0 [pid 857] write(1, "executing program\n", 18) = 18 [pid 857] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 857] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 358] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 857] <... rt_sigaction resumed>NULL, 8) = 0 [pid 857] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 857] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 857] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[860]}, 88) = 860 [pid 857] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 857] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 857] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 358] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [ 32.399416][ T843] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 32.434163][ T844] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 358] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 358] close(4) = 0 [pid 358] rmdir("./15/file0"./strace-static-x86_64: Process 860 attached ) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] close(3) = 0 [pid 358] rmdir("./15" [pid 860] set_robust_list(0x7faaf7b019a0, 24 [pid 358] <... rmdir resumed>) = 0 [pid 358] mkdir("./16", 0777 [pid 860] <... set_robust_list resumed>) = 0 [pid 358] <... mkdir resumed>) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 860] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 860] memfd_create("syzkaller", 0) = 3 [pid 860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 860] munmap(0x7faaef6e1000, 138412032) = 0 [pid 860] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 858] <... close resumed>) = 0 [pid 851] <... openat resumed>) = 4 [pid 851] ioctl(4, LOOP_SET_FD, 3 [pid 858] mkdir("./file0", 0777) = 0 [pid 858] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 358] <... openat resumed>) = 3 [pid 358] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 358] close(3) = 0 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 861 ./strace-static-x86_64: Process 861 attached [pid 861] set_robust_list(0x5555893a06a0, 24) = 0 [pid 861] chdir("./16") = 0 [pid 861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 861] setpgid(0, 0) = 0 [pid 861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 860] <... openat resumed>) = 4 [pid 860] ioctl(4, LOOP_SET_FD, 3 [pid 861] <... openat resumed>) = 3 [pid 861] write(3, "1000", 4) = 4 [pid 861] close(3) = 0 [pid 861] symlink("/dev/binderfs", "./binderfs") = 0 [pid 861] write(1, "executing program\n", 18executing program ) = 18 [pid 861] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 861] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 861] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 861] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 861] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 861] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[862]}, 88) = 862 [pid 861] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 861] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 861] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 862 attached [pid 862] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 862] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 862] memfd_create("syzkaller", 0) = 3 [pid 862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 862] munmap(0x7faaef6e1000, 138412032) = 0 [pid 862] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 851] <... ioctl resumed>) = 0 [pid 851] close(3) = 0 [pid 851] close(4) = 0 [pid 851] mkdir("./file0", 0777 [pid 360] <... umount2 resumed>) = 0 [pid 851] <... mkdir resumed>) = 0 [pid 360] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 851] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 360] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 360] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] close(4) = 0 [pid 360] rmdir("./16/file0") = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] close(3) = 0 [pid 360] rmdir("./16") = 0 [pid 360] mkdir("./17", 0777) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 862] <... openat resumed>) = 4 [pid 860] <... ioctl resumed>) = 0 [pid 862] ioctl(4, LOOP_SET_FD, 3 [pid 860] close(3) = 0 [pid 860] close(4 [pid 862] <... ioctl resumed>) = 0 [pid 360] <... openat resumed>) = 3 [pid 862] close(3) = 0 [pid 862] close(4 [pid 360] ioctl(3, LOOP_CLR_FD [pid 860] <... close resumed>) = 0 [pid 860] mkdir("./file0", 0777) = 0 [pid 860] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue") = 0 [pid 858] <... mount resumed>) = 0 [pid 860] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 860] <... openat resumed>) = 3 [pid 860] chdir("./file0") = 0 [pid 860] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 858] <... openat resumed>) = 3 [pid 858] chdir("./file0" [pid 851] <... mount resumed>) = 0 [pid 858] <... chdir resumed>) = 0 [pid 851] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 858] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 851] <... openat resumed>) = 3 [pid 851] chdir("./file0") = 0 [pid 851] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 862] <... close resumed>) = 0 [pid 862] mkdir("./file0", 0777 [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 360] close(3 [pid 862] <... mkdir resumed>) = 0 [pid 862] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 860] <... openat resumed>) = 4 [pid 860] ioctl(4, LOOP_CLR_FD) = 0 [pid 860] close(4) = 0 [pid 860] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 860] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 851] <... openat resumed>) = 4 [pid 851] ioctl(4, LOOP_CLR_FD) = 0 [pid 851] close(4) = 0 [pid 851] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 848] <... futex resumed>) = 0 [pid 851] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 848] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 848] <... futex resumed>) = 0 [pid 851] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 848] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] <... futex resumed>) = 0 [pid 858] <... openat resumed>) = 4 [pid 857] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] <... openat resumed>) = 4 [pid 851] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 848] <... futex resumed>) = 0 [pid 851] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 848] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 848] <... futex resumed>) = 0 [pid 851] write(4, "0x0000000000000000", 18 [pid 848] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] <... write resumed>) = 18 [pid 848] <... futex resumed>) = 0 [pid 851] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 851] <... futex resumed>) = 0 [pid 848] <... mmap resumed>) = 0x7faaf7ac0000 [pid 851] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 848] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 860] <... futex resumed>) = 0 [pid 858] ioctl(4, LOOP_CLR_FD [pid 857] <... futex resumed>) = 1 [pid 360] <... close resumed>) = 0 [pid 860] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 858] <... ioctl resumed>) = 0 [pid 857] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 848] <... clone3 resumed> => {parent_tid=[872]}, 88) = 872 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 858] close(4 [pid 848] rt_sigprocmask(SIG_SETMASK, [], [pid 860] <... openat resumed>) = 4 [pid 858] <... close resumed>) = 0 [pid 848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 860] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 858] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 848] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 860] <... futex resumed>) = 1 [pid 858] <... futex resumed>) = 1 [pid 857] <... futex resumed>) = 0 [pid 856] <... futex resumed>) = 0 [pid 848] <... futex resumed>) = 0 ./strace-static-x86_64: Process 872 attached [pid 860] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 858] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 857] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 856] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 848] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 873 [pid 860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 857] <... futex resumed>) = 0 [pid 856] <... futex resumed>) = 0 [pid 872] set_robust_list(0x7faaf7ae09a0, 24 [pid 860] write(4, "0x0000000000000000", 18 [pid 858] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 857] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 856] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 872] <... set_robust_list resumed>) = 0 [pid 860] <... write resumed>) = 18 [pid 872] rt_sigprocmask(SIG_SETMASK, [], [pid 860] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 858] <... openat resumed>) = 4 [pid 857] <... futex resumed>) = 0 [pid 872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 860] <... futex resumed>) = 0 [pid 858] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 860] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 858] <... futex resumed>) = 1 [pid 856] <... futex resumed>) = 0 [pid 872] write(4, "0x0000000000000000", 18 [pid 858] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 857] <... mmap resumed>) = 0x7faaf7ac0000 [pid 856] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 857] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 856] <... futex resumed>) = 0 [pid 872] <... write resumed>) = 18 [pid 858] write(4, "0x0000000000000000", 18 [pid 857] <... mprotect resumed>) = 0 [pid 856] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 872] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 858] <... write resumed>) = 18 [pid 857] rt_sigprocmask(SIG_BLOCK, ~[], [pid 856] <... futex resumed>) = 0 [pid 872] <... futex resumed>) = 1 [pid 858] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 857] <... rt_sigprocmask resumed>[], 8) = 0 [pid 856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 848] <... futex resumed>) = 0 [pid 872] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 858] <... futex resumed>) = 0 [pid 857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 856] <... mmap resumed>) = 0x7faaf7ac0000 [pid 848] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 858] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 856] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 851] <... futex resumed>) = 0 [pid 848] <... futex resumed>) = 1 [pid 857] <... clone3 resumed> => {parent_tid=[874]}, 88) = 874 [pid 851] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 851] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 851] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 873 attached [pid 873] set_robust_list(0x5555893a06a0, 24) = 0 [pid 873] chdir("./17" [pid 857] rt_sigprocmask(SIG_SETMASK, [], [pid 856] <... mprotect resumed>) = 0 [pid 848] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 873] <... chdir resumed>) = 0 [pid 857] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 856] rt_sigprocmask(SIG_BLOCK, ~[], [pid 848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 857] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 856] <... rt_sigprocmask resumed>[], 8) = 0 [pid 848] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 857] <... futex resumed>) = 0 [pid 856] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 857] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 851] <... futex resumed>) = 0 [pid 848] <... futex resumed>) = 1 [pid 873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 873] setpgid(0, 0) = 0 [pid 873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 873] write(3, "1000", 4) = 4 [pid 873] close(3) = 0 [pid 873] symlink("/dev/binderfs", "./binderfs") = 0 [pid 873] write(1, "executing program\n", 18executing program ) = 18 [pid 873] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 873] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 873] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 873] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 873] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 873] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[876]}, 88) = 876 [pid 873] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 873] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 873] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 875 attached [pid 875] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 875] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 875] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 874 attached [pid 874] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 874] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 874] write(4, "0x0000000000000000", 18) = 18 [pid 874] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 848] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 856] <... clone3 resumed> => {parent_tid=[875]}, 88) = 875 ./strace-static-x86_64: Process 876 attached [pid 857] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 856] rt_sigprocmask(SIG_SETMASK, [], [pid 876] set_robust_list(0x7faaf7b019a0, 24 [pid 860] <... futex resumed>) = 0 [pid 857] <... futex resumed>) = 1 [pid 856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 876] <... set_robust_list resumed>) = 0 [pid 860] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 857] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 856] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 876] rt_sigprocmask(SIG_SETMASK, [], [pid 860] <... mmap resumed>) = 0x20000000 [pid 856] <... futex resumed>) = 1 [pid 876] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 872] <... futex resumed>) = ? [pid 860] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 856] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 848] <... futex resumed>) = ? [pid 876] memfd_create("syzkaller", 0 [pid 875] <... futex resumed>) = 0 [pid 860] <... futex resumed>) = 1 [pid 857] <... futex resumed>) = 0 [pid 876] <... memfd_create resumed>) = 3 [pid 857] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 875] write(4, "0x0000000000000000", 18 [pid 876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 857] <... futex resumed>) = 0 [pid 875] <... write resumed>) = 18 [pid 875] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 856] <... futex resumed>) = 0 [pid 856] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 858] <... futex resumed>) = 0 [pid 856] <... futex resumed>) = 1 [pid 875] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 858] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 856] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 858] <... mmap resumed>) = 0x20000000 [pid 858] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 856] <... futex resumed>) = 0 [pid 876] <... mmap resumed>) = 0x7faaef6e1000 [pid 872] +++ killed by SIGBUS +++ [pid 860] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 857] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 856] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 876] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 874] <... futex resumed>) = ? [pid 858] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 857] <... futex resumed>) = ? [pid 856] <... futex resumed>) = 0 [pid 851] +++ killed by SIGBUS +++ [pid 848] +++ killed by SIGBUS +++ [pid 874] +++ killed by SIGBUS +++ [pid 856] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 860] +++ killed by SIGBUS +++ [pid 857] +++ killed by SIGBUS +++ [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=848, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 862] <... mount resumed>) = 0 [pid 362] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=857, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 862] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./16/binderfs" [pid 862] <... openat resumed>) = 3 [pid 362] <... unlink resumed>) = 0 [pid 862] chdir("./file0" [pid 362] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 862] <... chdir resumed>) = 0 [pid 862] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 862] ioctl(4, LOOP_CLR_FD [pid 875] <... futex resumed>) = ? [pid 856] <... futex resumed>) = ? [pid 875] +++ killed by SIGBUS +++ [pid 858] +++ killed by SIGBUS +++ [pid 856] +++ killed by SIGBUS +++ [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=856, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 359] restart_syscall(<... resuming interrupted clone ...> [pid 876] <... write resumed>) = 1048576 [pid 876] munmap(0x7faaef6e1000, 138412032) = 0 [pid 876] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 359] <... restart_syscall resumed>) = 0 [pid 359] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 357] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] newfstatat(3, "", [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 359] getdents64(3, [pid 357] <... openat resumed>) = 3 [pid 359] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] newfstatat(3, "", [pid 359] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./16/binderfs", [pid 357] getdents64(3, [pid 359] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] unlink("./16/binderfs" [pid 357] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] <... unlink resumed>) = 0 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./15/binderfs") = 0 [ 32.766570][ T851] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 32.782359][ T860] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 32.783172][ T858] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 357] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 862] <... ioctl resumed>) = 0 [pid 362] <... umount2 resumed>) = 0 [pid 357] <... umount2 resumed>) = 0 [pid 862] close(4 [pid 362] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 362] newfstatat(AT_FDCWD, "./16/file0", [pid 357] <... openat resumed>) = 4 [pid 357] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(4, [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 357] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] close(4) = 0 [pid 357] rmdir("./15/file0" [pid 362] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] <... rmdir resumed>) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] close(3) = 0 [pid 357] rmdir("./15" [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] <... rmdir resumed>) = 0 [pid 357] mkdir("./16", 0777 [pid 362] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 357] <... mkdir resumed>) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 362] <... openat resumed>) = 4 [pid 362] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 362] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 362] close(4) = 0 [pid 362] rmdir("./16/file0") = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 362] close(3) = 0 [pid 362] rmdir("./16") = 0 [pid 362] mkdir("./17", 0777) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 876] <... openat resumed>) = 4 [pid 876] ioctl(4, LOOP_SET_FD, 3 executing program [pid 362] <... openat resumed>) = 3 [pid 862] <... close resumed>) = 0 [pid 357] <... openat resumed>) = 3 [pid 862] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] ioctl(3, LOOP_CLR_FD [pid 862] <... futex resumed>) = 1 [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 862] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 357] close(3) = 0 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 880 ./strace-static-x86_64: Process 880 attached [pid 880] set_robust_list(0x5555893a06a0, 24) = 0 [pid 880] chdir("./16") = 0 [pid 880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 880] setpgid(0, 0) = 0 [pid 880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 880] write(3, "1000", 4) = 4 [pid 880] close(3) = 0 [pid 880] symlink("/dev/binderfs", "./binderfs") = 0 [pid 880] write(1, "executing program\n", 18) = 18 [pid 880] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 880] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 880] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 880] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 880] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[881]}, 88) = 881 [pid 880] rt_sigprocmask(SIG_SETMASK, [], [pid 861] <... futex resumed>) = 0 [pid 880] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 861] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] ioctl(3, LOOP_CLR_FD [pid 880] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] <... futex resumed>) = 0 [pid 861] <... futex resumed>) = 1 [pid 862] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 861] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 862] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 862] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 861] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 862] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 862] write(4, "0x0000000000000000", 18) = 18 [pid 861] <... futex resumed>) = 0 [pid 862] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 861] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 862] write(4, "0x0000000000000000", 18 [pid 861] <... futex resumed>) = 0 [pid 862] <... write resumed>) = 18 [pid 861] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 862] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 862] <... futex resumed>) = 0 [pid 862] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 861] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 862] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 861] <... futex resumed>) = 0 ./strace-static-x86_64: Process 881 attached [pid 862] <... mmap resumed>) = 0x20000000 [pid 880] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 876] <... ioctl resumed>) = 0 [pid 861] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 359] <... umount2 resumed>) = 0 [pid 862] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 862] <... futex resumed>) = 0 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 862] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 359] newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 359] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] close(4) = 0 [pid 359] rmdir("./16/file0" [pid 876] close(3 [pid 861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 362] close(3 [pid 359] <... rmdir resumed>) = 0 [pid 876] <... close resumed>) = 0 [pid 861] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... close resumed>) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] close(3 [pid 876] close(4 [pid 862] <... futex resumed>) = 0 [pid 861] <... futex resumed>) = 1 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 359] <... close resumed>) = 0 [pid 881] set_robust_list(0x7faaf7b019a0, 24 [pid 861] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 881] <... set_robust_list resumed>) = 0 [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 883 [pid 881] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 881] memfd_create("syzkaller", 0) = 3 [pid 881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 881] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 881] munmap(0x7faaef6e1000, 138412032) = 0 [pid 881] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 883 attached [pid 883] set_robust_list(0x5555893a06a0, 24) = 0 [pid 883] chdir("./17") = 0 [pid 883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 883] setpgid(0, 0) = 0 [pid 883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 883] write(3, "1000", 4) = 4 [pid 883] close(3) = 0 executing program [pid 883] symlink("/dev/binderfs", "./binderfs") = 0 [pid 883] write(1, "executing program\n", 18) = 18 [pid 883] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 883] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 883] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 883] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 862] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 359] rmdir("./16") = 0 [pid 359] mkdir("./17", 0777./strace-static-x86_64: Process 884 attached [pid 861] <... futex resumed>) = ? [pid 359] <... mkdir resumed>) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 884] set_robust_list(0x7faaf7b019a0, 24 [pid 883] <... clone3 resumed> => {parent_tid=[884]}, 88) = 884 [pid 883] rt_sigprocmask(SIG_SETMASK, [], [pid 862] +++ killed by SIGBUS +++ [pid 861] +++ killed by SIGBUS +++ [pid 883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=861, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 358] restart_syscall(<... resuming interrupted clone ...> [pid 884] <... set_robust_list resumed>) = 0 [pid 884] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 884] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 883] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 884] memfd_create("syzkaller", 0 [pid 883] <... futex resumed>) = 0 [pid 884] <... memfd_create resumed>) = 3 [pid 884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 883] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 876] <... close resumed>) = 0 [pid 881] <... openat resumed>) = 4 [pid 876] mkdir("./file0", 0777 [pid 359] <... openat resumed>) = 3 [pid 359] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 359] close(3) = 0 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 885 [pid 884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 358] <... restart_syscall resumed>) = 0 [pid 358] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, [pid 881] ioctl(4, LOOP_SET_FD, 3 [pid 876] <... mkdir resumed>) = 0 [pid 358] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 876] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./16/binderfs") = 0 [pid 358] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 881] <... ioctl resumed>) = 0 [pid 881] close(3) = 0 [pid 881] close(4 [pid 884] <... write resumed>) = 1048576 ./strace-static-x86_64: Process 885 attached [pid 884] munmap(0x7faaef6e1000, 138412032) = 0 [pid 885] set_robust_list(0x5555893a06a0, 24) = 0 [pid 884] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 885] chdir("./17") = 0 [pid 885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 885] setpgid(0, 0) = 0 [pid 885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 885] write(3, "1000", 4) = 4 [pid 885] close(3) = 0 [pid 885] symlink("/dev/binderfs", "./binderfs") = 0 [pid 885] write(1, "executing program\n", 18executing program ) = 18 [pid 885] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 885] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 885] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 885] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 885] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 885] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0}./strace-static-x86_64: Process 887 attached [pid 887] set_robust_list(0x7faaf7b019a0, 24 [pid 885] <... clone3 resumed> => {parent_tid=[887]}, 88) = 887 [pid 887] <... set_robust_list resumed>) = 0 [pid 885] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 887] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 885] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 876] <... mount resumed>) = 0 [pid 876] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 876] chdir("./file0") = 0 [pid 876] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 885] <... futex resumed>) = 0 [pid 885] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 887] memfd_create("syzkaller", 0) = 3 [pid 887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 887] munmap(0x7faaef6e1000, 138412032) = 0 [ 32.948067][ T862] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 887] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 881] <... close resumed>) = 0 [pid 881] mkdir("./file0", 0777) = 0 [pid 881] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue") = 0 [pid 881] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 881] chdir("./file0") = 0 [pid 881] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 884] <... openat resumed>) = 4 [pid 887] <... openat resumed>) = 4 [pid 884] ioctl(4, LOOP_SET_FD, 3 [pid 876] <... openat resumed>) = 4 [pid 358] <... umount2 resumed>) = 0 [pid 876] ioctl(4, LOOP_CLR_FD [pid 887] ioctl(4, LOOP_SET_FD, 3 [pid 358] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 884] <... ioctl resumed>) = 0 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 884] close(3 [pid 358] newfstatat(AT_FDCWD, "./16/file0", [pid 884] <... close resumed>) = 0 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 884] close(4 [pid 358] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 887] <... ioctl resumed>) = 0 [pid 884] <... close resumed>) = 0 [pid 881] <... openat resumed>) = 4 [pid 876] <... ioctl resumed>) = 0 [pid 358] newfstatat(4, "", [pid 887] close(3 [pid 884] mkdir("./file0", 0777 [pid 881] ioctl(4, LOOP_CLR_FD [pid 876] close(4 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 887] <... close resumed>) = 0 [pid 358] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 887] close(4 [pid 884] <... mkdir resumed>) = 0 [pid 881] <... ioctl resumed>) = 0 [pid 876] <... close resumed>) = 0 [pid 358] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 358] close(4) = 0 [pid 358] rmdir("./16/file0") = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] close(3) = 0 [pid 358] rmdir("./16") = 0 [pid 358] mkdir("./17", 0777) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 358] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 358] close(3) = 0 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 881] close(4 [pid 876] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 881] <... close resumed>) = 0 [pid 876] <... futex resumed>) = 1 [pid 873] <... futex resumed>) = 0 [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 894 [pid 884] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 881] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 876] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 873] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 894 attached [pid 881] <... futex resumed>) = 1 [pid 880] <... futex resumed>) = 0 [pid 873] <... futex resumed>) = 0 [pid 880] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 881] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 873] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 894] set_robust_list(0x5555893a06a0, 24) = 0 [pid 894] chdir("./17" [pid 881] <... openat resumed>) = 4 [pid 876] <... openat resumed>) = 4 [pid 881] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 876] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 881] <... futex resumed>) = 1 [pid 880] <... futex resumed>) = 0 [pid 876] <... futex resumed>) = 1 [pid 873] <... futex resumed>) = 0 [pid 881] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 880] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 876] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 873] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 881] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 880] <... futex resumed>) = 0 [pid 876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 873] <... futex resumed>) = 0 [pid 881] write(4, "0x0000000000000000", 18 [pid 880] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 876] write(4, "0x0000000000000000", 18 [pid 873] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 881] <... write resumed>) = 18 [pid 880] <... futex resumed>) = 0 [pid 876] <... write resumed>) = 18 [pid 873] <... futex resumed>) = 0 [pid 881] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 876] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 881] <... futex resumed>) = 0 [pid 880] <... mmap resumed>) = 0x7faaf7ac0000 [pid 876] <... futex resumed>) = 0 [pid 873] <... mmap resumed>) = 0x7faaf7ac0000 [pid 894] <... chdir resumed>) = 0 [pid 881] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 880] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 876] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 873] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 894] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 880] <... mprotect resumed>) = 0 [pid 873] <... mprotect resumed>) = 0 [pid 880] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 873] rt_sigprocmask(SIG_BLOCK, ~[], [pid 880] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 873] <... rt_sigprocmask resumed>[], 8) = 0 [pid 880] <... clone3 resumed> => {parent_tid=[895]}, 88) = 895 [pid 873] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 880] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 880] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 873] <... clone3 resumed> => {parent_tid=[896]}, 88) = 896 [pid 880] <... futex resumed>) = 0 [pid 873] rt_sigprocmask(SIG_SETMASK, [], [pid 880] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 873] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 894] <... prctl resumed>) = 0 [pid 873] <... futex resumed>) = 0 [pid 894] setpgid(0, 0 [pid 873] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 894] <... setpgid resumed>) = 0 [pid 894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 894] write(3, "1000", 4) = 4 [pid 894] close(3) = 0 [pid 894] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 896 attached ./strace-static-x86_64: Process 895 attached ) = 0 executing program [pid 894] write(1, "executing program\n", 18) = 18 [pid 894] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 894] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 894] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 894] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 894] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 894] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[897]}, 88) = 897 [pid 894] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 894] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 894] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 897 attached [pid 897] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 897] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 897] memfd_create("syzkaller", 0) = 3 [pid 897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 896] set_robust_list(0x7faaf7ae09a0, 24 [pid 895] set_robust_list(0x7faaf7ae09a0, 24 [pid 896] <... set_robust_list resumed>) = 0 [pid 895] <... set_robust_list resumed>) = 0 [pid 896] rt_sigprocmask(SIG_SETMASK, [], [pid 895] rt_sigprocmask(SIG_SETMASK, [], [pid 896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 896] write(4, "0x0000000000000000", 18 [pid 895] write(4, "0x0000000000000000", 18 [pid 896] <... write resumed>) = 18 [pid 896] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 895] <... write resumed>) = 18 [pid 896] <... futex resumed>) = 1 [pid 873] <... futex resumed>) = 0 [pid 873] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 896] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 876] <... futex resumed>) = 0 [pid 873] <... futex resumed>) = 1 [pid 876] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 873] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 876] <... mmap resumed>) = 0x20000000 [pid 876] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 873] <... futex resumed>) = 0 [pid 876] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 873] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 873] <... futex resumed>) = 0 [pid 897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 897] munmap(0x7faaef6e1000, 138412032) = 0 [pid 897] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 895] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 895] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 873] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 880] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 881] <... futex resumed>) = 0 [pid 881] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 881] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 876] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 881] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 896] <... futex resumed>) = ? [pid 873] <... futex resumed>) = ? [pid 895] <... futex resumed>) = ? [pid 880] <... futex resumed>) = ? [pid 896] +++ killed by SIGBUS +++ [pid 895] +++ killed by SIGBUS +++ [pid 881] +++ killed by SIGBUS +++ [pid 880] +++ killed by SIGBUS +++ [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=880, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 357] restart_syscall(<... resuming interrupted clone ...> [pid 876] +++ killed by SIGBUS +++ [pid 873] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=873, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 360] restart_syscall(<... resuming interrupted clone ...> [pid 897] <... openat resumed>) = 4 [pid 887] <... close resumed>) = 0 [pid 897] ioctl(4, LOOP_SET_FD, 3 [pid 887] mkdir("./file0", 0777) = 0 [pid 887] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 360] <... restart_syscall resumed>) = 0 [pid 357] <... restart_syscall resumed>) = 0 [pid 360] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] <... openat resumed>) = 3 [pid 357] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 360] newfstatat(3, "", [pid 357] newfstatat(3, "", [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, [pid 357] getdents64(3, [pid 360] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./17/binderfs", [pid 357] newfstatat(AT_FDCWD, "./16/binderfs", [pid 360] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./17/binderfs" [pid 357] unlink("./16/binderfs" [pid 360] <... unlink resumed>) = 0 [pid 357] <... unlink resumed>) = 0 [pid 360] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 897] <... ioctl resumed>) = 0 [pid 897] close(3) = 0 [pid 897] close(4 [pid 884] <... mount resumed>) = 0 [pid 884] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 884] chdir("./file0") = 0 [pid 884] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 897] <... close resumed>) = 0 [pid 897] mkdir("./file0", 0777) = 0 [pid 897] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 887] <... mount resumed>) = 0 [pid 887] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 887] chdir("./file0") = 0 [ 33.102378][ T876] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 33.109133][ T881] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 887] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 884] <... openat resumed>) = 4 [pid 360] <... umount2 resumed>) = 0 [pid 884] ioctl(4, LOOP_CLR_FD [pid 887] ioctl(4, LOOP_CLR_FD) = 0 [pid 887] close(4) = 0 [pid 884] <... ioctl resumed>) = 0 [pid 887] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 884] close(4 [pid 887] <... futex resumed>) = 1 [pid 885] <... futex resumed>) = 0 [pid 884] <... close resumed>) = 0 [pid 887] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 885] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 885] <... futex resumed>) = 0 [pid 887] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 885] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 887] <... openat resumed>) = 4 [pid 360] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] <... umount2 resumed>) = 0 [pid 884] <... futex resumed>) = 1 [pid 883] <... futex resumed>) = 0 [pid 887] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 884] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 883] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 887] <... futex resumed>) = 1 [pid 885] <... futex resumed>) = 0 [pid 883] <... futex resumed>) = 0 [pid 887] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 885] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 883] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 885] <... futex resumed>) = 0 [pid 884] <... openat resumed>) = 4 [pid 360] newfstatat(AT_FDCWD, "./17/file0", [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 887] write(4, "0x0000000000000000", 18 [pid 885] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 884] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 887] <... write resumed>) = 18 [pid 885] <... futex resumed>) = 0 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] newfstatat(AT_FDCWD, "./16/file0", [pid 884] <... futex resumed>) = 1 [pid 883] <... futex resumed>) = 0 [pid 887] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 884] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 883] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 887] <... futex resumed>) = 0 [pid 885] <... mmap resumed>) = 0x7faaf7ac0000 [pid 884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 883] <... futex resumed>) = 0 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 887] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 885] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 884] write(4, "0x0000000000000000", 18 [pid 883] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 885] <... mprotect resumed>) = 0 [pid 884] <... write resumed>) = 18 [pid 883] <... futex resumed>) = 0 [pid 360] <... openat resumed>) = 4 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 885] rt_sigprocmask(SIG_BLOCK, ~[], [pid 884] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 360] newfstatat(4, "", [pid 885] <... rt_sigprocmask resumed>[], 8) = 0 [pid 884] <... futex resumed>) = 0 [pid 883] <... mmap resumed>) = 0x7faaf7ac0000 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 885] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 884] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 883] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 360] getdents64(4, [pid 883] <... mprotect resumed>) = 0 [pid 357] <... openat resumed>) = 4 ./strace-static-x86_64: Process 904 attached [pid 885] <... clone3 resumed> => {parent_tid=[904]}, 88) = 904 [pid 883] rt_sigprocmask(SIG_BLOCK, ~[], [pid 360] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 885] rt_sigprocmask(SIG_SETMASK, [], [pid 883] <... rt_sigprocmask resumed>[], 8) = 0 [pid 360] getdents64(4, [pid 357] newfstatat(4, "", [pid 885] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 360] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 885] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] close(4 [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 906 attached [pid 904] set_robust_list(0x7faaf7ae09a0, 24 [pid 885] <... futex resumed>) = 0 [pid 883] <... clone3 resumed> => {parent_tid=[906]}, 88) = 906 [pid 360] <... close resumed>) = 0 [pid 357] getdents64(4, [pid 906] set_robust_list(0x7faaf7ae09a0, 24 [pid 904] <... set_robust_list resumed>) = 0 [pid 897] <... mount resumed>) = 0 [pid 885] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 883] rt_sigprocmask(SIG_SETMASK, [], [pid 360] rmdir("./17/file0" [pid 357] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 906] <... set_robust_list resumed>) = 0 [pid 904] rt_sigprocmask(SIG_SETMASK, [], [pid 897] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 360] <... rmdir resumed>) = 0 [pid 357] getdents64(4, [pid 906] rt_sigprocmask(SIG_SETMASK, [], [pid 904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 897] <... openat resumed>) = 3 [pid 883] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] getdents64(3, [pid 357] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 906] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 904] write(4, "0x0000000000000000", 18 [pid 897] chdir("./file0" [pid 883] <... futex resumed>) = 0 [pid 360] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] close(4 [pid 906] write(4, "0x0000000000000000", 18 [pid 904] <... write resumed>) = 18 [pid 360] close(3 [pid 357] <... close resumed>) = 0 [pid 906] <... write resumed>) = 18 [pid 904] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... close resumed>) = 0 [pid 357] rmdir("./16/file0" [pid 906] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... futex resumed>) = 1 [pid 360] rmdir("./17" [pid 357] <... rmdir resumed>) = 0 [pid 906] <... futex resumed>) = 0 [pid 904] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 360] <... rmdir resumed>) = 0 [pid 357] getdents64(3, [pid 906] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 360] mkdir("./18", 0777 [pid 357] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 897] <... chdir resumed>) = 0 [pid 885] <... futex resumed>) = 0 [pid 883] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... mkdir resumed>) = 0 [pid 357] close(3 [pid 897] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 885] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 357] <... close resumed>) = 0 [pid 897] <... openat resumed>) = 4 [pid 887] <... futex resumed>) = 0 [pid 885] <... futex resumed>) = 1 [pid 883] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... openat resumed>) = 3 [pid 357] rmdir("./16" [pid 897] ioctl(4, LOOP_CLR_FD [pid 887] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 885] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] <... futex resumed>) = 0 [pid 883] <... futex resumed>) = 1 [pid 360] ioctl(3, LOOP_CLR_FD [pid 357] <... rmdir resumed>) = 0 [pid 897] <... ioctl resumed>) = 0 [pid 887] <... mmap resumed>) = 0x20000000 [pid 884] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 883] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 357] mkdir("./17", 0777executing program [pid 897] close(4 [pid 887] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 884] <... mmap resumed>) = 0x20000000 [pid 360] close(3 [pid 357] <... mkdir resumed>) = 0 [pid 897] <... close resumed>) = 0 [pid 887] <... futex resumed>) = 1 [pid 885] <... futex resumed>) = 0 [pid 884] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... close resumed>) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 897] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 887] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 885] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 884] <... futex resumed>) = 1 [pid 883] <... futex resumed>) = 0 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 357] <... openat resumed>) = 3 [pid 897] <... futex resumed>) = 1 [pid 894] <... futex resumed>) = 0 [pid 887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 885] <... futex resumed>) = 0 [pid 884] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 883] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] ioctl(3, LOOP_CLR_FD [pid 897] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 894] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 907 [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 357] close(3) = 0 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 908 ./strace-static-x86_64: Process 907 attached [pid 907] set_robust_list(0x5555893a06a0, 24) = 0 [pid 907] chdir("./18") = 0 [pid 907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 907] setpgid(0, 0) = 0 [pid 907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 907] write(3, "1000", 4) = 4 [pid 907] close(3) = 0 [pid 907] symlink("/dev/binderfs", "./binderfs") = 0 [pid 907] write(1, "executing program\n", 18) = 18 [pid 907] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 907] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 907] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 907] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[909]}, 88) = 909 [pid 907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 907] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 909 attached [pid 909] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 909] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 909] memfd_create("syzkaller", 0) = 3 [pid 909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 909] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 909] munmap(0x7faaef6e1000, 138412032) = 0 [pid 909] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 909] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 909] close(3) = 0 [pid 909] close(4 [pid 885] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) executing program ./strace-static-x86_64: Process 908 attached [pid 897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 894] <... futex resumed>) = 0 [pid 887] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 883] <... futex resumed>) = 0 [pid 897] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 894] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 883] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] set_robust_list(0x5555893a06a0, 24) = 0 [pid 908] chdir("./17") = 0 [pid 908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 908] setpgid(0, 0) = 0 [pid 908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 908] write(3, "1000", 4) = 4 [pid 908] close(3) = 0 [pid 908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 908] write(1, "executing program\n", 18) = 18 [pid 908] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 908] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 908] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 908] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 908] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 908] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[911]}, 88) = 911 [pid 908] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 908] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 908] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 904] <... futex resumed>) = ? [pid 885] <... futex resumed>) = ? [pid 904] +++ killed by SIGBUS +++ [pid 887] +++ killed by SIGBUS +++ [pid 885] +++ killed by SIGBUS +++ [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=885, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 359] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 911 attached [pid 911] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 911] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 911] memfd_create("syzkaller", 0) = 3 [pid 911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 359] <... restart_syscall resumed>) = 0 [pid 359] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 359] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./17/binderfs") = 0 [pid 359] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 897] <... openat resumed>) = 4 [pid 897] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 894] <... futex resumed>) = 0 [pid 897] write(4, "0x0000000000000000", 18 [pid 894] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 897] <... write resumed>) = 18 [pid 894] <... futex resumed>) = 0 [pid 897] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 894] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 897] <... futex resumed>) = 0 [pid 894] <... futex resumed>) = 0 [pid 897] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 894] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 894] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 884] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 906] <... futex resumed>) = ? [pid 894] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 883] <... futex resumed>) = ? [pid 894] <... clone3 resumed> => {parent_tid=[912]}, 88) = 912 [pid 894] rt_sigprocmask(SIG_SETMASK, [], [pid 911] <... write resumed>) = 1048576 [pid 894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 906] +++ killed by SIGBUS +++ [pid 894] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 911] munmap(0x7faaef6e1000, 138412032./strace-static-x86_64: Process 912 attached [pid 894] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] +++ killed by SIGBUS +++ [pid 883] +++ killed by SIGBUS +++ [pid 912] set_robust_list(0x7faaf7ae09a0, 24 [pid 911] <... munmap resumed>) = 0 [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=883, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 909] <... close resumed>) = 0 [pid 912] <... set_robust_list resumed>) = 0 [pid 911] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 909] mkdir("./file0", 0777 [pid 362] restart_syscall(<... resuming interrupted clone ...> [pid 909] <... mkdir resumed>) = 0 [pid 909] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 912] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 912] write(4, "0x0000000000000000", 18) = 18 [pid 912] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... restart_syscall resumed>) = 0 [pid 362] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./17/binderfs") = 0 [pid 362] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 912] <... futex resumed>) = 1 [pid 894] <... futex resumed>) = 0 [pid 894] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 897] <... futex resumed>) = 0 [pid 894] <... futex resumed>) = 1 [pid 912] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 897] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 894] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 897] <... mmap resumed>) = 0x20000000 [pid 897] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 894] <... futex resumed>) = 0 [pid 897] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 894] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 894] <... futex resumed>) = 0 [ 33.271258][ T887] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 33.285841][ T884] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 894] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 897] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 894] <... futex resumed>) = ? [pid 912] <... futex resumed>) = ? [pid 912] +++ killed by SIGBUS +++ [pid 897] +++ killed by SIGBUS +++ [pid 894] +++ killed by SIGBUS +++ [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=894, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 358] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 358] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./17/binderfs") = 0 [pid 358] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] <... umount2 resumed>) = 0 [pid 359] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 359] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] close(4) = 0 [pid 359] rmdir("./17/file0") = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] close(3) = 0 [pid 359] rmdir("./17") = 0 [pid 359] mkdir("./18", 0777) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 911] <... openat resumed>) = 4 [ 33.311697][ T897] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 911] ioctl(4, LOOP_SET_FD, 3 [pid 359] <... openat resumed>) = 3 [pid 359] ioctl(3, LOOP_CLR_FD [pid 911] <... ioctl resumed>) = 0 [pid 358] <... umount2 resumed>) = 0 [pid 359] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 359] close(3) = 0 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 358] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 359] <... clone resumed>, child_tidptr=0x5555893a0690) = 914 [pid 358] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 358] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 358] close(4) = 0 [pid 358] rmdir("./17/file0" [pid 911] close(3 [pid 362] <... umount2 resumed>) = 0 [pid 358] <... rmdir resumed>) = 0 [pid 358] getdents64(3, [pid 362] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 911] <... close resumed>) = 0 [pid 358] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] close(3) = 0 [pid 358] rmdir("./17") = 0 [pid 358] mkdir("./18", 0777) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 911] close(4 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... openat resumed>) = 3 [pid 358] ioctl(3, LOOP_CLR_FD [pid 362] newfstatat(AT_FDCWD, "./17/file0", [pid 911] <... close resumed>) = 0 [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 358] close(3) = 0 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 916 [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 911] mkdir("./file0", 0777 [pid 362] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 911] <... mkdir resumed>) = 0 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 911] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 362] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 ./strace-static-x86_64: Process 914 attached [pid 914] set_robust_list(0x5555893a06a0, 24 [pid 362] newfstatat(4, "", [pid 914] <... set_robust_list resumed>) = 0 [pid 914] chdir("./18") = 0 [pid 914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 914] setpgid(0, 0) = 0 [pid 914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 914] write(3, "1000", 4) = 4 [pid 914] close(3) = 0 [pid 914] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 914] write(1, "executing program\n", 18./strace-static-x86_64: Process 916 attached [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 362] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 914] <... write resumed>) = 18 [pid 914] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 914] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 914] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 914] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[918]}, 88) = 918 [pid 362] close(4 [pid 914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 914] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] <... close resumed>) = 0 [pid 362] rmdir("./17/file0" [pid 914] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 918 attached [pid 909] <... mount resumed>) = 0 [pid 916] set_robust_list(0x5555893a06a0, 24 [pid 909] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 362] <... rmdir resumed>) = 0 [pid 916] <... set_robust_list resumed>) = 0 [pid 362] getdents64(3, [pid 909] <... openat resumed>) = 3 [pid 362] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 916] chdir("./18" [pid 909] chdir("./file0" [pid 362] close(3 [pid 916] <... chdir resumed>) = 0 [pid 909] <... chdir resumed>) = 0 [pid 918] set_robust_list(0x7faaf7b019a0, 24 [pid 916] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 362] <... close resumed>) = 0 [pid 362] rmdir("./17" [pid 909] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 909] ioctl(4, LOOP_CLR_FD) = 0 [pid 909] close(4) = 0 [pid 909] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 executing program [pid 918] <... set_robust_list resumed>) = 0 [pid 916] <... prctl resumed>) = 0 [pid 909] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 907] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... rmdir resumed>) = 0 [pid 916] setpgid(0, 0 [pid 362] mkdir("./18", 0777 [pid 916] <... setpgid resumed>) = 0 [pid 362] <... mkdir resumed>) = 0 [pid 916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 916] <... openat resumed>) = 3 [pid 362] <... openat resumed>) = 3 [pid 916] write(3, "1000", 4 [pid 362] ioctl(3, LOOP_CLR_FD [pid 916] <... write resumed>) = 4 [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 916] close(3 [pid 362] close(3 [pid 916] <... close resumed>) = 0 [pid 907] <... futex resumed>) = 0 [pid 362] <... close resumed>) = 0 [pid 916] symlink("/dev/binderfs", "./binderfs" [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 916] <... symlink resumed>) = 0 [pid 907] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 916] write(1, "executing program\n", 18 [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 919 [pid 909] <... openat resumed>) = 4 [pid 916] <... write resumed>) = 18 [pid 909] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 916] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 916] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 909] <... futex resumed>) = 1 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 909] write(4, "0x0000000000000000", 18 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] <... mmap resumed>) = 0x7faaf7ae1000 [pid 909] <... write resumed>) = 18 [pid 907] <... futex resumed>) = 0 [pid 916] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 909] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 916] <... mprotect resumed>) = 0 [pid 909] <... futex resumed>) = 0 [pid 907] <... mmap resumed>) = 0x7faaf7ac0000 [pid 916] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 909] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 907] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 916] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 907] <... mprotect resumed>) = 0 [pid 916] <... clone3 resumed> => {parent_tid=[920]}, 88) = 920 [pid 916] rt_sigprocmask(SIG_SETMASK, [], [pid 907] rt_sigprocmask(SIG_BLOCK, ~[], [pid 916] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 916] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] <... rt_sigprocmask resumed>[], 8) = 0 [pid 916] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[922]}, 88) = 922 [pid 907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 907] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 918] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 918] memfd_create("syzkaller", 0) = 3 [pid 918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 ./strace-static-x86_64: Process 919 attached ./strace-static-x86_64: Process 920 attached [pid 918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 922 attached [pid 920] set_robust_list(0x7faaf7b019a0, 24 [pid 919] set_robust_list(0x5555893a06a0, 24 [pid 911] <... mount resumed>) = 0 [pid 922] set_robust_list(0x7faaf7ae09a0, 24 [pid 920] <... set_robust_list resumed>) = 0 [pid 919] <... set_robust_list resumed>) = 0 [pid 918] <... write resumed>) = 1048576 [pid 911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 922] <... set_robust_list resumed>) = 0 [pid 918] munmap(0x7faaef6e1000, 138412032) = 0 [pid 918] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 918] ioctl(4, LOOP_SET_FD, 3 [pid 922] rt_sigprocmask(SIG_SETMASK, [], [pid 918] <... ioctl resumed>) = 0 [pid 918] close(3) = 0 [pid 918] close(4 [pid 920] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 922] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 922] write(4, "0x0000000000000000", 18 [pid 920] memfd_create("syzkaller", 0 [pid 911] <... openat resumed>) = 3 [pid 922] <... write resumed>) = 18 [pid 920] <... memfd_create resumed>) = 3 [pid 920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 922] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 911] chdir("./file0" [pid 922] <... futex resumed>) = 1 [pid 907] <... futex resumed>) = 0 [pid 922] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 911] <... chdir resumed>) = 0 [pid 907] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 909] <... futex resumed>) = 0 [pid 911] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 907] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 909] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 909] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 executing program [pid 907] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 920] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 920] munmap(0x7faaef6e1000, 138412032) = 0 [pid 920] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 919] chdir("./18") = 0 [pid 919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 919] setpgid(0, 0) = 0 [pid 919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 919] write(3, "1000", 4) = 4 [pid 919] close(3) = 0 [pid 919] symlink("/dev/binderfs", "./binderfs") = 0 [pid 919] write(1, "executing program\n", 18) = 18 [pid 919] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 919] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 919] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 919] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 919] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 919] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[925]}, 88) = 925 [pid 919] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 919] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 919] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 925 attached [pid 925] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 925] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 925] memfd_create("syzkaller", 0) = 3 [pid 925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 909] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 925] <... write resumed>) = 1048576 [pid 925] munmap(0x7faaef6e1000, 138412032 [pid 922] <... futex resumed>) = ? [pid 907] <... futex resumed>) = ? [pid 925] <... munmap resumed>) = 0 [pid 925] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 922] +++ killed by SIGBUS +++ [pid 909] +++ killed by SIGBUS +++ [pid 907] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=907, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 360] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 360] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 360] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./18/binderfs") = 0 [pid 360] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 925] <... openat resumed>) = 4 [pid 920] <... openat resumed>) = 4 [pid 918] <... close resumed>) = 0 [pid 911] <... openat resumed>) = 4 [pid 925] ioctl(4, LOOP_SET_FD, 3 [pid 920] ioctl(4, LOOP_SET_FD, 3 [pid 918] mkdir("./file0", 0777 [pid 911] ioctl(4, LOOP_CLR_FD [pid 918] <... mkdir resumed>) = 0 [ 33.491385][ T909] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 918] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 920] <... ioctl resumed>) = 0 [pid 911] <... ioctl resumed>) = 0 [pid 920] close(3 [pid 911] close(4 [pid 920] <... close resumed>) = 0 [pid 920] close(4 [pid 925] <... ioctl resumed>) = 0 [pid 925] close(3) = 0 [pid 925] close(4 [pid 918] <... mount resumed>) = 0 [pid 918] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 918] chdir("./file0") = 0 [pid 918] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 925] <... close resumed>) = 0 [pid 925] mkdir("./file0", 0777 [pid 920] <... close resumed>) = 0 [pid 911] <... close resumed>) = 0 [pid 925] <... mkdir resumed>) = 0 [pid 920] mkdir("./file0", 0777 [pid 911] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 925] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 920] <... mkdir resumed>) = 0 [pid 911] <... futex resumed>) = 1 [pid 908] <... futex resumed>) = 0 [pid 920] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 911] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 908] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 911] <... openat resumed>) = 4 [pid 908] <... futex resumed>) = 0 [pid 911] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 908] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 911] <... futex resumed>) = 0 [pid 908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 911] write(4, "0x0000000000000000", 18 [pid 908] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 911] <... write resumed>) = 18 [pid 908] <... futex resumed>) = 0 [pid 911] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 908] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 911] <... futex resumed>) = 0 [pid 908] <... futex resumed>) = 0 [pid 911] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 908] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 908] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 908] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[930]}, 88) = 930 [pid 918] <... openat resumed>) = 4 [pid 908] rt_sigprocmask(SIG_SETMASK, [], [pid 918] ioctl(4, LOOP_CLR_FD [pid 908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 918] <... ioctl resumed>) = 0 [pid 908] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 918] close(4 [pid 908] <... futex resumed>) = 0 [pid 918] <... close resumed>) = 0 [pid 908] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 918] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 914] <... futex resumed>) = 0 [pid 918] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 914] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 918] <... openat resumed>) = 4 [pid 914] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 918] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 914] <... futex resumed>) = 0 [pid 918] write(4, "0x0000000000000000", 18 [pid 914] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... umount2 resumed>) = 0 [pid 918] <... write resumed>) = 18 [pid 914] <... futex resumed>) = 0 [pid 918] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 914] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 918] <... futex resumed>) = 0 [pid 914] <... futex resumed>) = 0 [pid 918] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 914] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0}./strace-static-x86_64: Process 930 attached [pid 360] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 914] <... clone3 resumed> => {parent_tid=[931]}, 88) = 931 [pid 914] rt_sigprocmask(SIG_SETMASK, [], [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 914] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 914] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] newfstatat(AT_FDCWD, "./18/file0", [pid 914] <... futex resumed>) = 0 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 914] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 360] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 360] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] close(4) = 0 [pid 360] rmdir("./18/file0"./strace-static-x86_64: Process 931 attached [pid 930] set_robust_list(0x7faaf7ae09a0, 24 [pid 920] <... mount resumed>) = 0 [pid 360] <... rmdir resumed>) = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] close(3) = 0 [pid 360] rmdir("./18") = 0 [pid 360] mkdir("./19", 0777) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 360] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 360] close(3) = 0 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 920] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 934 ./strace-static-x86_64: Process 934 attached [pid 931] set_robust_list(0x7faaf7ae09a0, 24 [pid 930] <... set_robust_list resumed>) = 0 [pid 920] <... openat resumed>) = 3 [pid 931] <... set_robust_list resumed>) = 0 [pid 930] rt_sigprocmask(SIG_SETMASK, [], [pid 920] chdir("./file0" [pid 931] rt_sigprocmask(SIG_SETMASK, [], [pid 930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 920] <... chdir resumed>) = 0 [pid 931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 930] write(4, "0x0000000000000000", 18 [pid 920] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 931] write(4, "0x0000000000000000", 18 [pid 930] <... write resumed>) = 18 [pid 920] <... openat resumed>) = 4 [pid 931] <... write resumed>) = 18 [pid 930] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 920] ioctl(4, LOOP_CLR_FD [pid 931] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 930] <... futex resumed>) = 1 [pid 920] <... ioctl resumed>) = 0 [pid 908] <... futex resumed>) = 0 [pid 931] <... futex resumed>) = 1 [pid 930] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 920] close(4 [pid 914] <... futex resumed>) = 0 [pid 908] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 931] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 925] <... mount resumed>) = 0 [pid 920] <... close resumed>) = 0 [pid 914] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 911] <... futex resumed>) = 0 [pid 908] <... futex resumed>) = 1 [pid 925] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 920] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 918] <... futex resumed>) = 0 [pid 914] <... futex resumed>) = 1 [pid 911] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 908] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 925] <... openat resumed>) = 3 [pid 920] <... futex resumed>) = 1 [pid 918] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 916] <... futex resumed>) = 0 [pid 914] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 911] <... mmap resumed>) = 0x20000000 [pid 925] chdir("./file0" [pid 920] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 918] <... mmap resumed>) = 0x20000000 [pid 916] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 911] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 925] <... chdir resumed>) = 0 [pid 920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 918] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] <... futex resumed>) = 0 [pid 911] <... futex resumed>) = 1 [pid 908] <... futex resumed>) = 0 [pid 925] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 920] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 918] <... futex resumed>) = 1 [pid 916] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] <... futex resumed>) = 0 [pid 911] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 908] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 925] <... openat resumed>) = 4 [pid 920] <... openat resumed>) = 4 [pid 918] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 914] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 908] <... futex resumed>) = 0 [pid 934] set_robust_list(0x5555893a06a0, 24 [pid 925] ioctl(4, LOOP_CLR_FD [pid 920] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 914] <... futex resumed>) = 0 [pid 925] <... ioctl resumed>) = 0 [pid 925] close(4) = 0 [pid 925] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 925] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 908] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 934] <... set_robust_list resumed>) = 0 [pid 934] chdir("./19") = 0 [pid 934] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 934] setpgid(0, 0) = 0 [pid 934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 934] write(3, "1000", 4) = 4 [pid 934] close(3) = 0 [pid 934] symlink("/dev/binderfs", "./binderfs") = 0 [pid 934] write(1, "executing program\n", 18executing program ) = 18 [pid 934] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 934] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 919] <... futex resumed>) = 0 [pid 914] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 934] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 919] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 925] <... futex resumed>) = 0 [pid 919] <... futex resumed>) = 1 [pid 925] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 925] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 925] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 934] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 934] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 934] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[937]}, 88) = 937 [pid 934] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 934] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 934] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 937 attached [pid 937] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 937] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 937] memfd_create("syzkaller", 0) = 3 [pid 937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 919] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 920] <... futex resumed>) = 1 [pid 919] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] <... futex resumed>) = 0 [pid 925] <... futex resumed>) = 0 [pid 920] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 919] <... futex resumed>) = 1 [pid 916] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 925] write(4, "0x0000000000000000", 18 [pid 920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 919] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] <... futex resumed>) = 0 [pid 925] <... write resumed>) = 18 [pid 920] write(4, "0x0000000000000000", 18 [pid 919] <... futex resumed>) = 0 [pid 918] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 916] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 911] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 937] <... write resumed>) = 1048576 [pid 931] <... futex resumed>) = ? [pid 925] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 920] <... write resumed>) = 18 [pid 919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 916] <... futex resumed>) = 0 [pid 914] <... futex resumed>) = ? [pid 937] munmap(0x7faaef6e1000, 138412032 [pid 930] <... futex resumed>) = ? [pid 925] <... futex resumed>) = 0 [pid 919] <... mmap resumed>) = 0x7faaf7ac0000 [pid 916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 920] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 908] <... futex resumed>) = ? [pid 930] +++ killed by SIGBUS +++ [pid 931] +++ killed by SIGBUS +++ [pid 925] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 920] <... futex resumed>) = 0 [pid 919] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 916] <... mmap resumed>) = 0x7faaf7ac0000 [pid 920] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 919] <... mprotect resumed>) = 0 [pid 916] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 919] rt_sigprocmask(SIG_BLOCK, ~[], [pid 916] <... mprotect resumed>) = 0 [pid 919] <... rt_sigprocmask resumed>[], 8) = 0 [pid 919] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 916] rt_sigprocmask(SIG_BLOCK, ~[], [pid 937] <... munmap resumed>) = 0 [pid 916] <... rt_sigprocmask resumed>[], 8) = 0 [pid 919] <... clone3 resumed> => {parent_tid=[938]}, 88) = 938 [pid 916] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 937] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 919] rt_sigprocmask(SIG_SETMASK, [], [pid 937] <... openat resumed>) = 4 [pid 919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 919] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] <... clone3 resumed> => {parent_tid=[939]}, 88) = 939 [pid 937] ioctl(4, LOOP_SET_FD, 3 [pid 919] <... futex resumed>) = 0 [pid 916] rt_sigprocmask(SIG_SETMASK, [], [pid 919] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 916] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 916] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 911] +++ killed by SIGBUS +++ [pid 908] +++ killed by SIGBUS +++ [pid 916] <... futex resumed>) = 0 [pid 918] +++ killed by SIGBUS +++ [pid 916] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 914] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 939 attached ./strace-static-x86_64: Process 938 attached [pid 937] <... ioctl resumed>) = 0 [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=908, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=914, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 357] restart_syscall(<... resuming interrupted clone ...> [pid 359] restart_syscall(<... resuming interrupted clone ...> [pid 937] close(3) = 0 [pid 937] close(4) = 0 [pid 937] mkdir("./file0", 0777 [pid 939] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 939] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 939] write(4, "0x0000000000000000", 18) = 18 [ 33.692921][ T911] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 33.708387][ T918] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 939] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 916] <... futex resumed>) = 0 [pid 916] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 920] <... futex resumed>) = 0 [pid 916] <... futex resumed>) = 1 [pid 920] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 916] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 920] <... mmap resumed>) = 0x20000000 [pid 920] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 916] <... futex resumed>) = 0 [pid 920] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 916] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 916] <... futex resumed>) = 0 [pid 916] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... restart_syscall resumed>) = 0 [pid 357] <... restart_syscall resumed>) = 0 [pid 359] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 357] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 359] <... openat resumed>) = 3 [pid 357] <... openat resumed>) = 3 [pid 359] newfstatat(3, "", [pid 357] newfstatat(3, "", [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, [pid 357] getdents64(3, [pid 359] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./18/binderfs", [pid 357] newfstatat(AT_FDCWD, "./17/binderfs", [pid 359] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./18/binderfs" [pid 357] unlink("./17/binderfs" [pid 359] <... unlink resumed>) = 0 [pid 357] <... unlink resumed>) = 0 [pid 359] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 938] set_robust_list(0x7faaf7ae09a0, 24 [pid 937] <... mkdir resumed>) = 0 [pid 938] <... set_robust_list resumed>) = 0 [pid 937] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 939] <... futex resumed>) = 1 [pid 939] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 938] rt_sigprocmask(SIG_SETMASK, [], [pid 920] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 939] <... futex resumed>) = ? [pid 916] <... futex resumed>) = ? [pid 939] +++ killed by SIGBUS +++ [pid 920] +++ killed by SIGBUS +++ [pid 916] +++ killed by SIGBUS +++ [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=916, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 358] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 938] write(4, "0x0000000000000000", 18) = 18 [pid 358] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 938] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 919] <... futex resumed>) = 0 [pid 919] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 925] <... futex resumed>) = 0 [pid 919] <... futex resumed>) = 1 [pid 925] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 919] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 925] <... mmap resumed>) = 0x20000000 [pid 925] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 919] <... futex resumed>) = 0 [pid 938] <... futex resumed>) = 1 [pid 919] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./18/binderfs") = 0 [pid 358] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 938] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 919] <... futex resumed>) = 0 [pid 919] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 925] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 919] <... futex resumed>) = ? [pid 938] <... futex resumed>) = ? [pid 938] +++ killed by SIGBUS +++ [pid 925] +++ killed by SIGBUS +++ [pid 919] +++ killed by SIGBUS +++ [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=919, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 362] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 362] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./18/binderfs") = 0 [pid 362] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] <... umount2 resumed>) = 0 [pid 359] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 359] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] close(4) = 0 [pid 359] rmdir("./18/file0") = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] close(3) = 0 [pid 359] rmdir("./18") = 0 [pid 359] mkdir("./19", 0777) = 0 [ 33.732344][ T920] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 33.759216][ T925] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 937] <... mount resumed>) = 0 [pid 937] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 937] chdir("./file0") = 0 [pid 937] openat(AT_FDCWD, "/dev/loop3", O_RDWRexecuting program [pid 359] <... openat resumed>) = 3 [pid 359] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 359] close(3) = 0 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 944 ./strace-static-x86_64: Process 944 attached [pid 944] set_robust_list(0x5555893a06a0, 24) = 0 [pid 944] chdir("./19") = 0 [pid 944] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 944] setpgid(0, 0) = 0 [pid 944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 944] write(3, "1000", 4) = 4 [pid 944] close(3) = 0 [pid 944] symlink("/dev/binderfs", "./binderfs") = 0 [pid 944] write(1, "executing program\n", 18) = 18 [pid 944] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 944] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 944] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 944] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 944] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[945]}, 88) = 945 [pid 944] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 944] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 944] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 945 attached [pid 945] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 945] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 945] memfd_create("syzkaller", 0) = 3 [pid 945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 945] munmap(0x7faaef6e1000, 138412032) = 0 [pid 945] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 357] <... umount2 resumed>) = 0 [pid 357] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 357] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 357] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] close(4 [pid 937] <... openat resumed>) = 4 [pid 362] <... umount2 resumed>) = 0 [pid 358] <... umount2 resumed>) = 0 [pid 357] <... close resumed>) = 0 [pid 937] ioctl(4, LOOP_CLR_FD [pid 362] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 937] <... ioctl resumed>) = 0 [pid 937] close(4 [pid 358] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 937] <... close resumed>) = 0 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 358] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 357] rmdir("./17/file0") = 0 [pid 358] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 358] close(4) = 0 [pid 358] rmdir("./18/file0") = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] close(3) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] rmdir("./17") = 0 [pid 358] close(3) = 0 [pid 358] rmdir("./18") = 0 [pid 945] <... openat resumed>) = 4 [pid 937] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] newfstatat(AT_FDCWD, "./18/file0", [pid 358] mkdir("./19", 0777 [pid 357] mkdir("./18", 0777 [pid 937] <... futex resumed>) = 1 [pid 934] <... futex resumed>) = 0 [pid 937] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 934] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 934] <... futex resumed>) = 0 [pid 937] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 934] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 937] <... openat resumed>) = 4 [pid 362] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 357] <... mkdir resumed>) = 0 [pid 937] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 934] <... futex resumed>) = 0 [pid 362] <... openat resumed>) = 4 [pid 358] <... mkdir resumed>) = 0 [pid 937] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 934] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 934] <... futex resumed>) = 0 [pid 937] write(4, "0x0000000000000000", 18 [pid 934] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] newfstatat(4, "", [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 937] <... write resumed>) = 18 [pid 934] <... futex resumed>) = 0 [pid 937] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 937] <... futex resumed>) = 0 [pid 934] <... mmap resumed>) = 0x7faaf7ac0000 [pid 937] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 934] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 357] <... openat resumed>) = 3 [pid 934] <... mprotect resumed>) = 0 [pid 934] rt_sigprocmask(SIG_BLOCK, ~[], [pid 362] getdents64(4, [pid 358] <... openat resumed>) = 3 [pid 357] ioctl(3, LOOP_CLR_FD [pid 934] <... rt_sigprocmask resumed>[], 8) = 0 [pid 934] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 362] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 358] ioctl(3, LOOP_CLR_FD [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 362] getdents64(4, [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 357] close(3 [pid 934] <... clone3 resumed> => {parent_tid=[946]}, 88) = 946 ./strace-static-x86_64: Process 946 attached [pid 945] ioctl(4, LOOP_SET_FD, 3 [pid 934] rt_sigprocmask(SIG_SETMASK, [], [pid 362] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 358] close(3 [pid 357] <... close resumed>) = 0 [pid 934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 934] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... close resumed>) = 0 [pid 934] <... futex resumed>) = 0 [pid 934] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 947 [pid 946] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 946] write(4, "0x0000000000000000", 18) = 18 [pid 362] close(4 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 946] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... close resumed>) = 0 [pid 934] <... futex resumed>) = 0 [pid 934] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 937] <... futex resumed>) = 0 [pid 934] <... futex resumed>) = 1 [pid 937] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 934] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 937] <... mmap resumed>) = 0x20000000 [pid 362] rmdir("./18/file0" [pid 937] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 934] <... futex resumed>) = 0 [pid 937] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 934] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 934] <... futex resumed>) = 0 ./strace-static-x86_64: Process 949 attached ./strace-static-x86_64: Process 947 attached [pid 946] <... futex resumed>) = 1 [pid 945] <... ioctl resumed>) = 0 [pid 362] <... rmdir resumed>) = 0 [pid 357] <... clone resumed>, child_tidptr=0x5555893a0690) = 949 [pid 949] set_robust_list(0x5555893a06a0, 24 [pid 947] set_robust_list(0x5555893a06a0, 24 [pid 946] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 945] close(3 [pid 362] getdents64(3, [pid 949] <... set_robust_list resumed>) = 0 [pid 947] <... set_robust_list resumed>) = 0 [pid 945] <... close resumed>) = 0 [pid 362] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 949] chdir("./18" [pid 947] chdir("./19" [pid 945] close(4 [pid 362] close(3 [pid 949] <... chdir resumed>) = 0 [pid 947] <... chdir resumed>) = 0 [pid 937] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 934] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... close resumed>) = 0 [pid 949] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 947] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 362] rmdir("./18" [pid 949] <... prctl resumed>) = 0 [pid 947] <... prctl resumed>) = 0 [pid 946] <... futex resumed>) = ? [pid 934] <... futex resumed>) = ? [pid 362] <... rmdir resumed>) = 0 [pid 947] setpgid(0, 0 [pid 362] mkdir("./19", 0777 [pid 947] <... setpgid resumed>) = 0 [pid 362] <... mkdir resumed>) = 0 [pid 947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 947] <... openat resumed>) = 3 [pid 947] write(3, "1000", 4) = 4 executing program [pid 947] close(3) = 0 [pid 947] symlink("/dev/binderfs", "./binderfs") = 0 [pid 947] write(1, "executing program\n", 18) = 18 [pid 947] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 947] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 947] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 947] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 947] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 947] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[950]}, 88) = 950 [pid 947] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 947] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 947] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 950 attached [pid 950] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 950] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 950] memfd_create("syzkaller", 0) = 3 [pid 950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 949] setpgid(0, 0 [pid 946] +++ killed by SIGBUS +++ [pid 949] <... setpgid resumed>) = 0 [pid 949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 937] +++ killed by SIGBUS +++ [pid 934] +++ killed by SIGBUS +++ [pid 949] write(3, "1000", 4 [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=934, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 360] restart_syscall(<... resuming interrupted clone ...> [pid 949] <... write resumed>) = 4 [pid 949] close(3) = 0 [pid 949] symlink("/dev/binderfs", "./binderfs" [pid 945] <... close resumed>) = 0 [pid 362] <... openat resumed>) = 3 [pid 945] mkdir("./file0", 0777 [pid 362] ioctl(3, LOOP_CLR_FD [pid 945] <... mkdir resumed>) = 0 [pid 945] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 949] <... symlink resumed>) = 0 executing program [pid 949] write(1, "executing program\n", 18) = 18 [pid 949] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 950] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 949] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 949] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 949] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 949] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 949] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[951]}, 88) = 951 [pid 360] <... restart_syscall resumed>) = 0 [pid 949] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 949] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW [pid 949] <... futex resumed>) = 0 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 949] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 360] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 360] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./19/binderfs") = 0 [pid 360] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 950] <... write resumed>) = 1048576 [pid 950] munmap(0x7faaef6e1000, 138412032) = 0 [pid 950] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 951 attached [pid 951] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 951] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 951] memfd_create("syzkaller", 0) = 3 [pid 951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 951] munmap(0x7faaef6e1000, 138412032) = 0 [ 33.976130][ T937] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 951] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 950] <... openat resumed>) = 4 [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 950] ioctl(4, LOOP_SET_FD, 3 [pid 362] close(3 [pid 945] <... mount resumed>) = 0 [pid 945] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 945] chdir("./file0") = 0 [pid 945] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 951] <... openat resumed>) = 4 [pid 951] ioctl(4, LOOP_SET_FD, 3 [pid 950] <... ioctl resumed>) = 0 [pid 362] <... close resumed>) = 0 [pid 951] <... ioctl resumed>) = 0 [pid 950] close(3 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 951] close(3 [pid 950] <... close resumed>) = 0 [pid 945] <... openat resumed>) = 4 [pid 360] <... umount2 resumed>) = 0 [pid 951] <... close resumed>) = 0 [pid 950] close(4 [pid 945] ioctl(4, LOOP_CLR_FD [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 956 [pid 951] close(4 [pid 950] <... close resumed>) = 0 [pid 945] <... ioctl resumed>) = 0 [pid 951] <... close resumed>) = 0 [pid 950] mkdir("./file0", 0777 [pid 945] close(4 [pid 951] mkdir("./file0", 0777 [pid 950] <... mkdir resumed>) = 0 [pid 945] <... close resumed>) = 0 [pid 951] <... mkdir resumed>) = 0 [pid 950] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 945] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 951] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 945] <... futex resumed>) = 1 [pid 944] <... futex resumed>) = 0 [pid 945] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 360] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 956 attached [pid 944] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 360] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(4, [pid 945] <... futex resumed>) = 0 [pid 944] <... futex resumed>) = 1 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 945] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 944] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] close(4) = 0 [pid 360] rmdir("./19/file0" [pid 945] <... openat resumed>) = 4 [pid 360] <... rmdir resumed>) = 0 [pid 945] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 944] <... futex resumed>) = 0 [pid 360] getdents64(3, [pid 945] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 944] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 944] <... futex resumed>) = 0 [pid 360] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 945] write(4, "0x0000000000000000", 18 [pid 944] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 945] <... write resumed>) = 18 [pid 944] <... futex resumed>) = 0 [pid 360] close(3 [pid 945] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 945] <... futex resumed>) = 0 [pid 944] <... mmap resumed>) = 0x7faaf7ac0000 [pid 945] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 944] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 360] <... close resumed>) = 0 [pid 944] <... mprotect resumed>) = 0 [pid 360] rmdir("./19" [pid 944] rt_sigprocmask(SIG_BLOCK, ~[], [pid 360] <... rmdir resumed>) = 0 [pid 944] <... rt_sigprocmask resumed>[], 8) = 0 [pid 944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 360] mkdir("./20", 0777 [pid 956] set_robust_list(0x5555893a06a0, 24 [pid 360] <... mkdir resumed>) = 0 [pid 944] <... clone3 resumed> => {parent_tid=[957]}, 88) = 957 [pid 944] rt_sigprocmask(SIG_SETMASK, [], [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 360] <... openat resumed>) = 3 [pid 944] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] ioctl(3, LOOP_CLR_FD [pid 944] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 360] close(3) = 0 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 956] <... set_robust_list resumed>) = 0 [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 958 ./strace-static-x86_64: Process 957 attached [pid 957] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 957] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 957] write(4, "0x0000000000000000", 18) = 18 [pid 957] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 944] <... futex resumed>) = 0 [pid 944] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 945] <... futex resumed>) = 0 [pid 944] <... futex resumed>) = 1 [pid 945] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 944] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 945] <... mmap resumed>) = 0x20000000 [pid 945] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 944] <... futex resumed>) = 0 [pid 945] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 944] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 944] <... futex resumed>) = 0 ./strace-static-x86_64: Process 958 attached [pid 957] <... futex resumed>) = 1 [pid 956] chdir("./19" [pid 958] set_robust_list(0x5555893a06a0, 24 [pid 956] <... chdir resumed>) = 0 [pid 958] <... set_robust_list resumed>) = 0 [pid 956] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 958] chdir("./20" [pid 956] <... prctl resumed>) = 0 [pid 958] <... chdir resumed>) = 0 [pid 956] setpgid(0, 0 [pid 958] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 956] <... setpgid resumed>) = 0 [pid 958] <... prctl resumed>) = 0 [pid 956] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 958] setpgid(0, 0 [pid 956] <... openat resumed>) = 3 [pid 958] <... setpgid resumed>) = 0 [pid 956] write(3, "1000", 4 [pid 958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 956] <... write resumed>) = 4 [pid 958] <... openat resumed>) = 3 [pid 957] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 945] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 944] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 957] <... futex resumed>) = ? [pid 957] +++ killed by SIGBUS +++ [pid 945] +++ killed by SIGBUS +++ [pid 944] +++ killed by SIGBUS +++ [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=944, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 359] restart_syscall(<... resuming interrupted clone ...> [pid 958] write(3, "1000", 4 [pid 956] close(3) = 0 [pid 956] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 956] write(1, "executing program\n", 18) = 18 [pid 956] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 956] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 956] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 956] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 956] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 956] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 951] <... mount resumed>) = 0 [pid 956] <... clone3 resumed> => {parent_tid=[961]}, 88) = 961 [pid 956] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 956] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 956] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 958] <... write resumed>) = 4 [pid 958] close(3) = 0 [pid 958] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 958] write(1, "executing program\n", 18) = 18 [pid 958] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 958] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 958] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 958] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 958] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 958] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[962]}, 88) = 962 [pid 958] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 958] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 958] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 961 attached [pid 961] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 961] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 961] memfd_create("syzkaller", 0) = 3 [pid 961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 951] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 962 attached ) = 3 [pid 962] set_robust_list(0x7faaf7b019a0, 24 [pid 951] chdir("./file0" [pid 962] <... set_robust_list resumed>) = 0 [pid 951] <... chdir resumed>) = 0 [pid 951] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 962] rt_sigprocmask(SIG_SETMASK, [], [pid 951] <... openat resumed>) = 4 [pid 951] ioctl(4, LOOP_CLR_FD [pid 962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 951] <... ioctl resumed>) = 0 [pid 951] close(4 [pid 962] memfd_create("syzkaller", 0 [pid 951] <... close resumed>) = 0 [pid 950] <... mount resumed>) = 0 [pid 359] <... restart_syscall resumed>) = 0 [pid 961] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 962] <... memfd_create resumed>) = 3 [pid 951] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 949] <... futex resumed>) = 0 [pid 949] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 951] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 949] <... futex resumed>) = 0 [pid 359] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW [pid 949] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 962] <... mmap resumed>) = 0x7faaef6e1000 [pid 951] <... openat resumed>) = 4 [pid 359] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 961] <... write resumed>) = 1048576 [pid 961] munmap(0x7faaef6e1000, 138412032) = 0 [pid 961] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 961] ioctl(4, LOOP_SET_FD, 3 [pid 951] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 950] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 359] newfstatat(3, "", [pid 961] <... ioctl resumed>) = 0 [pid 961] close(3) = 0 [pid 961] close(4 [pid 951] <... futex resumed>) = 1 [pid 950] <... openat resumed>) = 3 [pid 949] <... futex resumed>) = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 949] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] getdents64(3, [pid 951] write(4, "0x0000000000000000", 18 [pid 950] chdir("./file0" [pid 949] <... futex resumed>) = 0 [pid 949] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 951] <... write resumed>) = 18 [pid 949] <... futex resumed>) = 0 [pid 359] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 951] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 950] <... chdir resumed>) = 0 [pid 949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 951] <... futex resumed>) = 0 [pid 950] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 949] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 359] newfstatat(AT_FDCWD, "./19/binderfs", [pid 949] <... mprotect resumed>) = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 951] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 949] rt_sigprocmask(SIG_BLOCK, ~[], [pid 359] unlink("./19/binderfs" [pid 949] <... rt_sigprocmask resumed>[], 8) = 0 [pid 949] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 359] <... unlink resumed>) = 0 [pid 359] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 949] <... clone3 resumed> => {parent_tid=[966]}, 88) = 966 ./strace-static-x86_64: Process 966 attached [pid 949] rt_sigprocmask(SIG_SETMASK, [], [pid 966] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 966] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 966] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 949] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 966] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 966] write(4, "0x0000000000000000", 18) = 18 [pid 949] <... futex resumed>) = 0 [pid 966] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 966] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 949] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 949] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 951] <... futex resumed>) = 0 [pid 951] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 949] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 951] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 951] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 949] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 951] <... futex resumed>) = 0 [pid 949] <... futex resumed>) = 1 [ 34.122876][ T945] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 962] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 949] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] <... write resumed>) = 1048576 [pid 962] munmap(0x7faaef6e1000, 138412032) = 0 [pid 962] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 951] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 966] <... futex resumed>) = ? [pid 949] <... futex resumed>) = ? [pid 966] +++ killed by SIGBUS +++ [pid 951] +++ killed by SIGBUS +++ [pid 949] +++ killed by SIGBUS +++ [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=949, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 357] restart_syscall(<... resuming interrupted clone ...> [pid 961] <... close resumed>) = 0 [pid 950] <... openat resumed>) = 4 [pid 950] ioctl(4, LOOP_CLR_FD) = 0 [pid 950] close(4) = 0 [pid 950] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 950] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 961] mkdir("./file0", 0777 [pid 947] <... futex resumed>) = 0 [pid 961] <... mkdir resumed>) = 0 [pid 947] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 961] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 947] <... futex resumed>) = 1 [pid 950] <... futex resumed>) = 0 [pid 950] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 947] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... restart_syscall resumed>) = 0 [pid 950] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 947] <... futex resumed>) = 0 [pid 357] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 947] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 950] write(4, "0x0000000000000000", 18 [pid 947] <... futex resumed>) = 0 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 947] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 947] <... futex resumed>) = 0 [pid 950] <... write resumed>) = 18 [pid 947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 357] <... openat resumed>) = 3 [pid 950] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 947] <... mmap resumed>) = 0x7faaf7ac0000 [pid 357] newfstatat(3, "", [pid 947] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 950] <... futex resumed>) = 0 [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 947] <... mprotect resumed>) = 0 [pid 950] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 357] getdents64(3, [pid 947] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 357] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 947] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 357] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 947] <... clone3 resumed> => {parent_tid=[967]}, 88) = 967 [pid 357] newfstatat(AT_FDCWD, "./18/binderfs", [pid 947] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 967 attached [pid 357] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 357] unlink("./18/binderfs" [pid 947] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 967] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 357] <... unlink resumed>) = 0 [pid 947] <... futex resumed>) = 0 [pid 357] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 947] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 967] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 967] write(4, "0x0000000000000000", 18) = 18 [pid 967] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 947] <... futex resumed>) = 0 [pid 967] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 947] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 950] <... futex resumed>) = 0 [pid 947] <... futex resumed>) = 1 [pid 950] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 947] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 950] <... mmap resumed>) = 0x20000000 [pid 950] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 947] <... futex resumed>) = 0 [pid 950] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 947] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 950] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 947] <... futex resumed>) = 0 [pid 947] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 950] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 967] <... futex resumed>) = ? [pid 947] <... futex resumed>) = ? [pid 967] +++ killed by SIGBUS +++ [pid 950] +++ killed by SIGBUS +++ [pid 947] +++ killed by SIGBUS +++ [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=947, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 358] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 358] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./19/binderfs") = 0 [pid 358] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 962] <... openat resumed>) = 4 [ 34.163783][ T951] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 34.193561][ T950] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 962] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 962] close(3) = 0 [pid 962] close(4 [pid 961] <... mount resumed>) = 0 [pid 961] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 961] chdir("./file0") = 0 [pid 961] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 962] <... close resumed>) = 0 [pid 962] mkdir("./file0", 0777 [pid 359] <... umount2 resumed>) = 0 [pid 962] <... mkdir resumed>) = 0 [pid 359] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 962] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 359] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] close(4) = 0 [pid 359] rmdir("./19/file0") = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] close(3) = 0 [pid 359] rmdir("./19") = 0 [pid 359] mkdir("./20", 0777) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 358] <... umount2 resumed>) = 0 [pid 358] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 358] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 358] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 358] close(4) = 0 [pid 358] rmdir("./19/file0") = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] close(3) = 0 [pid 358] rmdir("./19") = 0 [pid 358] mkdir("./20", 0777) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 357] <... umount2 resumed>) = 0 [pid 961] <... openat resumed>) = 4 [pid 961] ioctl(4, LOOP_CLR_FD [pid 359] <... openat resumed>) = 3 [pid 358] <... openat resumed>) = 3 [pid 357] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 358] ioctl(3, LOOP_CLR_FD [pid 359] close(3) = 0 [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 358] close(3) = 0 [pid 359] <... clone resumed>, child_tidptr=0x5555893a0690) = 971 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 972 ./strace-static-x86_64: Process 972 attached [pid 961] <... ioctl resumed>) = 0 [pid 961] close(4) = 0 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 961] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] newfstatat(AT_FDCWD, "./18/file0", [pid 961] <... futex resumed>) = 1 [pid 956] <... futex resumed>) = 0 [pid 972] set_robust_list(0x5555893a06a0, 24) = 0 [pid 972] chdir("./20") = 0 [pid 972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 972] setpgid(0, 0) = 0 [pid 961] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 956] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 956] <... futex resumed>) = 0 [pid 357] umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 961] <... openat resumed>) = 4 [pid 956] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 961] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 956] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 961] <... futex resumed>) = 0 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 961] write(4, "0x0000000000000000", 18 [pid 956] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 961] <... write resumed>) = 18 [pid 956] <... futex resumed>) = 0 [pid 357] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 961] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 956] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 961] <... futex resumed>) = 0 [pid 956] <... futex resumed>) = 0 [pid 961] write(4, "0x0000000000000000", 18 [pid 956] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... openat resumed>) = 4 [pid 961] <... write resumed>) = 18 [pid 357] newfstatat(4, "", [pid 961] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 956] <... futex resumed>) = 0 [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 961] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 956] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 956] <... futex resumed>) = 0 [pid 357] getdents64(4, [pid 961] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 956] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 961] <... mmap resumed>) = 0x20000000 [pid 357] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 961] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 956] <... futex resumed>) = 0 [pid 357] getdents64(4, [pid 961] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 956] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 956] <... futex resumed>) = 0 [pid 357] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 956] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 972] write(3, "1000", 4) = 4 [pid 972] close(3) = 0 [pid 972] symlink("/dev/binderfs", "./binderfs") = 0 [pid 972] write(1, "executing program\n", 18executing program ) = 18 [pid 972] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 972] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 972] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 972] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 972] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[974]}, 88) = 974 [pid 972] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 972] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 972] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 974 attached ./strace-static-x86_64: Process 971 attached [pid 961] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 357] close(4 [pid 974] set_robust_list(0x7faaf7b019a0, 24 [pid 971] set_robust_list(0x5555893a06a0, 24 [pid 357] <... close resumed>) = 0 [pid 974] <... set_robust_list resumed>) = 0 [pid 971] <... set_robust_list resumed>) = 0 [pid 357] rmdir("./18/file0" [pid 974] rt_sigprocmask(SIG_SETMASK, [], [pid 971] chdir("./20" [pid 357] <... rmdir resumed>) = 0 [pid 974] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 971] <... chdir resumed>) = 0 [pid 357] getdents64(3, [pid 974] memfd_create("syzkaller", 0 [pid 971] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 357] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 974] <... memfd_create resumed>) = 3 [pid 971] <... prctl resumed>) = 0 [pid 357] close(3 [pid 974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 971] setpgid(0, 0 [pid 357] <... close resumed>) = 0 [pid 974] <... mmap resumed>) = 0x7faaef6e1000 [pid 971] <... setpgid resumed>) = 0 [pid 357] rmdir("./18" [pid 974] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 357] <... rmdir resumed>) = 0 [pid 971] <... openat resumed>) = 3 [pid 357] mkdir("./19", 0777 [pid 971] write(3, "1000", 4 [pid 357] <... mkdir resumed>) = 0 [pid 971] <... write resumed>) = 4 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 971] close(3 [pid 357] <... openat resumed>) = 3 [pid 971] <... close resumed>) = 0 [pid 357] ioctl(3, LOOP_CLR_FD [pid 971] symlink("/dev/binderfs", "./binderfs" [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 971] <... symlink resumed>) = 0 [pid 357] close(3 [pid 971] write(1, "executing program\n", 18 [pid 962] <... mount resumed>) = 0 [pid 956] <... futex resumed>) = ? executing program [pid 357] <... close resumed>) = 0 [pid 971] <... write resumed>) = 18 [pid 971] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 971] <... futex resumed>) = 0 [pid 962] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 971] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 962] <... openat resumed>) = 3 [pid 971] <... rt_sigaction resumed>NULL, 8) = 0 [pid 971] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 357] <... clone resumed>, child_tidptr=0x5555893a0690) = 976 [pid 971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 971] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 971] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 971] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[977]}, 88) = 977 [pid 971] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 971] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 971] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 976 attached [pid 976] set_robust_list(0x5555893a06a0, 24) = 0 [pid 976] chdir("./19" [pid 962] chdir("./file0" [pid 976] <... chdir resumed>) = 0 [pid 976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 976] setpgid(0, 0) = 0 [pid 976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 976] write(3, "1000", 4) = 4 [pid 976] close(3) = 0 [pid 976] symlink("/dev/binderfs", "./binderfs") = 0 [pid 962] <... chdir resumed>) = 0 [pid 976] write(1, "executing program\n", 18executing program ) = 18 [pid 976] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 976] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 976] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 976] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 962] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 976] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 976] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[978]}, 88) = 978 [pid 976] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 976] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 976] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 978 attached [pid 978] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 978] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 978] memfd_create("syzkaller", 0) = 3 [pid 978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 962] <... openat resumed>) = 4 [pid 962] ioctl(4, LOOP_CLR_FD) = 0 [pid 962] close(4./strace-static-x86_64: Process 977 attached [pid 978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 974] <... write resumed>) = 1048576 [pid 962] <... close resumed>) = 0 [pid 961] +++ killed by SIGBUS +++ [pid 956] +++ killed by SIGBUS +++ [pid 974] munmap(0x7faaef6e1000, 138412032 [pid 962] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 974] <... munmap resumed>) = 0 [pid 962] <... futex resumed>) = 1 [pid 974] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 962] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 974] <... openat resumed>) = 4 [pid 974] ioctl(4, LOOP_SET_FD, 3 [pid 977] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 958] <... futex resumed>) = 0 [pid 958] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=956, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 962] <... futex resumed>) = 0 [pid 962] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 958] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 977] memfd_create("syzkaller", 0 [pid 974] <... ioctl resumed>) = 0 [pid 962] <... openat resumed>) = 4 [pid 974] close(3 [pid 962] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW [pid 962] <... futex resumed>) = 1 [pid 958] <... futex resumed>) = 0 [pid 962] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 958] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 958] <... futex resumed>) = 0 [pid 362] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 962] write(4, "0x0000000000000000", 18 [pid 958] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... openat resumed>) = 3 [pid 974] <... close resumed>) = 0 [pid 962] <... write resumed>) = 18 [pid 958] <... futex resumed>) = 0 [pid 362] newfstatat(3, "", [pid 962] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 962] <... futex resumed>) = 0 [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 962] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 958] <... mmap resumed>) = 0x7faaf7ac0000 [pid 362] getdents64(3, [pid 958] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 974] close(4 [pid 958] <... mprotect resumed>) = 0 [pid 362] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 974] <... close resumed>) = 0 [pid 958] rt_sigprocmask(SIG_BLOCK, ~[], [pid 362] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 958] <... rt_sigprocmask resumed>[], 8) = 0 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 958] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 362] newfstatat(AT_FDCWD, "./19/binderfs", ./strace-static-x86_64: Process 980 attached [pid 978] <... write resumed>) = 1048576 [pid 977] <... memfd_create resumed>) = 3 [pid 974] mkdir("./file0", 0777 [pid 362] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 958] <... clone3 resumed> => {parent_tid=[980]}, 88) = 980 [pid 362] unlink("./19/binderfs" [pid 958] rt_sigprocmask(SIG_SETMASK, [], [pid 980] set_robust_list(0x7faaf7ae09a0, 24 [pid 978] munmap(0x7faaef6e1000, 138412032 [pid 977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 974] <... mkdir resumed>) = 0 [pid 958] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 362] <... unlink resumed>) = 0 [pid 958] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 958] <... futex resumed>) = 0 [pid 974] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 978] <... munmap resumed>) = 0 [pid 958] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] <... set_robust_list resumed>) = 0 [pid 980] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 980] write(4, "0x0000000000000000", 18) = 18 [pid 980] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 958] <... futex resumed>) = 0 [pid 958] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 962] <... futex resumed>) = 0 [pid 958] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 980] <... futex resumed>) = 1 [pid 980] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 977] <... mmap resumed>) = 0x7faaef6e1000 [pid 962] <... mmap resumed>) = 0x20000000 [pid 978] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 962] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 958] <... futex resumed>) = 0 [pid 962] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 34.426436][ T961] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 34.432596][ T962] EXT4-fs mount: 35 callbacks suppressed [ 34.432608][ T962] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 958] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 958] <... futex resumed>) = 0 [pid 977] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 958] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 977] <... write resumed>) = 1048576 [pid 977] munmap(0x7faaef6e1000, 138412032) = 0 [pid 977] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 962] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 958] <... futex resumed>) = ? [pid 980] <... futex resumed>) = ? [pid 980] +++ killed by SIGBUS +++ [pid 962] +++ killed by SIGBUS +++ [pid 958] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=958, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 360] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 360] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 360] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./20/binderfs") = 0 [ 34.489041][ T962] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 360] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 978] <... openat resumed>) = 4 [pid 977] <... openat resumed>) = 4 [pid 362] <... umount2 resumed>) = 0 [pid 978] ioctl(4, LOOP_SET_FD, 3 [pid 362] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 362] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 362] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 362] close(4) = 0 [pid 362] rmdir("./19/file0" [pid 977] ioctl(4, LOOP_SET_FD, 3 [pid 362] <... rmdir resumed>) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 362] close(3) = 0 [pid 362] rmdir("./19") = 0 [pid 362] mkdir("./20", 0777) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 974] <... mount resumed>) = 0 [pid 974] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 974] chdir("./file0") = 0 [pid 974] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 360] <... umount2 resumed>) = 0 [pid 978] <... ioctl resumed>) = 0 [pid 977] <... ioctl resumed>) = 0 [pid 360] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 978] close(3 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 978] <... close resumed>) = 0 [pid 978] close(4 [pid 977] close(3 [pid 360] newfstatat(AT_FDCWD, "./20/file0", [pid 978] <... close resumed>) = 0 [pid 978] mkdir("./file0", 0777 [pid 977] <... close resumed>) = 0 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 977] close(4) = 0 [pid 977] mkdir("./file0", 0777 [pid 978] <... mkdir resumed>) = 0 [pid 977] <... mkdir resumed>) = 0 [pid 360] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 977] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 362] <... openat resumed>) = 3 [pid 362] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 362] close(3 [pid 978] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 974] <... openat resumed>) = 4 [pid 362] <... close resumed>) = 0 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 360] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 360] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 985 [pid 360] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 360] getdents64(4, ./strace-static-x86_64: Process 985 attached [pid 974] ioctl(4, LOOP_CLR_FD [pid 360] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] close(4) = 0 [pid 360] rmdir("./20/file0") = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] close(3) = 0 [pid 360] rmdir("./20" [pid 985] set_robust_list(0x5555893a06a0, 24 [pid 360] <... rmdir resumed>) = 0 [pid 985] <... set_robust_list resumed>) = 0 [pid 360] mkdir("./21", 0777 [pid 985] chdir("./20" [pid 360] <... mkdir resumed>) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 985] <... chdir resumed>) = 0 [ 34.569005][ T974] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue executing program [pid 985] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 985] setpgid(0, 0) = 0 [pid 985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 985] write(3, "1000", 4) = 4 [pid 985] close(3) = 0 [pid 985] symlink("/dev/binderfs", "./binderfs") = 0 [pid 985] write(1, "executing program\n", 18) = 18 [pid 985] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 985] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 985] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 985] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 985] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[988]}, 88) = 988 [pid 985] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 985] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 988 attached [pid 988] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 988] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 988] memfd_create("syzkaller", 0) = 3 [pid 988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 977] <... mount resumed>) = 0 [pid 977] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 977] chdir("./file0") = 0 [pid 977] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 988] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 988] munmap(0x7faaef6e1000, 138412032) = 0 [pid 988] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 988] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 988] close(3) = 0 [pid 974] <... ioctl resumed>) = 0 [pid 360] <... openat resumed>) = 3 [pid 988] close(4 [pid 974] close(4 [pid 360] ioctl(3, LOOP_CLR_FD [pid 978] <... mount resumed>) = 0 [pid 978] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 978] chdir("./file0") = 0 [pid 978] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 988] <... close resumed>) = 0 [pid 974] <... close resumed>) = 0 [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 988] mkdir("./file0", 0777) = 0 [pid 988] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 974] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] close(3 [pid 974] <... futex resumed>) = 1 [pid 972] <... futex resumed>) = 0 [pid 974] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 972] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... close resumed>) = 0 [pid 972] <... futex resumed>) = 0 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 972] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 992 [pid 974] <... openat resumed>) = 4 [pid 974] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 972] <... futex resumed>) = 0 [pid 974] write(4, "0x0000000000000000", 18 [pid 972] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 974] <... write resumed>) = 18 [pid 972] <... futex resumed>) = 0 [pid 974] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 972] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 977] <... openat resumed>) = 4 [pid 974] <... futex resumed>) = 0 [pid 972] <... futex resumed>) = 0 [pid 977] ioctl(4, LOOP_CLR_FD [pid 974] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 977] <... ioctl resumed>) = 0 [pid 972] <... mmap resumed>) = 0x7faaf7ac0000 [pid 972] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 977] close(4 [pid 972] <... mprotect resumed>) = 0 [pid 977] <... close resumed>) = 0 [pid 977] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 972] rt_sigprocmask(SIG_BLOCK, ~[], [pid 977] <... futex resumed>) = 1 [pid 972] <... rt_sigprocmask resumed>[], 8) = 0 [pid 971] <... futex resumed>) = 0 [pid 977] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 971] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 971] <... futex resumed>) = 0 [pid 972] <... clone3 resumed> => {parent_tid=[993]}, 88) = 993 [pid 977] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 972] rt_sigprocmask(SIG_SETMASK, [], [pid 971] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 972] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 972] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 977] <... openat resumed>) = 4 [pid 977] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 978] <... openat resumed>) = 4 [pid 977] <... futex resumed>) = 1 [pid 971] <... futex resumed>) = 0 [pid 977] write(4, "0x0000000000000000", 18 [pid 971] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 977] <... write resumed>) = 18 [pid 971] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 977] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 971] <... futex resumed>) = 0 [ 34.619172][ T977] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 34.649102][ T978] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue ./strace-static-x86_64: Process 993 attached ./strace-static-x86_64: Process 992 attached [pid 978] ioctl(4, LOOP_CLR_FD [pid 977] <... futex resumed>) = 0 [pid 971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 977] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 971] <... mmap resumed>) = 0x7faaf7ac0000 [pid 971] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 993] set_robust_list(0x7faaf7ae09a0, 24 [pid 992] set_robust_list(0x5555893a06a0, 24 [pid 978] <... ioctl resumed>) = 0 [pid 988] <... mount resumed>) = 0 [pid 988] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 971] <... mprotect resumed>) = 0 [pid 988] <... openat resumed>) = 3 [pid 988] chdir("./file0") = 0 [pid 988] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 988] ioctl(4, LOOP_CLR_FD) = 0 [pid 988] close(4) = 0 [pid 988] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 985] <... futex resumed>) = 0 [pid 985] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 988] <... futex resumed>) = 1 [pid 988] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 988] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 985] <... futex resumed>) = 0 [pid 985] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 985] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 985] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 985] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[996]}, 88) = 996 [pid 985] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 985] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 988] <... futex resumed>) = 1 [pid 988] write(4, "0x0000000000000000", 18) = 18 [pid 988] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 988] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 996 attached [pid 996] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 996] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 996] write(4, "0x0000000000000000", 18) = 18 [pid 996] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 985] <... futex resumed>) = 0 [pid 985] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 985] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 988] <... futex resumed>) = 0 [pid 988] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 971] rt_sigprocmask(SIG_BLOCK, ~[], [pid 988] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 985] <... futex resumed>) = 0 [pid 985] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 988] <... futex resumed>) = 1 [pid 996] <... futex resumed>) = 1 [pid 993] <... set_robust_list resumed>) = 0 [pid 992] <... set_robust_list resumed>) = 0 [pid 978] close(4 [pid 971] <... rt_sigprocmask resumed>[], 8) = 0 [pid 971] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[997]}, 88) = 997 [pid 971] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 971] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 971] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 978] <... close resumed>) = 0 [pid 978] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 976] <... futex resumed>) = 0 [pid 976] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 976] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 978] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 993] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 993] write(4, "0x0000000000000000", 18) = 18 [pid 992] chdir("./21" [pid 993] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 972] <... futex resumed>) = 0 [pid 972] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 974] <... futex resumed>) = 0 [pid 972] <... futex resumed>) = 1 [pid 974] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 972] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 974] <... mmap resumed>) = 0x20000000 [pid 974] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 972] <... futex resumed>) = 0 ./strace-static-x86_64: Process 997 attached [pid 996] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 993] <... futex resumed>) = 1 [pid 992] <... chdir resumed>) = 0 [pid 988] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 972] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 996] <... futex resumed>) = ? [pid 985] <... futex resumed>) = ? [pid 996] +++ killed by SIGBUS +++ [pid 988] +++ killed by SIGBUS +++ [pid 985] +++ killed by SIGBUS +++ [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=985, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 362] restart_syscall(<... resuming interrupted clone ...> [pid 997] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 997] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 997] write(4, "0x0000000000000000", 18 [pid 993] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 997] <... write resumed>) = 18 [pid 992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 997] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 971] <... futex resumed>) = 0 [pid 971] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 971] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 992] setpgid(0, 0 [pid 997] <... futex resumed>) = 1 [pid 997] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 992] <... setpgid resumed>) = 0 [pid 992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 992] write(3, "1000", 4) = 4 [pid 992] close(3) = 0 [pid 992] symlink("/dev/binderfs", "./binderfs") = 0 [pid 992] write(1, "executing program\n", 18executing program ) = 18 [pid 992] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 992] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 977] <... futex resumed>) = 0 [pid 977] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 972] <... futex resumed>) = 0 [pid 992] <... rt_sigaction resumed>NULL, 8) = 0 [pid 992] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 977] <... mmap resumed>) = 0x20000000 [pid 972] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 977] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 992] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 977] <... futex resumed>) = 1 [pid 971] <... futex resumed>) = 0 [pid 977] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 971] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 971] <... futex resumed>) = 0 [pid 978] <... openat resumed>) = 4 [pid 971] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 992] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 992] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 992] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[998]}, 88) = 998 [pid 992] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 992] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 992] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 974] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 993] <... futex resumed>) = ? [pid 972] <... futex resumed>) = ? [pid 993] +++ killed by SIGBUS +++ [pid 974] +++ killed by SIGBUS +++ [pid 972] +++ killed by SIGBUS +++ [pid 362] <... restart_syscall resumed>) = 0 [pid 362] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 34.680923][ T988] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 34.697286][ T988] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 34.701313][ T974] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 362] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./20/binderfs") = 0 [pid 362] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 978] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 976] <... futex resumed>) = 0 [pid 976] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 976] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 976] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 976] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 976] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[999]}, 88) = 999 [pid 976] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 976] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 976] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 978] <... futex resumed>) = 1 [pid 978] write(4, "0x0000000000000000", 18) = 18 [pid 978] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 978] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 999 attached [pid 999] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 999] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 999] write(4, "0x0000000000000000", 18) = 18 ./strace-static-x86_64: Process 998 attached [pid 977] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=972, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 999] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 998] set_robust_list(0x7faaf7b019a0, 24 [pid 997] <... futex resumed>) = ? [pid 971] <... futex resumed>) = ? [pid 976] <... futex resumed>) = 0 [pid 358] <... openat resumed>) = 3 [pid 976] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 978] <... futex resumed>) = 0 [pid 976] <... futex resumed>) = 1 [pid 978] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 976] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] <... set_robust_list resumed>) = 0 [pid 358] newfstatat(3, "", [pid 998] rt_sigprocmask(SIG_SETMASK, [], [pid 997] +++ killed by SIGBUS +++ [pid 978] <... mmap resumed>) = 0x20000000 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 978] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 976] <... futex resumed>) = 0 [pid 999] <... futex resumed>) = 1 [pid 998] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 977] +++ killed by SIGBUS +++ [pid 976] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 971] +++ killed by SIGBUS +++ [pid 358] getdents64(3, [pid 998] memfd_create("syzkaller", 0 [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=971, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 358] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 998] <... memfd_create resumed>) = 3 [pid 358] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 998] <... mmap resumed>) = 0x7faaef6e1000 [pid 359] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] newfstatat(AT_FDCWD, "./20/binderfs", [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 358] unlink("./20/binderfs" [pid 359] <... openat resumed>) = 3 [pid 358] <... unlink resumed>) = 0 [pid 359] newfstatat(3, "", [pid 358] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./20/binderfs") = 0 [pid 359] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 999] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 978] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 976] <... futex resumed>) = 0 [pid 976] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 999] <... futex resumed>) = ? [pid 976] <... futex resumed>) = ? [pid 999] +++ killed by SIGBUS +++ [pid 978] +++ killed by SIGBUS +++ [pid 976] +++ killed by SIGBUS +++ [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=976, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 357] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 357] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 357] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./19/binderfs") = 0 [pid 357] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 998] <... write resumed>) = 1048576 [pid 998] munmap(0x7faaef6e1000, 138412032) = 0 [pid 998] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 362] <... umount2 resumed>) = 0 [pid 362] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 362] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [ 34.727292][ T977] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 34.745955][ T978] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 362] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 362] close(4) = 0 [pid 362] rmdir("./20/file0") = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 362] close(3) = 0 [pid 362] rmdir("./20") = 0 [pid 362] mkdir("./21", 0777) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 998] <... openat resumed>) = 4 [pid 998] ioctl(4, LOOP_SET_FD, 3 [pid 362] <... openat resumed>) = 3 [pid 359] <... umount2 resumed>) = 0 [pid 358] <... umount2 resumed>) = 0 [pid 998] <... ioctl resumed>) = 0 [pid 362] ioctl(3, LOOP_CLR_FD [pid 359] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] close(3 [pid 359] newfstatat(AT_FDCWD, "./20/file0", [pid 362] <... close resumed>) = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] <... umount2 resumed>) = 0 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 359] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 1002 [pid 359] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 359] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] close(4) = 0 [pid 359] rmdir("./20/file0" [pid 998] close(3 [pid 359] <... rmdir resumed>) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] close(3) = 0 [pid 359] rmdir("./20") = 0 [pid 359] mkdir("./21", 0777 [pid 998] <... close resumed>) = 0 [pid 359] <... mkdir resumed>) = 0 [pid 358] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 998] close(4 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 359] close(3) = 0 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 1003 ./strace-static-x86_64: Process 1002 attached [pid 1002] set_robust_list(0x5555893a06a0, 24 [pid 358] newfstatat(AT_FDCWD, "./20/file0", [pid 357] newfstatat(AT_FDCWD, "./19/file0", [pid 1002] <... set_robust_list resumed>) = 0 [pid 1002] chdir("./21" [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 1003 attached [pid 1002] <... chdir resumed>) = 0 [pid 358] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 357] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 358] <... openat resumed>) = 4 [pid 357] <... openat resumed>) = 4 [pid 358] newfstatat(4, "", [pid 1003] set_robust_list(0x5555893a06a0, 24 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] newfstatat(4, "", [pid 358] getdents64(4, [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 357] getdents64(4, [pid 358] getdents64(4, [pid 1003] <... set_robust_list resumed>) = 0 [pid 1003] chdir("./21" [pid 358] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 1002] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 358] close(4 [pid 357] getdents64(4, [pid 1003] <... chdir resumed>) = 0 [pid 358] <... close resumed>) = 0 [pid 358] rmdir("./20/file0" [pid 357] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 1002] <... prctl resumed>) = 0 [pid 1003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1003] setpgid(0, 0) = 0 [pid 1003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1002] setpgid(0, 0 [pid 358] <... rmdir resumed>) = 0 [pid 357] close(4 [pid 1002] <... setpgid resumed>) = 0 [pid 358] getdents64(3, [pid 357] <... close resumed>) = 0 [pid 1003] <... openat resumed>) = 3 [pid 1002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 358] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 executing program [pid 357] rmdir("./19/file0" [pid 358] close(3 [pid 1003] write(3, "1000", 4) = 4 [pid 1003] close(3) = 0 [pid 357] <... rmdir resumed>) = 0 [pid 358] <... close resumed>) = 0 [pid 357] getdents64(3, [pid 358] rmdir("./20" [pid 357] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 1003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 358] <... rmdir resumed>) = 0 [pid 357] close(3 [pid 1002] <... openat resumed>) = 3 [pid 358] mkdir("./21", 0777 [pid 1002] write(3, "1000", 4 [pid 357] <... close resumed>) = 0 [pid 1003] write(1, "executing program\n", 18) = 18 [pid 1003] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1003] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 358] <... mkdir resumed>) = 0 [pid 357] rmdir("./19" [pid 1002] <... write resumed>) = 4 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1003] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 357] <... rmdir resumed>) = 0 [pid 1002] close(3 [pid 357] mkdir("./20", 0777 [pid 1003] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1003] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[1004]}, 88) = 1004 [pid 357] <... mkdir resumed>) = 0 [pid 1002] <... close resumed>) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1003] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1002] symlink("/dev/binderfs", "./binderfs" [pid 1003] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1004 attached [pid 1004] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 1004] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1002] <... symlink resumed>) = 0 [pid 1004] memfd_create("syzkaller", 0) = 3 [pid 1002] write(1, "executing program\n", 18 [pid 1004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 executing program [pid 1002] <... write resumed>) = 18 [pid 1002] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1002] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1002] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1002] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1002] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1002] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[1005]}, 88) = 1005 [pid 1002] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1002] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1002] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1005 attached [pid 1004] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 1005] set_robust_list(0x7faaf7b019a0, 24 [pid 1004] <... write resumed>) = 1048576 [pid 1005] <... set_robust_list resumed>) = 0 [pid 1005] rt_sigprocmask(SIG_SETMASK, [], [pid 1004] munmap(0x7faaef6e1000, 138412032 [pid 1005] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1004] <... munmap resumed>) = 0 [pid 1005] memfd_create("syzkaller", 0) = 3 [pid 1004] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 1004] <... openat resumed>) = 4 [pid 998] <... close resumed>) = 0 [pid 998] mkdir("./file0", 0777 [pid 1004] ioctl(4, LOOP_SET_FD, 3 [pid 998] <... mkdir resumed>) = 0 [pid 998] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1005] munmap(0x7faaef6e1000, 138412032) = 0 [pid 1005] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1005] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 358] <... openat resumed>) = 3 [pid 357] <... openat resumed>) = 3 [pid 358] ioctl(3, LOOP_CLR_FD [pid 357] ioctl(3, LOOP_CLR_FD [pid 1005] close(3) = 0 [pid 1005] close(4) = 0 [pid 1004] <... ioctl resumed>) = 0 [pid 1005] mkdir("./file0", 0777 [pid 1004] close(3) = 0 [pid 1004] close(4 [pid 1005] <... mkdir resumed>) = 0 [pid 1005] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1004] <... close resumed>) = 0 [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1004] mkdir("./file0", 0777 [pid 358] close(3 [pid 357] close(3 [pid 358] <... close resumed>) = 0 [pid 357] <... close resumed>) = 0 [pid 1004] <... mkdir resumed>) = 0 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1004] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 1009 [pid 357] <... clone resumed>, child_tidptr=0x5555893a0690) = 1010 ./strace-static-x86_64: Process 1009 attached [pid 1009] set_robust_list(0x5555893a06a0, 24) = 0 [pid 1009] chdir("./21") = 0 [pid 1009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1009] setpgid(0, 0) = 0 [pid 1009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1009] write(3, "1000", 4) = 4 [pid 1009] close(3) = 0 [pid 1009] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 1010 attached executing program ) = 0 [pid 1009] write(1, "executing program\n", 18) = 18 [pid 1009] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1009] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1009] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[1012]}, 88) = 1012 [pid 1009] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1009] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1012 attached [pid 1012] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 1012] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1010] set_robust_list(0x5555893a06a0, 24) = 0 [pid 998] <... mount resumed>) = 0 [pid 998] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 998] chdir("./file0") = 0 [pid 998] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1012] memfd_create("syzkaller", 0 [pid 1010] chdir("./20") = 0 [pid 1010] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1012] <... memfd_create resumed>) = 3 [pid 1012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1010] <... prctl resumed>) = 0 [pid 1010] setpgid(0, 0 [pid 1012] <... mmap resumed>) = 0x7faaef6e1000 [pid 1010] <... setpgid resumed>) = 0 [pid 1010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 1010] write(3, "1000", 4) = 4 [pid 1010] close(3) = 0 [pid 1010] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1010] write(1, "executing program\n", 18) = 18 [pid 1010] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1010] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1010] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1010] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1010] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1010] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[1013]}, 88) = 1013 [pid 1010] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1010] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1010] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1013 attached [pid 1013] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 1013] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1013] memfd_create("syzkaller", 0) = 3 [pid 1013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 1012] <... write resumed>) = 1048576 [pid 1012] munmap(0x7faaef6e1000, 138412032) = 0 [pid 1012] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1013] munmap(0x7faaef6e1000, 138412032) = 0 [pid 1013] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 998] <... openat resumed>) = 4 [pid 998] ioctl(4, LOOP_CLR_FD [pid 1012] <... openat resumed>) = 4 [pid 1012] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1013] <... openat resumed>) = 4 [pid 998] <... ioctl resumed>) = 0 [pid 1013] ioctl(4, LOOP_SET_FD, 3 [pid 998] close(4) = 0 [pid 998] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1012] close(3 [pid 998] <... futex resumed>) = 1 [pid 992] <... futex resumed>) = 0 [pid 1012] <... close resumed>) = 0 [pid 1012] close(4 [pid 998] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 992] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1013] <... ioctl resumed>) = 0 [pid 1013] close(3 [pid 992] <... futex resumed>) = 0 [pid 1013] <... close resumed>) = 0 [pid 1013] close(4 [pid 992] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] <... openat resumed>) = 4 [pid 998] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 992] <... futex resumed>) = 0 [pid 998] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 992] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 998] write(4, "0x0000000000000000", 18 [pid 992] <... futex resumed>) = 0 [pid 992] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 998] <... write resumed>) = 18 [pid 992] <... futex resumed>) = 0 [pid 992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 998] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 992] <... mmap resumed>) = 0x7faaf7ac0000 [pid 998] <... futex resumed>) = 0 [pid 992] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 998] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 992] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 992] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0}./strace-static-x86_64: Process 1016 attached => {parent_tid=[1016]}, 88) = 1016 [pid 1016] set_robust_list(0x7faaf7ae09a0, 24 [pid 992] rt_sigprocmask(SIG_SETMASK, [], [pid 1016] <... set_robust_list resumed>) = 0 [pid 992] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1016] rt_sigprocmask(SIG_SETMASK, [], [pid 992] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1016] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 992] <... futex resumed>) = 0 [pid 992] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1016] write(4, "0x0000000000000000", 18) = 18 [pid 1016] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 992] <... futex resumed>) = 0 [pid 1016] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 992] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 998] <... futex resumed>) = 0 [pid 992] <... futex resumed>) = 1 [pid 998] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 992] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] <... mmap resumed>) = 0x20000000 [ 35.094185][ T998] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 998] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 992] <... futex resumed>) = 0 [pid 998] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 992] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 998] <... futex resumed>) = 0 [pid 992] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1016] <... futex resumed>) = ? [pid 1004] <... mount resumed>) = 0 [pid 992] <... futex resumed>) = ? [pid 1004] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1004] chdir("./file0") = 0 [pid 1004] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1016] +++ killed by SIGBUS +++ [pid 998] +++ killed by SIGBUS +++ [pid 992] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=992, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 360] restart_syscall(<... resuming interrupted clone ...> [pid 1005] <... mount resumed>) = 0 [pid 360] <... restart_syscall resumed>) = 0 [pid 360] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 360] newfstatat(3, "", [pid 1005] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1005] <... openat resumed>) = 3 [pid 360] getdents64(3, [pid 1005] chdir("./file0" [pid 360] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./21/binderfs" [pid 1005] <... chdir resumed>) = 0 [pid 360] <... unlink resumed>) = 0 [pid 360] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1005] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1012] <... close resumed>) = 0 [pid 1012] mkdir("./file0", 0777) = 0 [ 35.146135][ T998] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 35.158553][ T1004] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 35.169655][ T1005] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 1012] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1013] <... close resumed>) = 0 [pid 1013] mkdir("./file0", 0777 [pid 1004] <... openat resumed>) = 4 [pid 1013] <... mkdir resumed>) = 0 [pid 1013] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1004] ioctl(4, LOOP_CLR_FD [pid 1005] <... openat resumed>) = 4 [pid 1005] ioctl(4, LOOP_CLR_FD) = 0 [pid 1005] close(4) = 0 [pid 1005] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1002] <... futex resumed>) = 0 [pid 1002] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1002] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1005] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 1004] <... ioctl resumed>) = 0 [pid 360] <... umount2 resumed>) = 0 [pid 1004] close(4) = 0 [pid 1004] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1005] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1004] <... futex resumed>) = 1 [pid 1003] <... futex resumed>) = 0 [pid 1003] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1002] <... futex resumed>) = 0 [pid 1003] <... futex resumed>) = 0 [pid 1002] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1003] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1002] <... futex resumed>) = 0 [pid 1002] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 1002] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1002] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1002] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[1021]}, 88) = 1021 [pid 1002] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1002] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1002] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1005] <... futex resumed>) = 1 [pid 1005] write(4, "0x0000000000000000", 18 [pid 1004] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1005] <... write resumed>) = 18 [pid 1005] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1005] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1004] <... openat resumed>) = 4 [pid 1004] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1003] <... futex resumed>) = 0 [pid 1003] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1003] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1003] <... mmap resumed>) = 0x7faaf7ac0000 [pid 1003] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 360] newfstatat(AT_FDCWD, "./21/file0", [pid 1003] <... mprotect resumed>) = 0 [pid 1003] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1003] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 360] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1003] <... clone3 resumed> => {parent_tid=[1024]}, 88) = 1024 [pid 1003] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1003] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1004] <... futex resumed>) = 1 [pid 1004] write(4, "0x0000000000000000", 18) = 18 [pid 1004] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1004] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 1024 attached [pid 1024] set_robust_list(0x7faaf7ae09a0, 24 [pid 360] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1024] <... set_robust_list resumed>) = 0 [pid 1024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1024] write(4, "0x0000000000000000", 18) = 18 [pid 1024] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1003] <... futex resumed>) = 0 [pid 1003] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1004] <... futex resumed>) = 0 [pid 1003] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1004] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 1004] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1003] <... futex resumed>) = 0 [pid 1003] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1004] <... futex resumed>) = 1 ./strace-static-x86_64: Process 1021 attached [pid 360] <... openat resumed>) = 4 [pid 1024] <... futex resumed>) = 1 [pid 1024] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1004] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1024] <... futex resumed>) = ? [pid 1003] <... futex resumed>) = ? [pid 1024] +++ killed by SIGBUS +++ [pid 1004] +++ killed by SIGBUS +++ [pid 1003] +++ killed by SIGBUS +++ [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1003, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 360] newfstatat(4, "", [pid 1021] set_robust_list(0x7faaf7ae09a0, 24 [pid 1012] <... mount resumed>) = 0 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1021] <... set_robust_list resumed>) = 0 [pid 360] getdents64(4, [pid 359] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1021] rt_sigprocmask(SIG_SETMASK, [], [pid 1012] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 360] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1021] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1012] <... openat resumed>) = 3 [pid 360] getdents64(4, [pid 359] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1021] write(4, "0x0000000000000000", 18 [pid 1012] chdir("./file0" [pid 360] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] <... openat resumed>) = 3 [pid 1021] <... write resumed>) = 18 [pid 1012] <... chdir resumed>) = 0 [pid 360] close(4 [pid 359] newfstatat(3, "", [pid 1021] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1012] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 360] <... close resumed>) = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1021] <... futex resumed>) = 1 [pid 1012] <... openat resumed>) = 4 [pid 360] rmdir("./21/file0" [pid 359] getdents64(3, [pid 1021] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1012] ioctl(4, LOOP_CLR_FD [pid 360] <... rmdir resumed>) = 0 [pid 359] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 1012] <... ioctl resumed>) = 0 [pid 360] getdents64(3, [pid 359] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1012] close(4 [pid 360] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 1002] <... futex resumed>) = 0 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1012] <... close resumed>) = 0 [pid 360] close(3 [pid 359] newfstatat(AT_FDCWD, "./21/binderfs", [pid 1012] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... close resumed>) = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1012] <... futex resumed>) = 1 [pid 1009] <... futex resumed>) = 0 [pid 360] rmdir("./21" [pid 359] unlink("./21/binderfs" [pid 1012] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 360] <... rmdir resumed>) = 0 [pid 359] <... unlink resumed>) = 0 [pid 360] mkdir("./22", 0777 [pid 359] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] <... mkdir resumed>) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 360] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 360] close(3) = 0 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 1027 [pid 1002] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1027 attached [pid 1009] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1005] <... futex resumed>) = 0 [pid 1002] <... futex resumed>) = 1 [pid 1012] <... futex resumed>) = 0 [pid 1009] <... futex resumed>) = 1 [pid 1005] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1002] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1027] set_robust_list(0x5555893a06a0, 24 [pid 1013] <... mount resumed>) = 0 [pid 1009] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1005] <... mmap resumed>) = 0x20000000 [pid 1027] <... set_robust_list resumed>) = 0 [pid 1005] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1027] chdir("./22" [pid 1012] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1005] <... futex resumed>) = 1 [pid 1002] <... futex resumed>) = 0 [pid 1027] <... chdir resumed>) = 0 [pid 1013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 1012] <... openat resumed>) = 4 [pid 1005] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1002] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1027] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1012] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1002] <... futex resumed>) = 0 [pid 1012] <... futex resumed>) = 1 [pid 1009] <... futex resumed>) = 0 [pid 1012] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1009] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1002] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1009] <... futex resumed>) = 0 [pid 1012] write(4, "0x0000000000000000", 18 [pid 1009] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1012] <... write resumed>) = 18 [pid 1009] <... futex resumed>) = 0 [pid 1012] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1012] <... futex resumed>) = 0 [pid 1009] <... mmap resumed>) = 0x7faaf7ac0000 [pid 1012] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 35.282311][ T1004] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 35.297322][ T1012] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 35.308749][ T1013] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 1009] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[1028]}, 88) = 1028 [pid 1009] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1009] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1028 attached [pid 1028] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 1028] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1028] write(4, "0x0000000000000000", 18) = 18 [pid 1028] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1009] <... futex resumed>) = 0 [pid 1009] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1012] <... futex resumed>) = 0 [pid 1009] <... futex resumed>) = 1 [pid 1012] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1009] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1012] <... mmap resumed>) = 0x20000000 [pid 1012] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1009] <... futex resumed>) = 0 [pid 1012] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1009] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1009] <... futex resumed>) = 0 [pid 1027] <... prctl resumed>) = 0 [pid 1013] <... openat resumed>) = 3 [pid 1009] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1027] setpgid(0, 0 [pid 1013] chdir("./file0" [pid 1027] <... setpgid resumed>) = 0 [pid 1013] <... chdir resumed>) = 0 [pid 1027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1013] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1027] <... openat resumed>) = 3 [pid 1013] <... openat resumed>) = 4 [pid 1027] write(3, "1000", 4) = 4 [pid 1013] ioctl(4, LOOP_CLR_FD [pid 1027] close(3) = 0 [pid 1013] <... ioctl resumed>) = 0 [pid 1027] symlink("/dev/binderfs", "./binderfs"executing program [pid 1028] <... futex resumed>) = 1 [pid 1027] <... symlink resumed>) = 0 [pid 1013] close(4 [pid 1027] write(1, "executing program\n", 18) = 18 [pid 1013] <... close resumed>) = 0 [pid 1027] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1013] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1027] <... futex resumed>) = 0 [pid 1013] <... futex resumed>) = 1 [pid 1010] <... futex resumed>) = 0 [pid 1027] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 1013] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1010] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1027] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1013] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1010] <... futex resumed>) = 0 [pid 1027] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1013] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1010] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1013] <... openat resumed>) = 4 [pid 1027] <... mmap resumed>) = 0x7faaf7ae1000 [pid 1013] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1027] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 1010] <... futex resumed>) = 0 [pid 1027] <... mprotect resumed>) = 0 [pid 1013] <... futex resumed>) = 1 [pid 1010] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1027] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1013] write(4, "0x0000000000000000", 18 [pid 1010] <... futex resumed>) = 0 [pid 1027] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1010] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 1010] <... futex resumed>) = 0 [pid 1013] <... write resumed>) = 18 [pid 1013] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1027] <... clone3 resumed> => {parent_tid=[1029]}, 88) = 1029 [pid 1013] <... futex resumed>) = 0 [pid 1027] rt_sigprocmask(SIG_SETMASK, [], [pid 1013] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1010] <... mmap resumed>) = 0x7faaf7ac0000 [pid 1027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1010] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 1027] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1010] <... mprotect resumed>) = 0 [pid 1027] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1029 attached [pid 1028] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1027] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1012] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1010] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1005] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1028] <... futex resumed>) = ? [pid 1021] <... futex resumed>) = ? [pid 1010] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1009] <... futex resumed>) = ? [pid 1002] <... futex resumed>) = ? [pid 1010] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0}./strace-static-x86_64: Process 1030 attached [pid 1029] set_robust_list(0x7faaf7b019a0, 24 [pid 1028] +++ killed by SIGBUS +++ [pid 1021] +++ killed by SIGBUS +++ [pid 1005] +++ killed by SIGBUS +++ [pid 1002] +++ killed by SIGBUS +++ [pid 1030] set_robust_list(0x7faaf7ae09a0, 24 [pid 1012] +++ killed by SIGBUS +++ [pid 1009] +++ killed by SIGBUS +++ [pid 1010] <... clone3 resumed> => {parent_tid=[1030]}, 88) = 1030 [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1002, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 1010] rt_sigprocmask(SIG_SETMASK, [], [pid 362] restart_syscall(<... resuming interrupted clone ...> [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1009, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 1010] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 358] restart_syscall(<... resuming interrupted clone ...> [pid 1010] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1029] <... set_robust_list resumed>) = 0 [pid 1010] <... futex resumed>) = 0 [pid 1010] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1030] <... set_robust_list resumed>) = 0 [pid 1029] memfd_create("syzkaller", 0) = 3 [pid 1029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 1030] rt_sigprocmask(SIG_SETMASK, [], [pid 362] <... restart_syscall resumed>) = 0 [pid 358] <... restart_syscall resumed>) = 0 [pid 362] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 358] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 362] <... openat resumed>) = 3 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(3, "", [pid 358] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] <... openat resumed>) = 3 [pid 362] getdents64(3, [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] getdents64(3, [pid 362] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] newfstatat(AT_FDCWD, "./21/binderfs", [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] newfstatat(AT_FDCWD, "./21/binderfs", [pid 362] unlink("./21/binderfs" [pid 358] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./21/binderfs" [pid 362] <... unlink resumed>) = 0 [pid 358] <... unlink resumed>) = 0 [pid 358] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1030] write(4, "0x0000000000000000", 18) = 18 [pid 1030] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 1030] <... futex resumed>) = 1 [pid 1029] <... write resumed>) = 1048576 [pid 1010] <... futex resumed>) = 0 [pid 1029] munmap(0x7faaef6e1000, 138412032 [pid 1010] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1013] <... futex resumed>) = 0 [pid 1010] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1013] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 1029] <... munmap resumed>) = 0 [pid 1013] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1029] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1013] <... futex resumed>) = 1 [pid 1010] <... futex resumed>) = 0 [pid 1013] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1010] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1013] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1010] <... futex resumed>) = 0 [pid 1030] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 35.331414][ T1005] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 35.341933][ T1012] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 1010] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1013] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 359] <... umount2 resumed>) = 0 [pid 1010] <... futex resumed>) = ? [pid 359] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1030] <... futex resumed>) = ? [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1030] +++ killed by SIGBUS +++ [pid 359] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 359] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] close(4) = 0 [pid 359] rmdir("./21/file0" [pid 1013] +++ killed by SIGBUS +++ [pid 1010] +++ killed by SIGBUS +++ [pid 359] <... rmdir resumed>) = 0 [pid 359] getdents64(3, [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1010, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 359] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] restart_syscall(<... resuming interrupted clone ...> [pid 359] close(3) = 0 [pid 359] rmdir("./21") = 0 [pid 359] mkdir("./22", 0777) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 357] <... restart_syscall resumed>) = 0 [pid 357] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 357] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./20/binderfs") = 0 [ 35.381194][ T1013] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 357] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1029] <... openat resumed>) = 4 [pid 359] <... openat resumed>) = 3 [pid 1029] ioctl(4, LOOP_SET_FD, 3 [pid 359] ioctl(3, LOOP_CLR_FD [pid 1029] <... ioctl resumed>) = 0 [pid 362] <... umount2 resumed>) = 0 [pid 358] <... umount2 resumed>) = 0 [pid 1029] close(3 [pid 362] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1029] <... close resumed>) = 0 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1029] close(4 [pid 362] newfstatat(AT_FDCWD, "./21/file0", [pid 358] newfstatat(AT_FDCWD, "./21/file0", [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 358] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 362] <... openat resumed>) = 4 [pid 358] <... openat resumed>) = 4 [pid 362] newfstatat(4, "", [pid 358] newfstatat(4, "", [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(4, [pid 358] getdents64(4, [pid 362] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 358] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 362] getdents64(4, [pid 358] getdents64(4, [pid 362] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 358] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 362] close(4 [pid 358] close(4 [pid 362] <... close resumed>) = 0 [pid 358] <... close resumed>) = 0 [pid 362] rmdir("./21/file0" [pid 358] rmdir("./21/file0" [pid 362] <... rmdir resumed>) = 0 [pid 358] <... rmdir resumed>) = 0 [pid 362] getdents64(3, [pid 358] getdents64(3, [pid 362] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 362] close(3 [pid 358] close(3 [pid 362] <... close resumed>) = 0 [pid 358] <... close resumed>) = 0 [pid 362] rmdir("./21" [pid 358] rmdir("./21" [pid 362] <... rmdir resumed>) = 0 [pid 358] <... rmdir resumed>) = 0 [pid 362] mkdir("./22", 0777 [pid 358] mkdir("./22", 0777 [pid 362] <... mkdir resumed>) = 0 [pid 358] <... mkdir resumed>) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1029] <... close resumed>) = 0 [pid 1029] mkdir("./file0", 0777 [pid 359] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1029] <... mkdir resumed>) = 0 [pid 362] <... openat resumed>) = 3 [pid 358] <... openat resumed>) = 3 [pid 357] <... umount2 resumed>) = 0 [pid 362] ioctl(3, LOOP_CLR_FD [pid 359] close(3 [pid 358] ioctl(3, LOOP_CLR_FD [pid 1029] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 357] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 357] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 357] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] close(4) = 0 [pid 357] rmdir("./20/file0") = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] close(3) = 0 [pid 357] rmdir("./20") = 0 [pid 357] mkdir("./21", 0777) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 359] <... close resumed>) = 0 [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 358] close(3) = 0 [pid 359] <... clone resumed>, child_tidptr=0x5555893a0690) = 1032 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 1033 [pid 357] <... openat resumed>) = 3 [pid 357] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 357] close(3) = 0 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 1034 ./strace-static-x86_64: Process 1033 attached [pid 1033] set_robust_list(0x5555893a06a0, 24) = 0 [pid 1033] chdir("./22") = 0 [pid 1033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 362] close(3 [pid 1033] setpgid(0, 0 [pid 362] <... close resumed>) = 0 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1033] <... setpgid resumed>) = 0 [pid 1033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 1035 ./strace-static-x86_64: Process 1034 attached [pid 1034] set_robust_list(0x5555893a06a0, 24) = 0 [pid 1033] write(3, "1000", 4 [pid 1034] chdir("./21" [pid 1033] <... write resumed>) = 4 [pid 1033] close(3) = 0 [pid 1033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1034] <... chdir resumed>) = 0 [pid 1034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1034] setpgid(0, 0) = 0 [pid 1034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 1034] write(3, "1000", 4 [pid 1033] write(1, "executing program\n", 18) = 18 [pid 1034] <... write resumed>) = 4 [pid 1033] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1034] close(3) = 0 [pid 1034] symlink("/dev/binderfs", "./binderfs" [pid 1033] <... futex resumed>) = 0 [pid 1034] <... symlink resumed>) = 0 [pid 1033] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1033] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1033] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1033] rt_sigprocmask(SIG_BLOCK, ~[], executing program [pid 1034] write(1, "executing program\n", 18) = 18 [pid 1034] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1033] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 1034] <... futex resumed>) = 0 [pid 1034] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1033] <... clone3 resumed> => {parent_tid=[1036]}, 88) = 1036 [pid 1034] <... mmap resumed>) = 0x7faaf7ae1000 [pid 1033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1034] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 1033] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1034] <... mprotect resumed>) = 0 [pid 1033] <... futex resumed>) = 0 [pid 1033] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[1037]}, 88) = 1037 [pid 1034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1034] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1034] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1035 attached ./strace-static-x86_64: Process 1036 attached ./strace-static-x86_64: Process 1032 attached [pid 1035] set_robust_list(0x5555893a06a0, 24) = 0 [pid 1032] set_robust_list(0x5555893a06a0, 24 [pid 1036] set_robust_list(0x7faaf7b019a0, 24 [pid 1032] <... set_robust_list resumed>) = 0 [pid 1036] <... set_robust_list resumed>) = 0 [pid 1036] rt_sigprocmask(SIG_SETMASK, [], [pid 1032] chdir("./22" [pid 1035] chdir("./22") = 0 [pid 1035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1035] setpgid(0, 0) = 0 [pid 1035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1035] write(3, "1000", 4) = 4 [pid 1035] close(3) = 0 [pid 1035] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1035] write(1, "executing program\n", 18executing program ) = 18 [pid 1035] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1035] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1035] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1035] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1035] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1035] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[1039]}, 88) = 1039 [pid 1035] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1035] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1035] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1037 attached [pid 1037] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 1037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1037] memfd_create("syzkaller", 0) = 3 [pid 1037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 1032] <... chdir resumed>) = 0 [pid 1036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1032] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1036] memfd_create("syzkaller", 0 [pid 1032] <... prctl resumed>) = 0 [pid 1036] <... memfd_create resumed>) = 3 [pid 1032] setpgid(0, 0 [pid 1036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1032] <... setpgid resumed>) = 0 [pid 1036] <... mmap resumed>) = 0x7faaef6e1000 [pid 1032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 1039 attached [pid 1039] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 1039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 1032] <... openat resumed>) = 3 [pid 1032] write(3, "1000", 4) = 4 [pid 1032] close(3) = 0 [pid 1032] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1032] write(1, "executing program\n", 18executing program ) = 18 [pid 1032] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1032] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1032] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1032] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1032] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[1041]}, 88) = 1041 [pid 1032] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1032] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1032] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1039] memfd_create("syzkaller", 0) = 3 [pid 1039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 1039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 1036] <... write resumed>) = 1048576 ./strace-static-x86_64: Process 1041 attached [pid 1036] munmap(0x7faaef6e1000, 138412032 [pid 1037] <... write resumed>) = 1048576 [pid 1037] munmap(0x7faaef6e1000, 138412032) = 0 [pid 1037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1037] ioctl(4, LOOP_SET_FD, 3 [pid 1039] <... write resumed>) = 1048576 [pid 1039] munmap(0x7faaef6e1000, 138412032) = 0 [pid 1039] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1037] <... ioctl resumed>) = 0 [pid 1037] close(3) = 0 [pid 1037] close(4 [pid 1041] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 1041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1041] memfd_create("syzkaller", 0) = 3 [pid 1041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 1036] <... munmap resumed>) = 0 [pid 1036] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1029] <... mount resumed>) = 0 [pid 1029] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 1041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 1029] <... openat resumed>) = 3 [pid 1029] chdir("./file0") = 0 [pid 1029] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1041] <... write resumed>) = 1048576 [pid 1041] munmap(0x7faaef6e1000, 138412032) = 0 [pid 1041] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1039] <... openat resumed>) = 4 [pid 1037] <... close resumed>) = 0 [pid 1039] ioctl(4, LOOP_SET_FD, 3 [pid 1037] mkdir("./file0", 0777) = 0 [ 35.681821][ T1029] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 1037] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1036] <... openat resumed>) = 4 [pid 1029] <... openat resumed>) = 4 [pid 1029] ioctl(4, LOOP_CLR_FD) = 0 [pid 1029] close(4 [pid 1041] <... openat resumed>) = 4 [pid 1039] <... ioctl resumed>) = 0 [pid 1036] ioctl(4, LOOP_SET_FD, 3 [pid 1029] <... close resumed>) = 0 [pid 1041] ioctl(4, LOOP_SET_FD, 3 [pid 1039] close(3) = 0 [pid 1036] <... ioctl resumed>) = 0 [pid 1041] <... ioctl resumed>) = 0 [pid 1039] close(4 [pid 1029] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1036] close(3) = 0 [pid 1036] close(4) = 0 [pid 1036] mkdir("./file0", 0777 [pid 1041] close(3 [pid 1036] <... mkdir resumed>) = 0 [pid 1029] <... futex resumed>) = 1 [pid 1027] <... futex resumed>) = 0 [pid 1041] <... close resumed>) = 0 [pid 1036] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1041] close(4 [pid 1029] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1027] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1037] <... mount resumed>) = 0 [pid 1037] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1037] chdir("./file0" [pid 1027] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1037] <... chdir resumed>) = 0 [pid 1037] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1029] <... openat resumed>) = 4 [pid 1029] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1027] <... futex resumed>) = 0 [pid 1027] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1027] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 1027] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1027] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1029] write(4, "0x0000000000000000", 18 [pid 1027] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0}./strace-static-x86_64: Process 1048 attached => {parent_tid=[1048]}, 88) = 1048 [pid 1029] <... write resumed>) = 18 [pid 1027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1027] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1027] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1048] set_robust_list(0x7faaf7ae09a0, 24 [pid 1029] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1048] <... set_robust_list resumed>) = 0 [pid 1029] <... futex resumed>) = 0 [pid 1048] rt_sigprocmask(SIG_SETMASK, [], [pid 1029] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1048] write(4, "0x0000000000000000", 18) = 18 [pid 1048] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1027] <... futex resumed>) = 0 [pid 1027] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1029] <... futex resumed>) = 0 [pid 1027] <... futex resumed>) = 1 [pid 1029] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1027] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1048] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1029] <... mmap resumed>) = 0x20000000 [pid 1029] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1027] <... futex resumed>) = 0 [pid 1029] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1027] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1027] <... futex resumed>) = 0 [pid 1027] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1048] <... futex resumed>) = ? [pid 1027] <... futex resumed>) = ? [pid 1048] +++ killed by SIGBUS +++ [pid 1029] +++ killed by SIGBUS +++ [pid 1027] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1027, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 360] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 360] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 360] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./22/binderfs") = 0 [pid 360] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1039] <... close resumed>) = 0 [pid 1039] mkdir("./file0", 0777) = 0 [ 35.784305][ T1037] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 35.803970][ T1029] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 1039] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1036] <... mount resumed>) = 0 [pid 1036] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1036] chdir("./file0") = 0 [ 35.859168][ T1036] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 1036] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1041] <... close resumed>) = 0 [pid 1037] <... openat resumed>) = 4 [pid 1041] mkdir("./file0", 0777 [pid 1037] ioctl(4, LOOP_CLR_FD [pid 1041] <... mkdir resumed>) = 0 [pid 1041] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1036] <... openat resumed>) = 4 [pid 1036] ioctl(4, LOOP_CLR_FD) = 0 [pid 1036] close(4) = 0 [pid 1036] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1033] <... futex resumed>) = 0 [pid 1033] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1033] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1036] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 1036] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1033] <... futex resumed>) = 0 [pid 1033] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1033] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 1033] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0}./strace-static-x86_64: Process 1052 attached [pid 1052] set_robust_list(0x7faaf7ae09a0, 24 [pid 1033] <... clone3 resumed> => {parent_tid=[1052]}, 88) = 1052 [pid 1052] <... set_robust_list resumed>) = 0 [pid 1033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1033] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1033] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1036] write(4, "0x0000000000000000", 18 [pid 1052] write(4, "0x0000000000000000", 18) = 18 [pid 1052] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1036] <... write resumed>) = 18 [pid 1052] <... futex resumed>) = 1 [pid 1033] <... futex resumed>) = 0 [pid 1036] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1052] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1036] <... futex resumed>) = 0 [pid 1033] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1036] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1033] <... futex resumed>) = 0 [pid 1033] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1036] <... mmap resumed>) = 0x20000000 [pid 1036] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1033] <... futex resumed>) = 0 [pid 1033] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1036] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1033] <... futex resumed>) = 0 [pid 1033] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 1052] <... futex resumed>) = ? [pid 1052] +++ killed by SIGBUS +++ [pid 1036] +++ killed by SIGBUS +++ [pid 1033] +++ killed by SIGBUS +++ [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1033, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 358] restart_syscall(<... resuming interrupted clone ...> [pid 1037] <... ioctl resumed>) = 0 [pid 1037] close(4) = 0 [pid 1037] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1039] <... mount resumed>) = 0 [pid 1037] <... futex resumed>) = 1 [pid 1034] <... futex resumed>) = 0 [pid 1034] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1037] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1034] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1039] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 1037] <... openat resumed>) = 4 [pid 1039] <... openat resumed>) = 3 [pid 1037] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... umount2 resumed>) = 0 [pid 1039] chdir("./file0" [pid 1037] <... futex resumed>) = 1 [pid 1034] <... futex resumed>) = 0 [pid 358] <... restart_syscall resumed>) = 0 [pid 1034] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1037] write(4, "0x0000000000000000", 18 [pid 1034] <... futex resumed>) = 0 [pid 1034] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1034] <... futex resumed>) = 0 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 358] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1034] <... mmap resumed>) = 0x7faaf7ac0000 [pid 358] <... openat resumed>) = 3 [pid 1034] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 358] newfstatat(3, "", [pid 1034] <... mprotect resumed>) = 0 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1034] rt_sigprocmask(SIG_BLOCK, ~[], [pid 358] getdents64(3, [pid 1034] <... rt_sigprocmask resumed>[], 8) = 0 [pid 358] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 1034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 358] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1034] <... clone3 resumed> => {parent_tid=[1056]}, 88) = 1056 [pid 358] newfstatat(AT_FDCWD, "./22/binderfs", [pid 1034] rt_sigprocmask(SIG_SETMASK, [], [pid 358] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 358] unlink("./22/binderfs" [pid 1034] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... unlink resumed>) = 0 [pid 1034] <... futex resumed>) = 0 [pid 358] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1034] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1037] <... write resumed>) = 18 [pid 1037] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1037] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 360] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1039] <... chdir resumed>) = 0 [pid 360] newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 360] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 360] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] close(4) = 0 [pid 360] rmdir("./22/file0") = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] close(3) = 0 [pid 360] rmdir("./22"./strace-static-x86_64: Process 1056 attached [pid 1039] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 360] <... rmdir resumed>) = 0 [pid 1056] set_robust_list(0x7faaf7ae09a0, 24 [pid 360] mkdir("./23", 0777 [pid 1056] <... set_robust_list resumed>) = 0 [pid 360] <... mkdir resumed>) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1056] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 35.998779][ T1036] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 35.999194][ T1039] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 1056] write(4, "0x0000000000000000", 18) = 18 [pid 1056] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1056] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1034] <... futex resumed>) = 0 [pid 1034] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1037] <... futex resumed>) = 0 [pid 1034] <... futex resumed>) = 1 [pid 1037] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1034] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1037] <... mmap resumed>) = 0x20000000 [pid 1037] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1034] <... futex resumed>) = 0 [pid 1041] <... mount resumed>) = 0 [pid 1034] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1041] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1041] chdir("./file0") = 0 [pid 1041] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1034] <... futex resumed>) = 0 [pid 1034] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1037] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1056] <... futex resumed>) = ? [pid 1034] <... futex resumed>) = ? [pid 1056] +++ killed by SIGBUS +++ [pid 1037] +++ killed by SIGBUS +++ [pid 1034] +++ killed by SIGBUS +++ [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1034, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 357] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 357] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 357] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./21/binderfs") = 0 [pid 1039] <... openat resumed>) = 4 [pid 360] <... openat resumed>) = 3 [pid 1039] ioctl(4, LOOP_CLR_FD [pid 360] ioctl(3, LOOP_CLR_FD [pid 1039] <... ioctl resumed>) = 0 [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1039] close(4 [pid 360] close(3 [pid 1039] <... close resumed>) = 0 [pid 360] <... close resumed>) = 0 [pid 358] <... umount2 resumed>) = 0 [pid 1039] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1039] <... futex resumed>) = 1 [pid 1035] <... futex resumed>) = 0 [pid 1039] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1035] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 1058 [pid 1039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1035] <... futex resumed>) = 0 [pid 1039] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1035] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1039] <... openat resumed>) = 4 [pid 358] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1039] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1039] <... futex resumed>) = 1 [pid 1035] <... futex resumed>) = 0 [pid 1039] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1035] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1035] <... futex resumed>) = 0 [pid 1039] write(4, "0x0000000000000000", 18 [pid 1035] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1039] <... write resumed>) = 18 [pid 1035] <... futex resumed>) = 0 [pid 1039] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1039] <... futex resumed>) = 0 [pid 1035] <... mmap resumed>) = 0x7faaf7ac0000 [pid 1039] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1035] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1035] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1035] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[1059]}, 88) = 1059 [pid 1035] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1035] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1035] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1041] <... openat resumed>) = 4 [pid 1041] ioctl(4, LOOP_CLR_FD) = 0 [pid 1041] close(4) = 0 [pid 1041] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1032] <... futex resumed>) = 0 [pid 1041] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1032] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1041] <... futex resumed>) = 0 [pid 1041] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1032] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] newfstatat(AT_FDCWD, "./22/file0", [pid 1041] <... openat resumed>) = 4 [pid 1041] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1032] <... futex resumed>) = 0 [pid 1032] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1032] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 1032] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1032] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[1060]}, 88) = 1060 [pid 1032] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1032] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1032] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1041] <... futex resumed>) = 1 [pid 1041] write(4, "0x0000000000000000", 18) = 18 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1041] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 1060 attached ./strace-static-x86_64: Process 1058 attached [pid 358] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1060] set_robust_list(0x7faaf7ae09a0, 24 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1060] <... set_robust_list resumed>) = 0 [pid 1058] set_robust_list(0x5555893a06a0, 24 [pid 358] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1060] rt_sigprocmask(SIG_SETMASK, [], [pid 1058] <... set_robust_list resumed>) = 0 [pid 1060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 358] <... openat resumed>) = 4 [pid 1041] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 358] newfstatat(4, "", [pid 1060] write(4, "0x0000000000000000", 18 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1060] <... write resumed>) = 18 [pid 1058] chdir("./23" [pid 358] getdents64(4, [pid 1060] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1059 attached [pid 1059] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 1059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 358] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 1060] <... futex resumed>) = 1 [pid 1058] <... chdir resumed>) = 0 [pid 1032] <... futex resumed>) = 0 [pid 1032] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] getdents64(4, [pid 1032] <... futex resumed>) = 1 [pid 1032] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 1060] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1058] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1041] <... futex resumed>) = 0 [pid 358] close(4 [pid 1058] <... prctl resumed>) = 0 [pid 1041] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 358] <... close resumed>) = 0 [pid 1058] setpgid(0, 0 [pid 1041] <... mmap resumed>) = 0x20000000 [pid 358] rmdir("./22/file0" [pid 1058] <... setpgid resumed>) = 0 [pid 1041] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1032] <... futex resumed>) = 0 [pid 1032] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1032] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1041] <... futex resumed>) = 1 [ 36.040428][ T1041] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 36.044821][ T1037] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 1058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 358] <... rmdir resumed>) = 0 [pid 1059] write(4, "0x0000000000000000", 18 [pid 358] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] close(3 [pid 1058] <... openat resumed>) = 3 [pid 358] <... close resumed>) = 0 [pid 1058] write(3, "1000", 4 [pid 358] rmdir("./22" [pid 1041] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1032] <... futex resumed>) = ? [pid 1059] <... write resumed>) = 18 [pid 1060] <... futex resumed>) = ? [pid 358] <... rmdir resumed>) = 0 [pid 1059] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] mkdir("./23", 0777 [pid 1058] <... write resumed>) = 4 [pid 1035] <... futex resumed>) = 0 [pid 1035] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1039] <... futex resumed>) = 0 [pid 1035] <... futex resumed>) = 1 [pid 1039] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1035] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1058] close(3 [pid 1039] <... mmap resumed>) = 0x20000000 [pid 358] <... mkdir resumed>) = 0 [pid 1039] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1058] <... close resumed>) = 0 [pid 1039] <... futex resumed>) = 1 [pid 1035] <... futex resumed>) = 0 [pid 1058] symlink("/dev/binderfs", "./binderfs"executing program [pid 1060] +++ killed by SIGBUS +++ [pid 1059] <... futex resumed>) = 1 [pid 1058] <... symlink resumed>) = 0 [pid 1035] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1058] write(1, "executing program\n", 18) = 18 [pid 1058] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1058] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1058] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[1061]}, 88) = 1061 [pid 1058] rt_sigprocmask(SIG_SETMASK, [], [pid 1041] +++ killed by SIGBUS +++ [pid 1058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1058] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1059] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1032] +++ killed by SIGBUS +++ [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1032, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 359] restart_syscall(<... resuming interrupted clone ...> [pid 1035] <... futex resumed>) = 0 [pid 1035] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1061 attached [pid 1061] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 1061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1061] memfd_create("syzkaller", 0) = 3 [pid 1061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 359] <... restart_syscall resumed>) = 0 [pid 359] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 359] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./22/binderfs") = 0 [pid 359] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 1039] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1061] <... write resumed>) = 1048576 [pid 1059] <... futex resumed>) = ? [pid 1035] <... futex resumed>) = ? [pid 1061] munmap(0x7faaef6e1000, 138412032 [pid 1059] +++ killed by SIGBUS +++ [pid 1061] <... munmap resumed>) = 0 [pid 1061] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1039] +++ killed by SIGBUS +++ [pid 1035] +++ killed by SIGBUS +++ [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1035, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 362] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 362] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./22/binderfs") = 0 [pid 362] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] <... openat resumed>) = 3 [pid 358] ioctl(3, LOOP_CLR_FD [pid 357] <... umount2 resumed>) = 0 [pid 357] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 357] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 357] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] close(4) = 0 [pid 357] rmdir("./21/file0") = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] close(3) = 0 [pid 357] rmdir("./21") = 0 [pid 357] mkdir("./22", 0777) = 0 [ 36.098100][ T1041] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 36.114254][ T1039] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 358] close(3) = 0 [pid 357] <... openat resumed>) = 3 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 1062 ./strace-static-x86_64: Process 1062 attached [pid 1061] <... openat resumed>) = 4 [pid 359] <... umount2 resumed>) = 0 [pid 357] ioctl(3, LOOP_CLR_FD [pid 359] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 359] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 359] close(4) = 0 [pid 359] rmdir("./22/file0") = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] close(3) = 0 [pid 359] rmdir("./22") = 0 [pid 359] mkdir("./23", 0777 [pid 1062] set_robust_list(0x5555893a06a0, 24 [pid 1061] ioctl(4, LOOP_SET_FD, 3 [pid 362] <... umount2 resumed>) = 0 [pid 359] <... mkdir resumed>) = 0 [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 359] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 359] close(3 [pid 1062] <... set_robust_list resumed>) = 0 [pid 1061] <... ioctl resumed>) = 0 [pid 362] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] <... close resumed>) = 0 [pid 357] close(3 [pid 1062] chdir("./23" [pid 1061] close(3 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] <... close resumed>) = 0 [pid 1062] <... chdir resumed>) = 0 [pid 1061] <... close resumed>) = 0 [pid 362] newfstatat(AT_FDCWD, "./22/file0", [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1062] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1061] close(4 [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1062] <... prctl resumed>) = 0 [pid 1061] <... close resumed>) = 0 [pid 362] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] <... clone resumed>, child_tidptr=0x5555893a0690) = 1064 [pid 1062] setpgid(0, 0 [pid 1061] mkdir("./file0", 0777 [pid 362] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1062] <... setpgid resumed>) = 0 [pid 1061] <... mkdir resumed>) = 0 [pid 362] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1061] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 362] <... openat resumed>) = 4 [pid 1062] <... openat resumed>) = 3 [pid 362] newfstatat(4, "", [pid 359] <... clone resumed>, child_tidptr=0x5555893a0690) = 1065 ./strace-static-x86_64: Process 1065 attached ./strace-static-x86_64: Process 1064 attached [pid 1062] write(3, "1000", 4 [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1065] set_robust_list(0x5555893a06a0, 24 [pid 1064] set_robust_list(0x5555893a06a0, 24 [pid 1062] <... write resumed>) = 4 [pid 362] getdents64(4, [pid 1065] <... set_robust_list resumed>) = 0 [pid 1064] <... set_robust_list resumed>) = 0 [pid 1065] chdir("./23" [pid 1064] chdir("./22" [pid 1062] close(3 [pid 1061] <... mount resumed>) = 0 [pid 362] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 1065] <... chdir resumed>) = 0 [pid 1064] <... chdir resumed>) = 0 [pid 1062] <... close resumed>) = 0 [pid 1065] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1064] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 362] getdents64(4, [pid 1065] <... prctl resumed>) = 0 [pid 1064] <... prctl resumed>) = 0 [pid 1065] setpgid(0, 0 [pid 1064] setpgid(0, 0 [pid 1065] <... setpgid resumed>) = 0 [pid 1064] <... setpgid resumed>) = 0 [pid 1065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1062] symlink("/dev/binderfs", "./binderfs" [pid 1061] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 362] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 1065] <... openat resumed>) = 3 [pid 1064] <... openat resumed>) = 3 [pid 1065] write(3, "1000", 4 [pid 1064] write(3, "1000", 4 [pid 362] close(4 [pid 1065] <... write resumed>) = 4 [pid 1064] <... write resumed>) = 4 [pid 1062] <... symlink resumed>) = 0 [pid 1065] close(3 [pid 1064] close(3 [pid 1065] <... close resumed>) = 0 [pid 1064] <... close resumed>) = 0 [pid 1065] symlink("/dev/binderfs", "./binderfs" [pid 1064] symlink("/dev/binderfs", "./binderfs" [pid 1065] <... symlink resumed>) = 0 [pid 1064] <... symlink resumed>) = 0 [pid 1062] write(1, "executing program\n", 18 [pid 1061] <... openat resumed>) = 3 executing program executing program [pid 362] <... close resumed>) = 0 [pid 1065] write(1, "executing program\n", 18 [pid 1064] write(1, "executing program\n", 18executing program [pid 1062] <... write resumed>) = 18 [pid 362] rmdir("./22/file0" [pid 1065] <... write resumed>) = 18 [pid 1064] <... write resumed>) = 18 [pid 1062] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1065] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1064] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1065] <... futex resumed>) = 0 [pid 1064] <... futex resumed>) = 0 [pid 1065] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 1064] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 1062] <... futex resumed>) = 0 [pid 362] <... rmdir resumed>) = 0 [pid 1065] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1064] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1065] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1064] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1062] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 1065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1062] <... rt_sigaction resumed>NULL, 8) = 0 [pid 362] getdents64(3, [pid 1065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1062] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1065] <... mmap resumed>) = 0x7faaf7ae1000 [pid 1064] <... mmap resumed>) = 0x7faaf7ae1000 [pid 362] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 1065] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 1064] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 1062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 362] close(3 [pid 1065] <... mprotect resumed>) = 0 [pid 1064] <... mprotect resumed>) = 0 [pid 1062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1065] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1064] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1061] chdir("./file0" [pid 362] <... close resumed>) = 0 [pid 1065] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1064] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1062] <... mmap resumed>) = 0x7faaf7ae1000 [pid 1065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 1064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 1062] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 362] rmdir("./22"./strace-static-x86_64: Process 1068 attached [pid 1061] <... chdir resumed>) = 0 [pid 1065] <... clone3 resumed> => {parent_tid=[1068]}, 88) = 1068 [pid 1064] <... clone3 resumed> => {parent_tid=[1069]}, 88) = 1069 [pid 1065] rt_sigprocmask(SIG_SETMASK, [], [pid 1064] rt_sigprocmask(SIG_SETMASK, [], [pid 1062] <... mprotect resumed>) = 0 [pid 1065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 362] <... rmdir resumed>) = 0 [pid 1065] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1064] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1065] <... futex resumed>) = 0 [pid 1064] <... futex resumed>) = 0 [pid 1065] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1064] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1062] rt_sigprocmask(SIG_BLOCK, ~[], [pid 362] mkdir("./23", 0777./strace-static-x86_64: Process 1069 attached [pid 1069] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 1062] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1069] memfd_create("syzkaller", 0 [pid 1062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 1061] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 362] <... mkdir resumed>) = 0 [pid 1062] <... clone3 resumed> => {parent_tid=[1070]}, 88) = 1070 [pid 1061] <... openat resumed>) = 4 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1062] rt_sigprocmask(SIG_SETMASK, [], [pid 1061] ioctl(4, LOOP_CLR_FD [pid 1062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 362] <... openat resumed>) = 3 [pid 1062] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1061] <... ioctl resumed>) = 0 [pid 1062] <... futex resumed>) = 0 [pid 362] ioctl(3, LOOP_CLR_FD [pid 1062] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1061] close(4 [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1069] <... memfd_create resumed>) = 3 [pid 1069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 1061] <... close resumed>) = 0 [pid 362] close(3 [pid 1061] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... close resumed>) = 0 [pid 1069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 1070 attached [pid 1070] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 1070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1070] memfd_create("syzkaller", 0) = 3 [pid 1070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1061] <... futex resumed>) = 1 [pid 1058] <... futex resumed>) = 0 [pid 1058] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1061] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 1071 [pid 1061] <... openat resumed>) = 4 [pid 1061] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1058] <... futex resumed>) = 0 [pid 1058] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 1058] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 1071 attached [pid 1068] set_robust_list(0x7faaf7b019a0, 24 [pid 1061] write(4, "0x0000000000000000", 18 [pid 1058] <... mprotect resumed>) = 0 [pid 1058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1068] <... set_robust_list resumed>) = 0 [pid 1061] <... write resumed>) = 18 [pid 1058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[1072]}, 88) = 1072 [pid 1071] set_robust_list(0x5555893a06a0, 24 [pid 1068] rt_sigprocmask(SIG_SETMASK, [], [pid 1061] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] rt_sigprocmask(SIG_SETMASK, [], [pid 1061] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1058] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1071] <... set_robust_list resumed>) = 0 [pid 1068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1071] chdir("./23" [pid 1068] memfd_create("syzkaller", 0 [pid 1071] <... chdir resumed>) = 0 [pid 1068] <... memfd_create resumed>) = 3 [pid 1068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1068] <... mmap resumed>) = 0x7faaef6e1000 [pid 1069] <... write resumed>) = 1048576 [pid 1070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 1068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 1071] setpgid(0, 0 [pid 1069] munmap(0x7faaef6e1000, 138412032 [pid 1071] <... setpgid resumed>) = 0 [pid 1069] <... munmap resumed>) = 0 [pid 1071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1069] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1071] write(3, "1000", 4 [pid 1069] <... openat resumed>) = 4 [pid 1069] ioctl(4, LOOP_SET_FD, 3 [pid 1071] <... write resumed>) = 4 [pid 1071] close(3) = 0 [pid 1071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1071] write(1, "executing program\n", 18executing program ) = 18 [pid 1071] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1072 attached [pid 1072] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 1072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 36.259865][ T1061] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 1071] <... futex resumed>) = 0 [pid 1072] write(4, "0x0000000000000000", 18) = 18 [pid 1072] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1058] <... futex resumed>) = 0 [pid 1058] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1061] <... futex resumed>) = 0 [pid 1058] <... futex resumed>) = 1 [pid 1061] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1058] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1061] <... mmap resumed>) = 0x20000000 [pid 1061] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1058] <... futex resumed>) = 0 [pid 1071] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 1069] <... ioctl resumed>) = 0 [pid 1068] <... write resumed>) = 1048576 [pid 1058] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1071] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1071] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1071] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1071] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[1074]}, 88) = 1074 [pid 1071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1071] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1071] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1069] close(3) = 0 [pid 1069] close(4./strace-static-x86_64: Process 1074 attached [pid 1072] <... futex resumed>) = 1 [pid 1061] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1058] <... futex resumed>) = 0 [pid 1074] set_robust_list(0x7faaf7b019a0, 24 [pid 1072] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1058] ????( [pid 1074] <... set_robust_list resumed>) = 0 [pid 1072] <... futex resumed>) = ? [pid 1058] <... ???? resumed>) = ? [pid 1074] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1074] memfd_create("syzkaller", 0 [pid 1072] +++ killed by SIGBUS +++ [pid 1070] <... write resumed>) = 1048576 [pid 1069] <... close resumed>) = 0 [pid 1068] munmap(0x7faaef6e1000, 138412032 [pid 1074] <... memfd_create resumed>) = 3 [pid 1074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 1070] munmap(0x7faaef6e1000, 138412032) = 0 [pid 1074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 1070] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1069] mkdir("./file0", 0777 [pid 1061] +++ killed by SIGBUS +++ [pid 1058] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1058, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 360] restart_syscall(<... resuming interrupted clone ...> [pid 1069] <... mkdir resumed>) = 0 [pid 1069] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1068] <... munmap resumed>) = 0 [pid 1068] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 360] <... restart_syscall resumed>) = 0 [pid 360] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 360] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, [pid 1074] <... write resumed>) = 1048576 [pid 1074] munmap(0x7faaef6e1000, 138412032 [pid 360] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1074] <... munmap resumed>) = 0 [pid 360] newfstatat(AT_FDCWD, "./23/binderfs", [pid 1074] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 360] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./23/binderfs") = 0 [pid 360] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1070] <... openat resumed>) = 4 [pid 1070] ioctl(4, LOOP_SET_FD, 3 [pid 1068] <... openat resumed>) = 4 [pid 1068] ioctl(4, LOOP_SET_FD, 3 [pid 1074] <... openat resumed>) = 4 [pid 1070] <... ioctl resumed>) = 0 [pid 1074] ioctl(4, LOOP_SET_FD, 3 [pid 1070] close(3) = 0 [ 36.306589][ T1061] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 1070] close(4 [pid 1069] <... mount resumed>) = 0 [pid 1069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1069] chdir("./file0") = 0 [pid 1069] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1068] <... ioctl resumed>) = 0 [pid 1074] <... ioctl resumed>) = 0 [pid 1069] <... openat resumed>) = 4 [pid 1069] ioctl(4, LOOP_CLR_FD) = 0 [pid 1069] close(4) = 0 [pid 1069] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1064] <... futex resumed>) = 0 [pid 1069] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1064] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1069] <... openat resumed>) = 4 [pid 1074] close(3) = 0 [pid 1074] close(4 [pid 1068] close(3) = 0 [pid 1069] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... umount2 resumed>) = 0 [pid 1069] <... futex resumed>) = 1 [pid 1064] <... futex resumed>) = 0 [pid 1064] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 1064] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 1069] write(4, "0x0000000000000000", 18 [pid 1068] close(4 [pid 360] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 1080 attached [pid 1069] <... write resumed>) = 18 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1064] <... clone3 resumed> => {parent_tid=[1080]}, 88) = 1080 [pid 1064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1069] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1080] set_robust_list(0x7faaf7ae09a0, 24 [pid 360] newfstatat(AT_FDCWD, "./23/file0", [pid 1069] <... futex resumed>) = 0 [pid 1064] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1080] <... set_robust_list resumed>) = 0 [pid 1069] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1080] rt_sigprocmask(SIG_SETMASK, [], [pid 360] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1080] write(4, "0x0000000000000000", 18 [pid 360] <... openat resumed>) = 4 [pid 360] newfstatat(4, "", [pid 1080] <... write resumed>) = 18 [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1080] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] getdents64(4, [pid 1080] <... futex resumed>) = 1 [pid 1064] <... futex resumed>) = 0 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 1064] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1069] <... futex resumed>) = 0 [pid 1064] <... futex resumed>) = 1 [pid 1069] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1080] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1069] <... mmap resumed>) = 0x20000000 [pid 1064] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] getdents64(4, [pid 1069] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1069] <... futex resumed>) = 0 [ 36.368942][ T1069] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 1064] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] close(4) = 0 [pid 360] rmdir("./23/file0") = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 360] close(3) = 0 [pid 360] rmdir("./23") = 0 [pid 360] mkdir("./24", 0777) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1064] <... futex resumed>) = 0 [pid 1064] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1069] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1064] <... futex resumed>) = ? [pid 1080] <... futex resumed>) = ? [pid 1069] +++ killed by SIGBUS +++ [pid 1080] +++ killed by SIGBUS +++ [pid 1064] +++ killed by SIGBUS +++ [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1064, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 357] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 357] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 357] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./22/binderfs") = 0 [pid 357] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1074] <... close resumed>) = 0 [pid 1070] <... close resumed>) = 0 [pid 1074] mkdir("./file0", 0777) = 0 [pid 1074] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1070] mkdir("./file0", 0777) = 0 [ 36.410331][ T1069] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 1070] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1068] <... close resumed>) = 0 [pid 360] <... openat resumed>) = 3 [pid 1068] mkdir("./file0", 0777 [pid 360] ioctl(3, LOOP_CLR_FD [pid 1068] <... mkdir resumed>) = 0 [pid 1068] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 360] close(3) = 0 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 1081 [pid 357] <... umount2 resumed>) = 0 [pid 357] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1070] <... mount resumed>) = 0 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 357] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(4, [pid 1070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 357] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 1081 attached [pid 357] getdents64(4, [pid 1070] <... openat resumed>) = 3 [pid 1070] chdir("./file0") = 0 [pid 1070] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1070] ioctl(4, LOOP_CLR_FD) = 0 [pid 1070] close(4) = 0 [pid 1070] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1062] <... futex resumed>) = 0 [pid 1062] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1062] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1070] <... futex resumed>) = 1 [pid 1070] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 1070] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1062] <... futex resumed>) = 0 [pid 1062] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1062] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 1062] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[1088]}, 88) = 1088 [pid 1062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1062] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1062] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1070] <... futex resumed>) = 1 [pid 1070] write(4, "0x0000000000000000", 18) = 18 [pid 1070] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1088 attached [pid 1088] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 1088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1088] write(4, "0x0000000000000000", 18) = 18 [pid 1088] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1062] <... futex resumed>) = 0 [pid 1062] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1062] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1070] <... futex resumed>) = 0 [pid 1070] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 1070] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1062] <... futex resumed>) = 0 [pid 1062] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1062] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1070] <... futex resumed>) = 1 [ 36.530471][ T1070] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 36.546169][ T1074] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 36.551723][ T1070] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 1088] <... futex resumed>) = 1 [pid 1081] set_robust_list(0x5555893a06a0, 24 [pid 1074] <... mount resumed>) = 0 [pid 1070] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 357] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 1088] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1081] <... set_robust_list resumed>) = 0 [pid 1074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 357] close(4 [pid 1081] chdir("./24" [pid 1074] <... openat resumed>) = 3 [pid 357] <... close resumed>) = 0 [pid 1081] <... chdir resumed>) = 0 [pid 1074] chdir("./file0" [pid 357] rmdir("./22/file0" [pid 1081] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1074] <... chdir resumed>) = 0 [pid 357] <... rmdir resumed>) = 0 [pid 1081] <... prctl resumed>) = 0 [pid 1074] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 357] getdents64(3, [pid 1081] setpgid(0, 0 [pid 1074] <... openat resumed>) = 4 [pid 357] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 1081] <... setpgid resumed>) = 0 [pid 1074] ioctl(4, LOOP_CLR_FD [pid 357] close(3 [pid 1081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1074] <... ioctl resumed>) = 0 [pid 357] <... close resumed>) = 0 [pid 1081] <... openat resumed>) = 3 [pid 1074] close(4 [pid 357] rmdir("./22"executing program [pid 1081] write(3, "1000", 4 [pid 1074] <... close resumed>) = 0 [pid 357] <... rmdir resumed>) = 0 [pid 1081] <... write resumed>) = 4 [pid 1074] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] mkdir("./23", 0777 [pid 1081] close(3 [pid 1074] <... futex resumed>) = 1 [pid 1071] <... futex resumed>) = 0 [pid 357] <... mkdir resumed>) = 0 [pid 1081] <... close resumed>) = 0 [pid 1074] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1081] symlink("/dev/binderfs", "./binderfs" [pid 357] <... openat resumed>) = 3 [pid 1081] <... symlink resumed>) = 0 [pid 357] ioctl(3, LOOP_CLR_FD [pid 1071] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1081] write(1, "executing program\n", 18 [pid 1074] <... futex resumed>) = 0 [pid 1071] <... futex resumed>) = 1 [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1081] <... write resumed>) = 18 [pid 1074] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 357] close(3 [pid 1081] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1074] <... openat resumed>) = 4 [pid 357] <... close resumed>) = 0 [pid 1081] <... futex resumed>) = 0 [pid 1074] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1081] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 1074] <... futex resumed>) = 0 [pid 1081] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1074] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1081] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1071] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... clone resumed>, child_tidptr=0x5555893a0690) = 1089 [pid 1081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1081] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1081] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1081] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1071] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[1090]}, 88) = 1090 [pid 1081] rt_sigprocmask(SIG_SETMASK, [], [pid 1071] <... futex resumed>) = 1 [pid 1081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1074] <... futex resumed>) = 0 [pid 1081] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1074] write(4, "0x0000000000000000", 18 [pid 1081] <... futex resumed>) = 0 [pid 1074] <... write resumed>) = 18 [pid 1071] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1081] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1074] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1074] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1090 attached ./strace-static-x86_64: Process 1089 attached [pid 1088] <... futex resumed>) = ? [pid 1071] <... futex resumed>) = 0 [pid 1068] <... mount resumed>) = 0 [pid 1062] <... futex resumed>) = ? [pid 1090] set_robust_list(0x7faaf7b019a0, 24 [pid 1088] +++ killed by SIGBUS +++ [pid 1071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 1089] set_robust_list(0x5555893a06a0, 24) = 0 [pid 1089] chdir("./23") = 0 [pid 1089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1089] setpgid(0, 0) = 0 [pid 1071] <... mmap resumed>) = 0x7faaf7ac0000 [pid 1089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1071] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 1090] <... set_robust_list resumed>) = 0 [pid 1089] write(3, "1000", 4 [pid 1090] rt_sigprocmask(SIG_SETMASK, [], [pid 1071] <... mprotect resumed>) = 0 [pid 1068] <... openat resumed>) = 3 [pid 1089] <... write resumed>) = 4 [pid 1089] close(3) = 0 [pid 1089] symlink("/dev/binderfs", "./binderfs" [pid 1071] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1068] chdir("./file0" [pid 1089] <... symlink resumed>) = 0 [pid 1089] write(1, "executing program\n", 18executing program ) = 18 [pid 1090] memfd_create("syzkaller", 0 [pid 1071] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1068] <... chdir resumed>) = 0 [pid 1089] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1089] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 1089] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1071] <... clone3 resumed> => {parent_tid=[1091]}, 88) = 1091 [pid 1089] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE [pid 1071] rt_sigprocmask(SIG_SETMASK, [], [pid 1089] <... mprotect resumed>) = 0 [pid 1071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1089] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1071] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1090] <... memfd_create resumed>) = 3 [pid 1071] <... futex resumed>) = 0 [pid 1089] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1071] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[1092]}, 88) = 1092 [pid 1090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1068] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1089] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1089] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1091 attached [pid 1091] set_robust_list(0x7faaf7ae09a0, 24 [pid 1070] +++ killed by SIGBUS +++ [pid 1062] +++ killed by SIGBUS +++ [pid 1090] <... mmap resumed>) = 0x7faaef6e1000 [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1062, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 358] restart_syscall(<... resuming interrupted clone ...> [pid 1091] <... set_robust_list resumed>) = 0 [pid 1091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 36.572229][ T1068] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 1091] write(4, "0x0000000000000000", 18) = 18 [pid 1091] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1071] <... futex resumed>) = 0 [pid 1071] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1074] <... futex resumed>) = 0 [pid 1071] <... futex resumed>) = 1 [pid 1074] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1071] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1074] <... mmap resumed>) = 0x20000000 [pid 1074] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1071] <... futex resumed>) = 0 [pid 1074] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1071] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1071] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1092 attached [pid 1091] <... futex resumed>) = 1 [pid 1090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 1068] <... openat resumed>) = 4 [pid 1068] ioctl(4, LOOP_CLR_FD) = 0 [pid 1068] close(4) = 0 [pid 1068] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1068] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1092] set_robust_list(0x7faaf7b019a0, 24 [pid 1071] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1065] <... futex resumed>) = 0 [pid 358] <... restart_syscall resumed>) = 0 [pid 1074] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1091] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1065] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1091] <... futex resumed>) = ? [pid 1071] <... futex resumed>) = ? [pid 1068] <... futex resumed>) = 0 [pid 1065] <... futex resumed>) = 1 [pid 1068] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1091] +++ killed by SIGBUS +++ [pid 1068] <... openat resumed>) = 4 [pid 1065] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1068] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1068] <... futex resumed>) = 0 [pid 1065] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1068] write(4, "0x0000000000000000", 18 [pid 1065] <... futex resumed>) = 0 [pid 358] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1068] <... write resumed>) = 18 [pid 1065] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... openat resumed>) = 3 [pid 1068] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1065] <... futex resumed>) = 0 [pid 358] newfstatat(3, "", [pid 1068] <... futex resumed>) = 0 [pid 1065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1068] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1065] <... mmap resumed>) = 0x7faaf7ac0000 [pid 1065] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 358] getdents64(3, [pid 1065] <... mprotect resumed>) = 0 [pid 1092] <... set_robust_list resumed>) = 0 [pid 358] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 1065] rt_sigprocmask(SIG_BLOCK, ~[], [pid 358] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1065] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./23/binderfs", [pid 1065] <... clone3 resumed> => {parent_tid=[1093]}, 88) = 1093 [pid 358] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1092] rt_sigprocmask(SIG_SETMASK, [], [pid 1074] +++ killed by SIGBUS +++ [pid 1071] +++ killed by SIGBUS +++ [pid 1065] rt_sigprocmask(SIG_SETMASK, [], [pid 358] unlink("./23/binderfs" [pid 1092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1071, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 1092] memfd_create("syzkaller", 0 [pid 1065] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] restart_syscall(<... resuming interrupted clone ...> [pid 358] <... unlink resumed>) = 0 [pid 1092] <... memfd_create resumed>) = 3 [pid 1065] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1093 attached [pid 1092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1090] <... write resumed>) = 1048576 [pid 1065] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1092] <... mmap resumed>) = 0x7faaef6e1000 [pid 1093] set_robust_list(0x7faaf7ae09a0, 24 [pid 1090] munmap(0x7faaef6e1000, 138412032 [pid 1093] <... set_robust_list resumed>) = 0 [pid 1090] <... munmap resumed>) = 0 [pid 1093] rt_sigprocmask(SIG_SETMASK, [], [pid 1090] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1090] <... openat resumed>) = 4 [pid 1093] write(4, "0x0000000000000000", 18 [pid 1090] ioctl(4, LOOP_SET_FD, 3 [pid 1093] <... write resumed>) = 18 [pid 1093] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1065] <... futex resumed>) = 0 [pid 1093] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1065] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1068] <... futex resumed>) = 0 [pid 1065] <... futex resumed>) = 1 [pid 1068] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1065] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1068] <... mmap resumed>) = 0x20000000 [pid 1068] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1065] <... futex resumed>) = 0 [pid 1068] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1065] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1065] <... futex resumed>) = 0 [pid 1065] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... restart_syscall resumed>) = 0 [pid 1090] <... ioctl resumed>) = 0 [pid 1090] close(3) = 0 [pid 1090] close(4 [pid 362] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1068] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 362] <... openat resumed>) = 3 [pid 362] newfstatat(3, "", [pid 1093] <... futex resumed>) = ? [pid 1065] <... futex resumed>) = ? [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1093] +++ killed by SIGBUS +++ [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./23/binderfs") = 0 [pid 362] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1068] +++ killed by SIGBUS +++ [pid 1065] +++ killed by SIGBUS +++ [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1065, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 359] restart_syscall(<... resuming interrupted clone ...> [pid 1092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1092] munmap(0x7faaef6e1000, 138412032) = 0 [pid 1092] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 359] <... restart_syscall resumed>) = 0 [pid 359] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 359] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./23/binderfs") = 0 [pid 359] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1090] <... close resumed>) = 0 [pid 1090] mkdir("./file0", 0777) = 0 [ 36.603881][ T1074] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 36.625986][ T1068] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 1090] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1092] <... openat resumed>) = 4 [pid 1092] ioctl(4, LOOP_SET_FD, 3 [pid 362] <... umount2 resumed>) = 0 [pid 362] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] <... umount2 resumed>) = 0 [pid 358] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 358] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 358] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 358] close(4) = 0 [pid 358] rmdir("./23/file0") = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] close(3) = 0 [pid 358] rmdir("./23") = 0 [pid 358] mkdir("./24", 0777) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 358] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 358] close(3 [pid 362] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 358] <... close resumed>) = 0 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 362] <... openat resumed>) = 4 [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 1097 [pid 362] newfstatat(4, "", [pid 359] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 1097 attached [pid 1097] set_robust_list(0x5555893a06a0, 24) = 0 [pid 1097] chdir("./24") = 0 [pid 1097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1097] setpgid(0, 0) = 0 [pid 1097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1097] write(3, "1000", 4) = 4 [pid 1097] close(3) = 0 [pid 1097] symlink("/dev/binderfs", "./binderfs" [pid 362] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1092] <... ioctl resumed>) = 0 [pid 359] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] getdents64(4, executing program [pid 1092] close(3 [pid 362] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1097] <... symlink resumed>) = 0 [pid 1097] write(1, "executing program\n", 18) = 18 [pid 1097] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1097] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1097] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1097] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1097] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1097] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[1099]}, 88) = 1099 [pid 1097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1097] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1097] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1099 attached [pid 1099] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 1099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1099] memfd_create("syzkaller", 0) = 3 [pid 1099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 1099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1099] munmap(0x7faaef6e1000, 138412032) = 0 [pid 1099] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1099] close(3) = 0 [pid 1099] close(4) = 0 [pid 1099] mkdir("./file0", 0777 [pid 362] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 1092] <... close resumed>) = 0 [pid 362] close(4 [pid 359] newfstatat(AT_FDCWD, "./23/file0", [pid 362] <... close resumed>) = 0 [pid 1099] <... mkdir resumed>) = 0 [pid 1099] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 362] rmdir("./23/file0" [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1092] close(4 [pid 362] <... rmdir resumed>) = 0 [pid 1092] <... close resumed>) = 0 [pid 359] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] getdents64(3, [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1092] mkdir("./file0", 0777 [pid 362] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 359] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 362] close(3 [pid 359] <... openat resumed>) = 4 [pid 362] <... close resumed>) = 0 [pid 359] newfstatat(4, "", [pid 362] rmdir("./23") = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] mkdir("./24", 0777 [pid 359] getdents64(4, [pid 1092] <... mkdir resumed>) = 0 [pid 362] <... mkdir resumed>) = 0 [pid 359] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 359] getdents64(4, [pid 362] <... openat resumed>) = 3 [pid 359] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 1092] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 362] ioctl(3, LOOP_CLR_FD [pid 359] close(4) = 0 [pid 362] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1090] <... mount resumed>) = 0 [pid 362] close(3 [pid 359] rmdir("./23/file0" [pid 362] <... close resumed>) = 0 [pid 359] <... rmdir resumed>) = 0 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 359] getdents64(3, [pid 1090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1090] chdir("./file0") = 0 [pid 1090] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1090] ioctl(4, LOOP_CLR_FD) = 0 [pid 1090] close(4) = 0 [pid 1090] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1081] <... futex resumed>) = 0 [pid 1081] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1081] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1090] <... futex resumed>) = 1 [pid 1090] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 1090] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1081] <... futex resumed>) = 0 [pid 1081] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1081] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 1081] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[1102]}, 88) = 1102 [pid 1081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1081] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1081] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1090] <... futex resumed>) = 1 [pid 1090] write(4, "0x0000000000000000", 18) = 18 [pid 1090] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] <... clone resumed>, child_tidptr=0x5555893a0690) = 1101 [pid 359] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 1090] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1101 attached [pid 1101] set_robust_list(0x5555893a06a0, 24) = 0 [pid 359] close(3 [pid 1101] chdir("./24") = 0 [pid 1101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1101] setpgid(0, 0) = 0 [pid 1101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 359] <... close resumed>) = 0 [pid 359] rmdir("./23") = 0 [pid 1101] <... openat resumed>) = 3 [pid 359] mkdir("./24", 0777 [pid 1101] write(3, "1000", 4) = 4 [pid 1101] close(3) = 0 [pid 1101] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1101] write(1, "executing program\n", 18) = 18 [pid 1101] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... mkdir resumed>) = 0 [pid 1101] <... futex resumed>) = 0 [pid 1101] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1101] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1101] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1101] rt_sigprocmask(SIG_BLOCK, ~[], [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1101] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 359] <... openat resumed>) = 3 [pid 359] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 359] close(3 [pid 1101] <... clone3 resumed> => {parent_tid=[1106]}, 88) = 1106 [pid 359] <... close resumed>) = 0 [pid 1101] rt_sigprocmask(SIG_SETMASK, [], [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1101] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1101] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 359] <... clone resumed>, child_tidptr=0x5555893a0690) = 1107 ./strace-static-x86_64: Process 1106 attached [pid 1106] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 1106] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1106] memfd_create("syzkaller", 0./strace-static-x86_64: Process 1107 attached [pid 1107] set_robust_list(0x5555893a06a0, 24 [pid 1106] <... memfd_create resumed>) = 3 [pid 1107] <... set_robust_list resumed>) = 0 [pid 1107] chdir("./24" [pid 1106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 1107] <... chdir resumed>) = 0 [pid 1107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1107] setpgid(0, 0) = 0 [pid 1107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1107] write(3, "1000", 4) = 4 [pid 1107] close(3) = 0 [pid 1107] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1107] write(1, "executing program\n", 18) = 18 [pid 1107] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1107] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1107] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1107] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1107] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1107] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[1109]}, 88) = 1109 [pid 1107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1107] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 36.841008][ T1090] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 1107] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1109 attached ./strace-static-x86_64: Process 1102 attached [pid 1106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 1099] <... mount resumed>) = 0 [pid 1099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1099] chdir("./file0") = 0 [pid 1099] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1099] ioctl(4, LOOP_CLR_FD) = 0 [pid 1099] close(4) = 0 [pid 1099] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1097] <... futex resumed>) = 0 [pid 1097] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1097] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1099] <... futex resumed>) = 1 [pid 1099] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 1099] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1097] <... futex resumed>) = 0 [pid 1097] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1097] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 1097] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1097] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1097] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[1111]}, 88) = 1111 [pid 1097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1097] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1097] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1099] <... futex resumed>) = 1 [pid 1099] write(4, "0x0000000000000000", 18) = 18 [pid 1099] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1099] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1111 attached [pid 1111] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 1111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1111] write(4, "0x0000000000000000", 18) = 18 [pid 1111] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1097] <... futex resumed>) = 0 [pid 1097] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1097] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1099] <... futex resumed>) = 0 [pid 1099] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 1099] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1097] <... futex resumed>) = 0 [pid 1097] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1097] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1099] <... futex resumed>) = 1 [pid 1111] <... futex resumed>) = 1 [pid 1109] set_robust_list(0x7faaf7b019a0, 24 [pid 1106] <... write resumed>) = 1048576 [pid 1102] set_robust_list(0x7faaf7ae09a0, 24 [pid 1092] <... mount resumed>) = 0 [pid 1109] <... set_robust_list resumed>) = 0 [pid 1106] munmap(0x7faaef6e1000, 138412032 [pid 1102] <... set_robust_list resumed>) = 0 [pid 1109] rt_sigprocmask(SIG_SETMASK, [], [pid 1106] <... munmap resumed>) = 0 [pid 1102] rt_sigprocmask(SIG_SETMASK, [], [pid 1109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1106] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1109] memfd_create("syzkaller", 0 [pid 1106] <... openat resumed>) = 4 [pid 1102] write(4, "0x0000000000000000", 18 [pid 1109] <... memfd_create resumed>) = 3 [pid 1106] ioctl(4, LOOP_SET_FD, 3 [pid 1102] <... write resumed>) = 18 [pid 1109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1102] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1109] <... mmap resumed>) = 0x7faaef6e1000 [pid 1102] <... futex resumed>) = 1 [pid 1109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 1102] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1109] <... write resumed>) = 1048576 [pid 1111] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1092] chdir("./file0") = 0 [pid 1092] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1109] munmap(0x7faaef6e1000, 138412032 [pid 1081] <... futex resumed>) = 0 [pid 1109] <... munmap resumed>) = 0 [pid 1099] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1081] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1106] <... ioctl resumed>) = 0 [pid 1081] <... futex resumed>) = 1 [pid 1090] <... futex resumed>) = 0 [pid 1092] <... openat resumed>) = 4 [pid 1092] ioctl(4, LOOP_CLR_FD) = 0 [pid 1092] close(4) = 0 [pid 1092] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1089] <... futex resumed>) = 0 [pid 1089] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1089] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1081] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1106] close(3 [pid 1090] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1092] <... futex resumed>) = 1 [pid 1092] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 1092] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1089] <... futex resumed>) = 0 [pid 1089] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1089] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 1089] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[1113]}, 88) = 1113 [pid 1089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1089] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1089] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1092] <... futex resumed>) = 1 [pid 1092] write(4, "0x0000000000000000", 18) = 18 [pid 1092] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1092] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1109] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1109] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1113 attached [pid 1113] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 1113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1106] <... close resumed>) = 0 [pid 1090] <... mmap resumed>) = 0x20000000 [pid 1113] write(4, "0x0000000000000000", 18) = 18 [pid 1113] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1106] close(4 [pid 1090] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1081] <... futex resumed>) = 0 [pid 1090] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1081] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1081] <... futex resumed>) = 0 [pid 1111] <... futex resumed>) = ? [pid 1089] <... futex resumed>) = 0 [pid 1089] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1089] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1092] <... futex resumed>) = 0 [pid 1092] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 1092] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1089] <... futex resumed>) = 0 [pid 1089] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1089] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1092] <... futex resumed>) = 1 [ 36.882942][ T1099] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 36.889069][ T1092] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 36.905852][ T1099] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 1113] <... futex resumed>) = 1 [pid 1097] <... futex resumed>) = ? [pid 1090] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1081] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 1113] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1106] <... close resumed>) = 0 [pid 1106] mkdir("./file0", 0777) = 0 [pid 1106] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1109] <... ioctl resumed>) = 0 [pid 1102] <... futex resumed>) = ? [pid 1109] close(3) = 0 [pid 1109] close(4) = 0 [pid 1109] mkdir("./file0", 0777) = 0 [pid 1109] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1090] +++ killed by SIGBUS +++ [pid 1092] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1113] <... futex resumed>) = ? [pid 1089] <... futex resumed>) = ? [pid 1113] +++ killed by SIGBUS +++ [pid 1092] +++ killed by SIGBUS +++ [pid 1089] +++ killed by SIGBUS +++ [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1089, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 357] restart_syscall(<... resuming interrupted clone ...> [pid 1102] +++ killed by SIGBUS +++ [pid 1081] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1081, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 360] restart_syscall(<... resuming interrupted clone ...> [pid 1111] +++ killed by SIGBUS +++ [pid 360] <... restart_syscall resumed>) = 0 [pid 357] <... restart_syscall resumed>) = 0 [pid 1099] +++ killed by SIGBUS +++ [pid 1097] +++ killed by SIGBUS +++ [pid 360] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1097, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 357] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 360] <... openat resumed>) = 3 [pid 358] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 357] <... openat resumed>) = 3 [pid 360] newfstatat(3, "", [pid 358] <... openat resumed>) = 3 [pid 357] newfstatat(3, "", [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] newfstatat(3, "", [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, [pid 360] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] getdents64(3, [pid 357] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 360] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] <... getdents64 resumed>0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./24/binderfs", [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./23/binderfs", [pid 360] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] newfstatat(AT_FDCWD, "./24/binderfs", [pid 357] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./24/binderfs" [pid 358] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./23/binderfs" [pid 360] <... unlink resumed>) = 0 [pid 358] unlink("./24/binderfs" [pid 357] <... unlink resumed>) = 0 [pid 360] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] <... unlink resumed>) = 0 [pid 357] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1109] <... mount resumed>) = 0 [pid 1109] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1109] chdir("./file0") = 0 [ 36.929784][ T1090] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 36.931218][ T1092] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 36.968900][ T1109] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 1109] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1106] <... mount resumed>) = 0 [pid 1106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1106] chdir("./file0") = 0 [ 37.008923][ T1106] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 1106] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 357] <... umount2 resumed>) = 0 [pid 1106] <... openat resumed>) = 4 [pid 1106] ioctl(4, LOOP_CLR_FD) = 0 [pid 1106] close(4 [pid 1109] <... openat resumed>) = 4 [pid 1106] <... close resumed>) = 0 [pid 360] <... umount2 resumed>) = 0 [pid 358] <... umount2 resumed>) = 0 [pid 357] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./24/file0", [pid 358] newfstatat(AT_FDCWD, "./24/file0", [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] newfstatat(AT_FDCWD, "./23/file0", [pid 360] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 358] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 360] <... openat resumed>) = 4 [pid 358] <... openat resumed>) = 4 [pid 357] umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] newfstatat(4, "", [pid 358] newfstatat(4, "", [pid 360] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] getdents64(4, [pid 358] getdents64(4, [pid 360] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 358] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 357] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1109] ioctl(4, LOOP_CLR_FD [pid 360] getdents64(4, [pid 358] getdents64(4, [pid 1109] <... ioctl resumed>) = 0 [pid 1106] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 358] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] <... openat resumed>) = 4 [pid 1109] close(4 [pid 1106] <... futex resumed>) = 1 [pid 1101] <... futex resumed>) = 0 [pid 360] close(4 [pid 358] close(4 [pid 1109] <... close resumed>) = 0 [pid 1106] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1101] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... close resumed>) = 0 [pid 358] <... close resumed>) = 0 [pid 357] newfstatat(4, "", [pid 1109] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1106] <... openat resumed>) = 4 [pid 1101] <... futex resumed>) = 0 [pid 360] rmdir("./24/file0" [pid 358] rmdir("./24/file0" [pid 1109] <... futex resumed>) = 1 [pid 1107] <... futex resumed>) = 0 [pid 1106] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1101] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... rmdir resumed>) = 0 [pid 358] <... rmdir resumed>) = 0 [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1109] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1107] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1106] <... futex resumed>) = 0 [pid 1101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 360] getdents64(3, [pid 358] getdents64(3, [pid 1109] <... openat resumed>) = 4 [pid 1107] <... futex resumed>) = 0 [pid 1106] write(4, "0x0000000000000000", 18 [pid 1101] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] getdents64(4, [pid 1107] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1101] <... futex resumed>) = 0 [pid 358] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 1101] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 1101] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 1109] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1106] <... write resumed>) = 18 [pid 360] close(3 [pid 358] close(3 [pid 357] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 1101] <... clone3 resumed> => {parent_tid=[1119]}, 88) = 1119 [pid 1101] rt_sigprocmask(SIG_SETMASK, [], [pid 360] <... close resumed>) = 0 [pid 358] <... close resumed>) = 0 [pid 357] getdents64(4, [pid 1101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1109] <... futex resumed>) = 1 [pid 1107] <... futex resumed>) = 0 [pid 360] rmdir("./24" [pid 358] rmdir("./24" [pid 357] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 1107] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1101] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1107] <... futex resumed>) = 0 [pid 1101] <... futex resumed>) = 0 [pid 1107] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1101] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... rmdir resumed>) = 0 [pid 357] close(4 [pid 1107] <... futex resumed>) = 0 [pid 1107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 1107] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE [pid 360] <... rmdir resumed>) = 0 [pid 358] mkdir("./25", 0777 [pid 357] <... close resumed>) = 0 [pid 1109] write(4, "0x0000000000000000", 18 [pid 1107] <... mprotect resumed>) = 0 [pid 1106] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1107] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1107] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} [pid 1109] <... write resumed>) = 18 [pid 360] mkdir("./25", 0777 [pid 1106] <... futex resumed>) = 0 [pid 358] <... mkdir resumed>) = 0 [pid 357] rmdir("./23/file0" [pid 1107] <... clone3 resumed> => {parent_tid=[1120]}, 88) = 1120 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1107] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1107] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1120 attached [pid 360] <... mkdir resumed>) = 0 [pid 1120] set_robust_list(0x7faaf7ae09a0, 24 [pid 358] <... openat resumed>) = 3 [pid 1120] <... set_robust_list resumed>) = 0 [pid 1120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1120] write(4, "0x0000000000000000", 18 [pid 357] <... rmdir resumed>) = 0 [pid 358] ioctl(3, LOOP_CLR_FD [pid 1109] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1106] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 358] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 357] getdents64(3, [pid 358] close(3 [pid 360] <... openat resumed>) = 3 [pid 358] <... close resumed>) = 0 [pid 357] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1109] <... futex resumed>) = 0 [pid 360] ioctl(3, LOOP_CLR_FD [pid 357] close(3 [pid 1120] <... write resumed>) = 18 [pid 1120] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1107] <... futex resumed>) = 0 [pid 1107] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1107] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1120] <... futex resumed>) = 1 [pid 1120] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 357] <... close resumed>) = 0 [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 1121 [pid 1109] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 357] rmdir("./23"./strace-static-x86_64: Process 1121 attached [pid 1121] set_robust_list(0x5555893a06a0, 24) = 0 [pid 1121] chdir("./25" [pid 357] <... rmdir resumed>) = 0 [pid 360] close(3 [pid 1121] <... chdir resumed>) = 0 [pid 1121] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1109] <... mmap resumed>) = 0x20000000 [pid 360] <... close resumed>) = 0 [pid 357] mkdir("./24", 0777 [pid 1109] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1121] <... prctl resumed>) = 0 [pid 1121] setpgid(0, 0) = 0 executing program executing program [pid 1121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 357] <... mkdir resumed>) = 0 [pid 1109] <... futex resumed>) = 1 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1107] <... futex resumed>) = 0 [pid 1107] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1107] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1121] write(3, "1000", 4) = 4 [pid 1121] close(3) = 0 [pid 1121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1121] write(1, "executing program\n", 18) = 18 [pid 1121] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1121] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1121] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1121] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1121] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[1122]}, 88) = 1122 [pid 1121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1121] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1121] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1122 attached [pid 1122] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 1122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1122] memfd_create("syzkaller", 0) = 3 [pid 1122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 357] <... openat resumed>) = 3 [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 1123 [pid 1122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 ./strace-static-x86_64: Process 1123 attached [pid 1123] set_robust_list(0x5555893a06a0, 24) = 0 [pid 1123] chdir("./25") = 0 [pid 1123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1123] setpgid(0, 0) = 0 [pid 1123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1123] write(3, "1000", 4) = 4 [pid 1123] close(3) = 0 [pid 1123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1123] write(1, "executing program\n", 18) = 18 [pid 1123] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1123] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1123] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1123] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[1124]}, 88) = 1124 [pid 1123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1123] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1123] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1122] munmap(0x7faaef6e1000, 138412032) = 0 [pid 1122] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1122] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1124 attached [pid 1124] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 1124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1124] memfd_create("syzkaller", 0) = 3 [pid 1124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 1124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 357] ioctl(3, LOOP_CLR_FD [pid 1124] <... write resumed>) = 1048576 [pid 1124] munmap(0x7faaef6e1000, 138412032) = 0 [pid 1124] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 1119 attached ) = 4 [pid 1122] <... ioctl resumed>) = 0 [pid 1119] set_robust_list(0x7faaf7ae09a0, 24 [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1122] close(3) = 0 [pid 1122] close(4 [pid 1124] ioctl(4, LOOP_SET_FD, 3 [pid 1109] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1119] <... set_robust_list resumed>) = 0 [pid 357] close(3 [pid 1120] <... futex resumed>) = ? [pid 1107] <... futex resumed>) = ? [pid 1119] rt_sigprocmask(SIG_SETMASK, [], [pid 1120] +++ killed by SIGBUS +++ [pid 1119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1119] write(4, "0x0000000000000000", 18) = 18 [pid 1119] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1101] <... futex resumed>) = 0 [pid 1101] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1101] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1106] <... futex resumed>) = 0 [pid 1106] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 1119] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1106] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1101] <... futex resumed>) = 0 [pid 1109] +++ killed by SIGBUS +++ [pid 1107] +++ killed by SIGBUS +++ [pid 1101] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1107, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 359] restart_syscall(<... resuming interrupted clone ...> [pid 1101] <... futex resumed>) = 0 [pid 1101] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... restart_syscall resumed>) = 0 [pid 359] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 359] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./24/binderfs") = 0 [pid 359] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1106] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1101] <... futex resumed>) = ? [pid 1119] <... futex resumed>) = ? [pid 1119] +++ killed by SIGBUS +++ [pid 1106] +++ killed by SIGBUS +++ [pid 1101] +++ killed by SIGBUS +++ [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1101, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 362] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 362] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./24/binderfs") = 0 [pid 362] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1124] <... ioctl resumed>) = 0 [pid 1122] <... close resumed>) = 0 [pid 357] <... close resumed>) = 0 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1122] mkdir("./file0", 0777 [pid 1124] close(3 [pid 357] <... clone resumed>, child_tidptr=0x5555893a0690) = 1127 ./strace-static-x86_64: Process 1127 attached [pid 1127] set_robust_list(0x5555893a06a0, 24) = 0 [pid 1127] chdir("./24") = 0 [pid 1127] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1122] <... mkdir resumed>) = 0 [pid 1124] <... close resumed>) = 0 [pid 1127] <... prctl resumed>) = 0 [pid 1127] setpgid(0, 0) = 0 [pid 1124] close(4 [pid 1122] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1127] write(3, "1000", 4) = 4 [pid 1127] close(3) = 0 [pid 1127] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1127] write(1, "executing program\n", 18) = 18 [pid 1127] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1127] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1127] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1127] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1127] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1127] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0}./strace-static-x86_64: Process 1128 attached => {parent_tid=[1128]}, 88) = 1128 [pid 1127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1127] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1127] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1128] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 1128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1128] memfd_create("syzkaller", 0) = 3 [pid 1128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 1128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1128] munmap(0x7faaef6e1000, 138412032) = 0 [ 37.158139][ T1109] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 37.176176][ T1106] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 1128] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1124] <... close resumed>) = 0 [pid 362] <... umount2 resumed>) = 0 [pid 359] <... umount2 resumed>) = 0 [pid 1124] mkdir("./file0", 0777 [pid 362] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1124] <... mkdir resumed>) = 0 [pid 362] <... openat resumed>) = 4 [pid 362] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 362] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 362] close(4) = 0 [pid 362] rmdir("./24/file0") = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 362] close(3 [pid 1124] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1128] <... openat resumed>) = 4 [pid 362] <... close resumed>) = 0 [pid 359] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1128] ioctl(4, LOOP_SET_FD, 3 [pid 359] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] rmdir("./24" [pid 359] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] <... rmdir resumed>) = 0 [pid 359] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1128] <... ioctl resumed>) = 0 [pid 362] mkdir("./25", 0777 [pid 359] <... openat resumed>) = 4 [pid 1128] close(3 [pid 1122] <... mount resumed>) = 0 [pid 359] newfstatat(4, "", [pid 1122] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 362] <... mkdir resumed>) = 0 [pid 359] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1122] <... openat resumed>) = 3 [pid 359] getdents64(4, [pid 1122] chdir("./file0" [pid 359] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 1122] <... chdir resumed>) = 0 [pid 359] getdents64(4, [pid 1122] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 359] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 1122] <... openat resumed>) = 4 [pid 359] close(4 [pid 1122] ioctl(4, LOOP_CLR_FD [pid 359] <... close resumed>) = 0 [pid 1122] <... ioctl resumed>) = 0 [pid 359] rmdir("./24/file0" [pid 1122] close(4 [pid 359] <... rmdir resumed>) = 0 [pid 1122] <... close resumed>) = 0 [pid 359] getdents64(3, [pid 1122] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 1122] <... futex resumed>) = 1 [pid 1121] <... futex resumed>) = 0 [pid 359] close(3 [pid 1122] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1121] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... close resumed>) = 0 [pid 1122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1121] <... futex resumed>) = 0 [pid 359] rmdir("./24" [pid 1122] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1121] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... rmdir resumed>) = 0 [pid 1122] <... openat resumed>) = 4 [pid 359] mkdir("./25", 0777 [pid 1122] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... mkdir resumed>) = 0 [pid 1128] <... close resumed>) = 0 [pid 1122] <... futex resumed>) = 1 [pid 1121] <... futex resumed>) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1122] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1121] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... openat resumed>) = 3 [pid 1122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1121] <... futex resumed>) = 0 [pid 359] ioctl(3, LOOP_CLR_FD [pid 1122] write(4, "0x0000000000000000", 18 [pid 1121] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1128] close(4 [pid 1122] <... write resumed>) = 18 [pid 1121] <... futex resumed>) = 0 [pid 359] close(3 [pid 1122] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1122] <... futex resumed>) = 0 [pid 1121] <... mmap resumed>) = 0x7faaf7ac0000 [pid 1124] <... mount resumed>) = 0 [pid 1122] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1121] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 1121] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[1134]}, 88) = 1134 [pid 1121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1124] <... openat resumed>) = 3 [pid 1121] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1121] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1134 attached [pid 1134] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 1134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1134] write(4, "0x0000000000000000", 18) = 18 [pid 1134] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1121] <... futex resumed>) = 0 [pid 1121] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1122] <... futex resumed>) = 0 [pid 1121] <... futex resumed>) = 1 [pid 1122] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 1121] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1124] chdir("./file0" [pid 1122] <... mmap resumed>) = 0x20000000 [pid 1122] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1121] <... futex resumed>) = 0 [pid 1122] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1121] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1121] <... futex resumed>) = 0 [pid 1134] <... futex resumed>) = 1 [pid 1124] <... chdir resumed>) = 0 [pid 1124] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1134] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1121] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1122] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1121] <... futex resumed>) = ? [pid 1134] <... futex resumed>) = ? [pid 1134] +++ killed by SIGBUS +++ [pid 1128] <... close resumed>) = 0 [pid 359] <... close resumed>) = 0 [pid 1128] mkdir("./file0", 0777 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1128] <... mkdir resumed>) = 0 [pid 1128] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 359] <... clone resumed>, child_tidptr=0x5555893a0690) = 1135 ./strace-static-x86_64: Process 1135 attached [pid 1122] +++ killed by SIGBUS +++ [pid 1121] +++ killed by SIGBUS +++ [pid 1135] set_robust_list(0x5555893a06a0, 24 [pid 358] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1121, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 358] restart_syscall(<... resuming interrupted clone ...> [pid 1135] <... set_robust_list resumed>) = 0 [pid 1135] chdir("./25") = 0 [pid 1135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1135] setpgid(0, 0) = 0 [pid 1135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1135] write(3, "1000", 4) = 4 [pid 1135] close(3) = 0 [pid 1135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1135] write(1, "executing program\n", 18executing program ) = 18 [pid 1135] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1135] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1135] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1135] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0}./strace-static-x86_64: Process 1136 attached => {parent_tid=[1136]}, 88) = 1136 [pid 1136] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 1136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1136] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 358] <... restart_syscall resumed>) = 0 [pid 358] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1135] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 358] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 358] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 358] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] unlink("./25/binderfs") = 0 [pid 358] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1135] <... futex resumed>) = 1 [pid 1136] <... futex resumed>) = 0 [pid 1135] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1136] memfd_create("syzkaller", 0) = 3 [pid 1136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 1136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1136] munmap(0x7faaef6e1000, 138412032) = 0 [ 37.356872][ T1122] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 37.374252][ T1124] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 37.392144][ T1122] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 1136] openat(AT_FDCWD, "/dev/loop2", O_RDWRexecuting program [pid 362] <... openat resumed>) = 3 [pid 362] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 362] close(3) = 0 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 1137 ./strace-static-x86_64: Process 1137 attached [pid 1137] set_robust_list(0x5555893a06a0, 24) = 0 [pid 1137] chdir("./25") = 0 [pid 1137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1137] setpgid(0, 0) = 0 [pid 1137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1137] write(3, "1000", 4) = 4 [pid 1137] close(3) = 0 [pid 1137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1137] write(1, "executing program\n", 18) = 18 [pid 1137] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1137] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1137] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1137] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1137] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1124] <... openat resumed>) = 4 [pid 1124] ioctl(4, LOOP_CLR_FD) = 0 [pid 358] <... umount2 resumed>) = 0 [pid 1124] close(4 [pid 358] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1124] <... close resumed>) = 0 [pid 1124] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1124] <... futex resumed>) = 1 [pid 358] newfstatat(AT_FDCWD, "./25/file0", [pid 1124] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1123] <... futex resumed>) = 0 [pid 358] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1123] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1124] <... futex resumed>) = 0 [pid 358] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1123] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1124] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 358] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[1138]}, 88) = 1138 [pid 1137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1137] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1137] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 358] <... openat resumed>) = 4 [pid 1124] <... openat resumed>) = 4 [pid 358] newfstatat(4, "", ./strace-static-x86_64: Process 1138 attached [pid 1138] set_robust_list(0x7faaf7b019a0, 24 [pid 358] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1124] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1138] <... set_robust_list resumed>) = 0 [pid 1138] rt_sigprocmask(SIG_SETMASK, [], [pid 358] getdents64(4, [pid 1124] <... futex resumed>) = 1 [pid 1123] <... futex resumed>) = 0 [pid 1123] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1123] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 1124] write(4, "0x0000000000000000", 18 [pid 1123] <... futex resumed>) = 0 [pid 358] getdents64(4, [pid 1123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1124] <... write resumed>) = 18 [pid 358] <... getdents64 resumed>0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 1123] <... mmap resumed>) = 0x7faaf7ac0000 [pid 1123] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[1139]}, 88) = 1139 [pid 1123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1123] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1123] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1138] memfd_create("syzkaller", 0) = 3 [pid 1138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 358] close(4 [pid 1124] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... close resumed>) = 0 [pid 1124] <... futex resumed>) = 0 [pid 358] rmdir("./25/file0" [pid 1124] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 358] <... rmdir resumed>) = 0 [pid 358] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 358] close(3) = 0 [pid 358] rmdir("./25") = 0 [pid 358] mkdir("./26", 0777) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 1139 attached [pid 1139] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 1139] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1139] write(4, "0x0000000000000000", 18) = 18 [pid 1139] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1123] <... futex resumed>) = 0 [pid 1139] <... futex resumed>) = 1 [pid 1123] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1124] <... futex resumed>) = 0 [pid 1123] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1124] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 1124] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1123] <... futex resumed>) = 0 [pid 1124] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1123] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1123] <... futex resumed>) = 0 [pid 1138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1138] munmap(0x7faaef6e1000, 138412032) = 0 [pid 1138] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1139] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1123] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1136] <... openat resumed>) = 4 [pid 1124] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1136] ioctl(4, LOOP_SET_FD, 3 [pid 1123] <... futex resumed>) = ? [pid 1139] <... futex resumed>) = ? [pid 1139] +++ killed by SIGBUS +++ [pid 1128] <... mount resumed>) = 0 [pid 1136] <... ioctl resumed>) = 0 [pid 1138] <... openat resumed>) = 4 [pid 1138] ioctl(4, LOOP_SET_FD, 3 [pid 1136] close(3 [pid 1128] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 358] <... openat resumed>) = 3 [pid 358] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 358] close(3) = 0 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1136] <... close resumed>) = 0 [pid 1128] <... openat resumed>) = 3 [pid 358] <... clone resumed>, child_tidptr=0x5555893a0690) = 1144 [pid 1136] close(4 [pid 1128] chdir("./file0" [pid 1124] +++ killed by SIGBUS +++ [pid 1128] <... chdir resumed>) = 0 [pid 1123] +++ killed by SIGBUS +++ [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1123, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 360] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 1144 attached [pid 1144] set_robust_list(0x5555893a06a0, 24) = 0 [pid 1144] chdir("./26") = 0 [pid 1138] <... ioctl resumed>) = 0 [pid 1144] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1138] close(3 [pid 1128] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1138] <... close resumed>) = 0 [pid 1138] close(4 [pid 1144] <... prctl resumed>) = 0 [pid 1144] setpgid(0, 0) = 0 [pid 1144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1144] write(3, "1000", 4) = 4 [pid 360] <... restart_syscall resumed>) = 0 [pid 1144] close(3) = 0 [pid 360] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1144] symlink("/dev/binderfs", "./binderfs" [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 360] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 1144] <... symlink resumed>) = 0 [pid 360] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1144] write(1, "executing program\n", 18 [pid 360] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 360] newfstatat(AT_FDCWD, "./25/binderfs", [pid 1144] <... write resumed>) = 18 [pid 360] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] unlink("./25/binderfs" [pid 1144] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] <... unlink resumed>) = 0 [pid 360] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1144] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1144] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1144] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0}./strace-static-x86_64: Process 1145 attached => {parent_tid=[1145]}, 88) = 1145 [pid 1145] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 1145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1145] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1144] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1145] <... futex resumed>) = 0 [pid 1145] memfd_create("syzkaller", 0) = 3 [pid 1145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 1144] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1145] munmap(0x7faaef6e1000, 138412032) = 0 [ 37.449978][ T1124] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 37.459650][ T1128] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 1145] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1136] <... close resumed>) = 0 [pid 1128] <... openat resumed>) = 4 [pid 1136] mkdir("./file0", 0777 [pid 1128] ioctl(4, LOOP_CLR_FD [pid 1136] <... mkdir resumed>) = 0 [pid 1128] <... ioctl resumed>) = 0 [pid 1136] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1128] close(4) = 0 [pid 1128] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1127] <... futex resumed>) = 0 [pid 1128] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1127] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1127] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1128] <... openat resumed>) = 4 [pid 1128] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1127] <... futex resumed>) = 0 [pid 1128] write(4, "0x0000000000000000", 18 [pid 1127] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1128] <... write resumed>) = 18 [pid 1127] <... futex resumed>) = 0 [pid 1128] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1127] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1128] <... futex resumed>) = 0 [pid 1127] <... futex resumed>) = 0 [pid 1128] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 1127] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1127] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1127] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[1146]}, 88) = 1146 [pid 1127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 1146 attached [pid 1127] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1146] set_robust_list(0x7faaf7ae09a0, 24 [pid 1127] <... futex resumed>) = 0 [pid 1127] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1146] <... set_robust_list resumed>) = 0 [pid 1146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1146] write(4, "0x0000000000000000", 18) = 18 [pid 1146] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1127] <... futex resumed>) = 0 [pid 1127] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1127] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1146] <... futex resumed>) = 1 [pid 1146] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1128] <... futex resumed>) = 0 [pid 1128] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 1128] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1127] <... futex resumed>) = 0 [pid 1128] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1127] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1127] <... futex resumed>) = 0 [pid 1136] <... mount resumed>) = 0 [pid 1127] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1136] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1136] chdir("./file0") = 0 [pid 1136] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1138] <... close resumed>) = 0 [pid 1138] mkdir("./file0", 0777 [pid 1128] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1146] <... futex resumed>) = ? [pid 1138] <... mkdir resumed>) = 0 [pid 1127] <... futex resumed>) = ? [pid 1138] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1146] +++ killed by SIGBUS +++ [pid 1128] +++ killed by SIGBUS +++ [pid 1127] +++ killed by SIGBUS +++ [pid 357] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1127, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 357] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 357] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 357] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 357] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 357] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 357] unlink("./24/binderfs") = 0 [pid 357] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1145] <... openat resumed>) = 4 [pid 1136] <... openat resumed>) = 4 [pid 1145] ioctl(4, LOOP_SET_FD, 3 [ 37.539091][ T1136] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 37.549050][ T1128] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 1136] ioctl(4, LOOP_CLR_FD [pid 1138] <... mount resumed>) = 0 [pid 1138] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1138] chdir("./file0") = 0 [pid 1138] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1145] <... ioctl resumed>) = 0 [pid 1138] <... openat resumed>) = 4 [pid 360] <... umount2 resumed>) = 0 [pid 357] <... umount2 resumed>) = 0 [pid 360] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 360] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 360] getdents64(4, 0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 360] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 360] close(4) = 0 [pid 360] rmdir("./25/file0" [pid 1138] ioctl(4, LOOP_CLR_FD [pid 360] <... rmdir resumed>) = 0 [pid 1145] close(3 [pid 1136] <... ioctl resumed>) = 0 [pid 360] getdents64(3, [pid 357] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 360] <... getdents64 resumed>0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] close(3 [pid 357] newfstatat(AT_FDCWD, "./24/file0", [pid 360] <... close resumed>) = 0 [pid 357] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] rmdir("./25" [pid 357] umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1145] <... close resumed>) = 0 [pid 1138] <... ioctl resumed>) = 0 [pid 1136] close(4 [pid 360] <... rmdir resumed>) = 0 [pid 357] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] mkdir("./26", 0777 [pid 357] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1145] close(4 [pid 1138] close(4 [pid 1136] <... close resumed>) = 0 [pid 360] <... mkdir resumed>) = 0 [pid 357] <... openat resumed>) = 4 [pid 360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 357] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] getdents64(4, [pid 1136] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... getdents64 resumed>0x5555893a9770 /* 2 entries */, 32768) = 48 [pid 357] getdents64(4, 0x5555893a9770 /* 0 entries */, 32768) = 0 [pid 357] close(4) = 0 [pid 357] rmdir("./24/file0" [pid 1136] <... futex resumed>) = 1 [pid 1135] <... futex resumed>) = 0 [pid 357] <... rmdir resumed>) = 0 [pid 357] getdents64(3, 0x5555893a1730 /* 0 entries */, 32768) = 0 [pid 357] close(3) = 0 [pid 357] rmdir("./24" [pid 1136] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1135] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... rmdir resumed>) = 0 [pid 357] mkdir("./25", 0777 [pid 1135] <... futex resumed>) = 0 [pid 357] <... mkdir resumed>) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1135] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1136] <... openat resumed>) = 4 [pid 1136] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1135] <... futex resumed>) = 0 [pid 1135] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1135] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 1135] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1135] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1136] write(4, "0x0000000000000000", 18 [pid 1135] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[1152]}, 88) = 1152 [pid 1135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1135] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1135] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1152 attached [pid 1152] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 1152] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1152] write(4, "0x0000000000000000", 18) = 18 [pid 1152] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1135] <... futex resumed>) = 0 [pid 1135] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1135] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1152] <... futex resumed>) = 1 [pid 1152] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 1152] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1135] <... futex resumed>) = 0 [pid 1135] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1135] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1152] <... futex resumed>) = 1 [ 37.598927][ T1138] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [pid 1152] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1136] <... write resumed>) = 18 [pid 1135] <... futex resumed>) = ? [pid 1136] +++ killed by SIGBUS +++ [pid 1152] +++ killed by SIGBUS +++ [pid 1135] +++ killed by SIGBUS +++ [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1135, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 359] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 359] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 359] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 359] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 359] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 359] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 359] unlink("./25/binderfs") = 0 [pid 359] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1145] <... close resumed>) = 0 [pid 1138] <... close resumed>) = 0 [pid 1145] mkdir("./file0", 0777) = 0 [pid 1145] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [pid 1138] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1138] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1137] <... futex resumed>) = 0 [pid 1137] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1138] <... futex resumed>) = 0 [pid 1137] <... futex resumed>) = 1 [pid 1138] openat(AT_FDCWD, "blkio.bfq.avg_queue_size", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 1137] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1138] <... openat resumed>) = 4 [pid 1138] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1137] <... futex resumed>) = 0 [pid 1138] write(4, "0x0000000000000000", 18 [pid 1137] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1138] <... write resumed>) = 18 [pid 1137] <... futex resumed>) = 0 [pid 1138] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1137] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1138] <... futex resumed>) = 0 [pid 1137] <... futex resumed>) = 0 [pid 1138] futex(0x7faaf7bcd6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ac0000 [pid 1137] mprotect(0x7faaf7ac1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1137] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7ae0990, parent_tid=0x7faaf7ae0990, exit_signal=0, stack=0x7faaf7ac0000, stack_size=0x20300, tls=0x7faaf7ae06c0} => {parent_tid=[1153]}, 88) = 1153 [pid 1137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1137] futex(0x7faaf7bcd6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1137] futex(0x7faaf7bcd6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1153 attached [pid 1153] set_robust_list(0x7faaf7ae09a0, 24) = 0 [pid 1153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1153] write(4, "0x0000000000000000", 18) = 18 [ 37.636059][ T1152] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 37.663670][ T9] ------------[ cut here ]------------ [ 37.668934][ T9] kernel BUG at fs/ext4/inode.c:2844! [ 37.674757][ T9] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 37.680621][ T9] CPU: 1 PID: 9 Comm: kworker/u4:1 Not tainted 5.4.289-syzkaller-00028-g3f2c17e79750 #0 [ 37.690162][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 37.700078][ T9] Workqueue: writeback wb_workfn (flush-7:2) [ 37.705881][ T9] RIP: 0010:ext4_writepages+0x3c96/0x3cc0 [ 37.711436][ T9] Code: 9c 9b ff 31 ff 89 de e8 08 9c 9b ff 45 84 f6 75 2e e8 ee 99 9b ff 49 bf 00 00 00 00 00 fc ff df e9 1d f9 ff ff e8 da 99 9b ff <0f> 0b e8 d3 99 9b ff 0f 0b e8 cc 99 9b ff e8 97 a3 37 ff eb 99 e8 [ 37.730871][ T9] RSP: 0018:ffff8881f5dcf0e0 EFLAGS: 00010293 [ 37.736773][ T9] RAX: ffffffff81c8b096 RBX: 0000010000000000 RCX: ffff8881f5dc4ec0 [ 37.744580][ T9] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 37.752393][ T9] RBP: ffff8881f5dcf4d0 R08: ffffffff81c87ce6 R09: ffffed103b192722 [ 37.760211][ T9] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881d8c939b8 [ 37.768014][ T9] R13: 0000000000000001 R14: 0000018410000000 R15: dffffc0000000000 [ 37.775827][ T9] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 37.784593][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.791022][ T9] CR2: 00005555893a9738 CR3: 00000001e9ebc000 CR4: 00000000003406a0 [ 37.798831][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.806637][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.814448][ T9] Call Trace: [ 37.817586][ T9] ? __die+0xb4/0x100 [ 37.821403][ T9] ? die+0x26/0x50 [ 37.824953][ T9] ? do_trap+0x1e7/0x340 [ 37.829034][ T9] ? ext4_writepages+0x3c96/0x3cc0 [ 37.833980][ T9] ? ext4_writepages+0x3c96/0x3cc0 [ 37.838936][ T9] ? do_invalid_op+0xfb/0x110 [ 37.843453][ T9] ? ext4_writepages+0x3c96/0x3cc0 [ 37.848392][ T9] ? invalid_op+0x1e/0x30 [ 37.852560][ T9] ? ext4_writepages+0x8e6/0x3cc0 [ 37.857424][ T9] ? ext4_writepages+0x3c96/0x3cc0 [ 37.862366][ T9] ? ext4_writepages+0x3c96/0x3cc0 [ 37.867314][ T9] ? mark_page_accessed+0x26f/0x640 [ 37.872344][ T9] ? debug_smp_processor_id+0x20/0x20 [ 37.877550][ T9] ? deref_stack_reg+0x15c/0x1f0 [ 37.882350][ T9] ? get_reg+0x220/0x220 [ 37.886427][ T9] ? __pv_queued_spin_lock_slowpath+0x9fd/0xc70 [ 37.892492][ T9] ? unwind_next_frame+0x176a/0x1ea0 [ 37.897605][ T9] ? ext4_readpage+0x2e0/0x2e0 [ 37.902201][ T9] ? deref_stack_reg+0x15c/0x1f0 [ 37.906974][ T9] ? get_reg+0x220/0x220 [ 37.911177][ T9] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 37.916983][ T9] ? preempt_count_add+0x8f/0x180 [ 37.921851][ T9] ? ret_from_fork+0x1f/0x30 [ 37.926267][ T9] ? unwind_next_frame+0x176a/0x1ea0 [ 37.931389][ T9] ? ext4_readpage+0x2e0/0x2e0 [ 37.935987][ T9] do_writepages+0x12b/0x270 [ 37.940415][ T9] ? get_reg+0x220/0x220 [ 37.944492][ T9] ? __writepage+0x110/0x110 [ 37.948919][ T9] ? _raw_spin_lock+0xa4/0x1b0 [ 37.953520][ T9] ? _raw_spin_trylock_bh+0x190/0x190 [ 37.958726][ T9] ? unwind_next_frame+0x181e/0x1ea0 [ 37.963848][ T9] ? _raw_spin_lock+0xa4/0x1b0 [ 37.968451][ T9] __writeback_single_inode+0xd9/0xcc0 [ 37.973741][ T9] writeback_sb_inodes+0x9e0/0x1800 [ 37.978776][ T9] ? _raw_spin_lock+0xa4/0x1b0 [ 37.983379][ T9] ? queue_io+0x500/0x500 [ 37.987541][ T9] ? writeback_sb_inodes+0x1800/0x1800 [ 37.992837][ T9] ? queue_io+0x358/0x500 [ 37.997001][ T9] wb_writeback+0x403/0xd70 [ 38.001345][ T9] ? wb_io_lists_depopulated+0x170/0x170 [ 38.006810][ T9] ? set_worker_desc+0x158/0x1c0 [ 38.011584][ T9] ? check_preemption_disabled+0x9f/0x320 [ 38.017138][ T9] ? kthread_data+0x4e/0xc0 [ 38.021477][ T9] wb_workfn+0x3b6/0x1230 [ 38.025647][ T9] ? inode_wait_for_writeback+0x280/0x280 [ 38.031198][ T9] ? switch_mm_irqs_off+0x6b5/0xab0 [ 38.036233][ T9] ? _raw_spin_unlock_irq+0x4a/0x60 [ 38.041264][ T9] ? finish_task_switch+0x130/0x590 [ 38.046300][ T9] ? __schedule+0xb0d/0x1320 [pid 1153] futex(0x7faaf7bcd6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1137] <... futex resumed>) = 0 [pid 1137] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1138] <... futex resumed>) = 0 [pid 1137] <... futex resumed>) = 1 [pid 1138] mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [ 38.050727][ T9] ? _raw_spin_lock_irqsave+0x210/0x210 [ 38.056106][ T9] ? read_word_at_a_time+0xe/0x20 [ 38.060965][ T9] ? strscpy+0x89/0x220 [ 38.064959][ T9] process_one_work+0x765/0xd20 [ 38.069650][ T9] worker_thread+0xaef/0x1470 [ 38.074164][ T9] kthread+0x2da/0x360 [ 38.078064][ T9] ? worker_clr_flags+0x170/0x170 [ 38.082924][ T9] ? kthread_blkcg+0xd0/0xd0 [ 38.087349][ T9] ret_from_fork+0x1f/0x30 [ 38.091603][ T9] Modules linked in: [pid 1137] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1153] <... futex resumed>) = 1 [pid 1138] <... mmap resumed>) = 0x20000000 [pid 1138] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1137] <... futex resumed>) = 0 [pid 1137] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1137] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1138] <... futex resumed>) = 1 [pid 1153] futex(0x7faaf7bcd6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 360] <... openat resumed>) = 3 [pid 357] <... openat resumed>) = 3 [pid 360] ioctl(3, LOOP_CLR_FD [pid 357] ioctl(3, LOOP_CLR_FD [pid 360] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 357] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 360] close(3 [pid 357] close(3 [pid 360] <... close resumed>) = 0 [pid 357] <... close resumed>) = 0 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555893a0690) = 1156 [pid 360] <... clone resumed>, child_tidptr=0x5555893a0690) = 1155 ./strace-static-x86_64: Process 1156 attached [pid 1156] set_robust_list(0x5555893a06a0, 24) = 0 [pid 1156] chdir("./25") = 0 [pid 1156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1156] setpgid(0, 0) = 0 [pid 1156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1156] write(3, "1000", 4) = 4 [pid 1156] close(3) = 0 [pid 1156] symlink("/dev/binderfs", "./binderfs") = 0 ./strace-static-x86_64: Process 1155 attached [pid 1155] set_robust_list(0x5555893a06a0, 24) = 0 [pid 1155] chdir("./26" [pid 1156] write(1, "executing program\n", 18executing program ) = 18 [pid 1156] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1155] <... chdir resumed>) = 0 [pid 1156] <... futex resumed>) = 0 [pid 1156] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, [pid 1155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1155] setpgid(0, 0 [pid 1156] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1156] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1155] <... setpgid resumed>) = 0 [pid 1156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1156] <... mmap resumed>) = 0x7faaf7ae1000 [pid 1156] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1156] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1155] <... openat resumed>) = 3 [pid 1156] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} [pid 1155] write(3, "1000", 4) = 4 [pid 1155] close(3) = 0 [pid 1155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1156] <... clone3 resumed> => {parent_tid=[1157]}, 88) = 1157 [pid 1156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1156] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1156] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program [pid 1155] write(1, "executing program\n", 18) = 18 [pid 1155] futex(0x7faaf7bcd6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1155] rt_sigaction(SIGRT_1, {sa_handler=0x7faaf7b6b0e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7faaf7b5c290}, NULL, 8) = 0 [pid 1155] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7faaf7ae1000 [pid 1155] mprotect(0x7faaf7ae2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1155] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1155] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7faaf7b01990, parent_tid=0x7faaf7b01990, exit_signal=0, stack=0x7faaf7ae1000, stack_size=0x20300, tls=0x7faaf7b016c0} => {parent_tid=[1158]}, 88) = 1158 [pid 1155] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1155] futex(0x7faaf7bcd6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1155] futex(0x7faaf7bcd6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1157 attached [pid 1157] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 1157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1157] memfd_create("syzkaller", 0) = 3 [pid 1157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 ./strace-static-x86_64: Process 1158 attached [pid 1158] set_robust_list(0x7faaf7b019a0, 24) = 0 [pid 1158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1158] memfd_create("syzkaller", 0) = 3 [pid 1158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faaef6e1000 [pid 1158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 1157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 1157] munmap(0x7faaef6e1000, 138412032) = 0 [pid 1158] <... write resumed>) = 1048576 [pid 1157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1157] ioctl(4, LOOP_SET_FD, 3 [pid 1138] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000380} --- [pid 1158] munmap(0x7faaef6e1000, 138412032 [pid 1153] <... futex resumed>) = ? [pid 1137] <... futex resumed>) = ? [pid 1158] <... munmap resumed>) = 0 [pid 1138] +++ killed by SIGBUS +++ [pid 1158] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1157] <... ioctl resumed>) = 0 [pid 1157] close(3) = 0 [ 38.098329][ T9] ---[ end trace 045183232d727563 ]--- [ 38.099780][ T1138] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 38.103949][ T9] RIP: 0010:ext4_writepages+0x3c96/0x3cc0 [pid 1157] close(4 [pid 1153] +++ killed by SIGBUS +++ [pid 1137] +++ killed by SIGBUS +++ [pid 1145] <... mount resumed>) = 0 [pid 362] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1137, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=43} --- [pid 362] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 362] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 362] getdents64(3, 0x5555893a1730 /* 4 entries */, 32768) = 112 [pid 362] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 362] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 362] unlink("./25/binderfs") = 0 [pid 362] umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1145] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1145] chdir("./file0") = 0 [pid 1145] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1158] <... openat resumed>) = 4 [pid 1157] <... close resumed>) = 0 [pid 1157] mkdir("./file0", 0777) = 0 [pid 1157] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, "jqfmt=vfsv0,norecovery,,errors=continue" [ 38.145364][ T9] Code: 9c 9b ff 31 ff 89 de e8 08 9c 9b ff 45 84 f6 75 2e e8 ee 99 9b ff 49 bf 00 00 00 00 00 fc ff df e9 1d f9 ff ff e8 da 99 9b ff <0f> 0b e8 d3 99 9b ff 0f 0b e8 cc 99 9b ff e8 97 a3 37 ff eb 99 e8 [ 38.149017][ T1145] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv0,norecovery,,errors=continue [ 38.165439][ T9] RSP: 0018:ffff8881f5dcf0e0 EFLAGS: 00010293 [ 38.181506][ T9] RAX: ffffffff81c8b096 RBX: 0000010000000000 RCX: ffff8881f5dc4ec0 [ 38.189358][ T9] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 38.197206][ T9] RBP: ffff8881f5dcf4d0 R08: ffffffff81c87ce6 R09: ffffed103b192722 [ 38.205037][ T9] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881d8c939b8 [ 38.212839][ T9] R13: 0000000000000001 R14: 0000018410000000 R15: dffffc0000000000 [ 38.220656][ T9] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 38.229416][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.235822][ T9] CR2: 00007faaef7e0000 CR3: 00000001e45c0000 CR4: 00000000003406b0 [ 38.243662][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.251461][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.259303][ T9] Kernel panic - not syncing: Fatal exception [ 38.265370][ T9] Kernel Offset: disabled [ 38.269485][ T9] Rebooting in 86400 seconds..