./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor468492996 <...> t(1713847880.622:64): avc: denied { rlimitinh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.172278][ T28] audit: type=1400 audit(1713847880.622:65): avc: denied { siginh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.704012][ T228] sftp-server (228) used greatest stack depth: 22320 bytes left Warning: Permanently added '10.128.0.110' (ED25519) to the list of known hosts. execve("./syz-executor468492996", ["./syz-executor468492996"], 0x7fff57be5120 /* 10 vars */) = 0 brk(NULL) = 0x555556cb7000 brk(0x555556cb7e00) = 0x555556cb7e00 arch_prctl(ARCH_SET_FS, 0x555556cb7480) = 0 set_tid_address(0x555556cb7750) = 294 set_robust_list(0x555556cb7760, 24) = 0 rseq(0x555556cb7da0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor468492996", 4096) = 27 getrandom("\x0e\x8b\x66\x02\x7f\x1c\xfb\x25", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556cb7e00 brk(0x555556cd8e00) = 0x555556cd8e00 brk(0x555556cd9000) = 0x555556cd9000 mprotect(0x7fcf97e9b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 294 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "294", 3) = 3 close(3) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7fcf97dded90, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7fcf97dded90, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 mkdir("./syzkaller.Pgmg1U", 0700) = 0 chmod("./syzkaller.Pgmg1U", 0777) = 0 chdir("./syzkaller.Pgmg1U") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 296 ./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x555556cb7760, 24) = 0 [pid 296] chdir("./0") = 0 [pid 296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 296] setpgid(0, 0) = 0 [pid 296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 296] write(3, "1000", 4) = 4 [pid 296] close(3) = 0 [pid 296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 296] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 296] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 296] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[297]}, 88) = 297 [pid 296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 296] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 297] memfd_create("syzkaller", 0) = 3 [pid 297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 297] munmap(0x7fcf8f9b4000, 138412032) = 0 [ 22.319053][ T28] audit: type=1400 audit(1713847889.812:66): avc: denied { execmem } for pid=294 comm="syz-executor468" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 22.338941][ T28] audit: type=1400 audit(1713847889.832:67): avc: denied { read write } for pid=294 comm="syz-executor468" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 297] close(3) = 0 [pid 297] close(4) = 0 [pid 297] mkdir("./file0", 0777) = 0 [ 22.364159][ T28] audit: type=1400 audit(1713847889.832:68): avc: denied { open } for pid=294 comm="syz-executor468" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.370394][ T297] loop0: detected capacity change from 0 to 2048 [pid 297] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 297] chdir("./file0") = 0 [pid 297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 297] ioctl(4, LOOP_CLR_FD) = 0 [pid 297] close(4) = 0 [pid 297] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... futex resumed>) = 1 [pid 297] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 297] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 22.388631][ T28] audit: type=1400 audit(1713847889.832:69): avc: denied { ioctl } for pid=294 comm="syz-executor468" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.419839][ T28] audit: type=1400 audit(1713847889.902:70): avc: denied { mounton } for pid=296 comm="syz-executor468" path="/root/syzkaller.Pgmg1U/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 22.454100][ T297] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 296] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... futex resumed>) = 1 [pid 297] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 297] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... futex resumed>) = 1 [pid 297] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 297] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... futex resumed>) = 0 [pid 296] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 296] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[301]}, 88) = 301 [pid 296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 296] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... futex resumed>) = 1 [pid 297] write(4, 0x200000c0, 120) = 120 [pid 297] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x7fcf97db39a0, 24) = 0 [pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 22.462621][ T28] audit: type=1400 audit(1713847889.962:71): avc: denied { mount } for pid=296 comm="syz-executor468" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 22.480452][ T301] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 296] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 22.485364][ T28] audit: type=1400 audit(1713847889.962:72): avc: denied { write } for pid=296 comm="syz-executor468" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.499356][ T301] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 22.520844][ T28] audit: type=1400 audit(1713847889.962:73): avc: denied { add_name } for pid=296 comm="syz-executor468" name="pids.current" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.533060][ T301] EXT4-fs (loop0): This should not happen!! Data will be lost [ 22.533060][ T301] [ 22.554200][ T28] audit: type=1400 audit(1713847889.962:74): avc: denied { create } for pid=296 comm="syz-executor468" name="pids.current" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 22.584035][ T301] EXT4-fs (loop0): Total free blocks count 0 [ 22.584053][ T301] EXT4-fs (loop0): Free/Dirty block details [ 22.584064][ T301] EXT4-fs (loop0): free_blocks=2415919104 [ 22.584076][ T301] EXT4-fs (loop0): dirty_blocks=16 [ 22.584087][ T301] EXT4-fs (loop0): Block reservation details [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 301] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 301] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] exit_group(0 [pid 297] <... futex resumed>) = ? [pid 296] <... exit_group resumed>) = ? [pid 297] +++ exited with 0 +++ [pid 301] <... futex resumed>) = ? [pid 301] +++ exited with 0 +++ [pid 296] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=296, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 302 ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x555556cb7760, 24) = 0 [pid 302] chdir("./1") = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 302] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 302] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 302] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[303]}, 88) = 303 [pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 302] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 303] memfd_create("syzkaller", 0) = 3 [pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 303] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 22.606116][ T28] audit: type=1400 audit(1713847889.962:75): avc: denied { read append open } for pid=296 comm="syz-executor468" path="/root/syzkaller.Pgmg1U/0/file0/pids.current" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 22.611955][ T301] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 22.649082][ T301] syz-executor468 (301) used greatest stack depth: 21832 bytes left [ 22.657776][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 303] close(3) = 0 [pid 303] close(4) = 0 [pid 303] mkdir("./file0", 0777) = 0 [pid 303] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 303] chdir("./file0") = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 303] ioctl(4, LOOP_CLR_FD) = 0 [pid 303] close(4) = 0 [pid 303] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [pid 303] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 303] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [pid 303] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 303] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [pid 303] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 303] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 302] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[306]}, 88) = 306 [pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 302] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 306 attached [pid 303] <... futex resumed>) = 1 [pid 306] set_robust_list(0x7fcf97db39a0, 24 [pid 303] write(4, 0x200000c0, 120 [pid 306] <... set_robust_list resumed>) = 0 [pid 303] <... write resumed>) = 120 [pid 306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 303] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 22.687072][ T303] loop0: detected capacity change from 0 to 2048 [ 22.713738][ T303] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 302] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 22.729760][ T306] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 22.744917][ T306] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 22.757159][ T306] EXT4-fs (loop0): This should not happen!! Data will be lost [ 22.757159][ T306] [ 22.766627][ T306] EXT4-fs (loop0): Total free blocks count 0 [ 22.772431][ T306] EXT4-fs (loop0): Free/Dirty block details [ 22.778269][ T306] EXT4-fs (loop0): free_blocks=2415919104 [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 306] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 306] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] exit_group(0 [pid 306] <... futex resumed>) = ? [pid 303] <... futex resumed>) = ? [pid 302] <... exit_group resumed>) = ? [pid 303] +++ exited with 0 +++ [pid 306] +++ exited with 0 +++ [pid 302] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 307 ./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x555556cb7760, 24) = 0 [pid 307] chdir("./2") = 0 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 [pid 307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 307] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 307] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 307] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0}./strace-static-x86_64: Process 308 attached => {parent_tid=[308]}, 88) = 308 [pid 308] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 308] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 307] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 308] memfd_create("syzkaller", 0 [pid 307] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 308] <... memfd_create resumed>) = 3 [pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 308] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 22.783855][ T306] EXT4-fs (loop0): dirty_blocks=16 [ 22.788751][ T306] EXT4-fs (loop0): Block reservation details [ 22.794710][ T306] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 22.808467][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 308] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 308] close(3) = 0 [pid 308] close(4) = 0 [pid 308] mkdir("./file0", 0777) = 0 [pid 308] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 308] chdir("./file0") = 0 [pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 308] ioctl(4, LOOP_CLR_FD) = 0 [pid 308] close(4) = 0 [pid 308] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 307] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... futex resumed>) = 1 [pid 308] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 308] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 307] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... futex resumed>) = 1 [pid 308] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 308] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 307] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... futex resumed>) = 1 [pid 308] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 308] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 307] <... futex resumed>) = 0 [pid 307] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 307] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[311]}, 88) = 311 ./strace-static-x86_64: Process 311 attached [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 307] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] write(4, 0x200000c0, 120) = 120 [pid 308] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 311] set_robust_list(0x7fcf97db39a0, 24) = 0 [pid 311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 22.839047][ T308] loop0: detected capacity change from 0 to 2048 [ 22.853883][ T308] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 22.871134][ T311] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 307] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 22.885928][ T311] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 22.897986][ T311] EXT4-fs (loop0): This should not happen!! Data will be lost [ 22.897986][ T311] [ 22.907438][ T311] EXT4-fs (loop0): Total free blocks count 0 [ 22.913305][ T311] EXT4-fs (loop0): Free/Dirty block details [ 22.919001][ T311] EXT4-fs (loop0): free_blocks=2415919104 [ 22.924606][ T311] EXT4-fs (loop0): dirty_blocks=16 [ 22.929506][ T311] EXT4-fs (loop0): Block reservation details [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 311] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 311] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] exit_group(0 [pid 311] <... futex resumed>) = ? [pid 308] <... futex resumed>) = ? [pid 307] <... exit_group resumed>) = ? [pid 311] +++ exited with 0 +++ [pid 308] +++ exited with 0 +++ [pid 307] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 313 ./strace-static-x86_64: Process 313 attached [pid 313] set_robust_list(0x555556cb7760, 24) = 0 [pid 313] chdir("./3") = 0 [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 313] setpgid(0, 0) = 0 [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 313] write(3, "1000", 4) = 4 [pid 313] close(3) = 0 [pid 313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 313] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 313] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[314]}, 88) = 314 [pid 313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 313] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 314 attached [pid 314] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 314] memfd_create("syzkaller", 0) = 3 [pid 314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 314] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 22.935345][ T311] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 22.953302][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 314] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 314] close(3) = 0 [pid 314] close(4) = 0 [pid 314] mkdir("./file0", 0777) = 0 [pid 314] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 314] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 314] chdir("./file0") = 0 [pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 314] ioctl(4, LOOP_CLR_FD) = 0 [pid 314] close(4) = 0 [pid 314] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... futex resumed>) = 1 [pid 314] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 314] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... futex resumed>) = 1 [pid 314] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 314] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... futex resumed>) = 1 [pid 314] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 314] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 313] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} [pid 314] <... futex resumed>) = 1 [pid 313] <... clone3 resumed> => {parent_tid=[317]}, 88) = 317 [pid 313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 313] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] write(4, 0x200000c0, 120) = 120 [pid 314] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 317 attached [pid 317] set_robust_list(0x7fcf97db39a0, 24) = 0 [pid 317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 22.984250][ T314] loop0: detected capacity change from 0 to 2048 [ 23.003485][ T314] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 313] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 313] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 313] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 23.021589][ T317] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.036266][ T317] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 23.048392][ T317] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.048392][ T317] [ 23.057931][ T317] EXT4-fs (loop0): Total free blocks count 0 [ 23.063865][ T317] EXT4-fs (loop0): Free/Dirty block details [ 23.070397][ T317] EXT4-fs (loop0): free_blocks=2415919104 [ 23.076158][ T317] EXT4-fs (loop0): dirty_blocks=16 [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 317] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 317] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 317] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] exit_group(0 [pid 317] <... futex resumed>) = ? [pid 314] <... futex resumed>) = ? [pid 313] <... exit_group resumed>) = ? [pid 314] +++ exited with 0 +++ [pid 317] +++ exited with 0 +++ [pid 313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 318 ./strace-static-x86_64: Process 318 attached [pid 318] set_robust_list(0x555556cb7760, 24) = 0 [pid 318] chdir("./4") = 0 [pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 318] setpgid(0, 0) = 0 [pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 318] write(3, "1000", 4) = 4 [pid 318] close(3) = 0 [pid 318] symlink("/dev/binderfs", "./binderfs") = 0 [pid 318] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 318] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 318] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0}./strace-static-x86_64: Process 319 attached => {parent_tid=[319]}, 88) = 319 [pid 319] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 319] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 318] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 319] <... futex resumed>) = 0 [pid 319] memfd_create("syzkaller", 0 [pid 318] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 319] <... memfd_create resumed>) = 3 [pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 319] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 23.081112][ T317] EXT4-fs (loop0): Block reservation details [ 23.086955][ T317] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 23.111317][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 319] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 319] close(3) = 0 [pid 319] close(4) = 0 [pid 319] mkdir("./file0", 0777) = 0 [pid 319] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 319] chdir("./file0") = 0 [pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 319] ioctl(4, LOOP_CLR_FD) = 0 [pid 319] close(4) = 0 [pid 319] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 318] <... futex resumed>) = 0 [pid 318] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 318] <... futex resumed>) = 0 [pid 318] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] <... openat resumed>) = 4 [pid 319] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 319] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 318] <... futex resumed>) = 0 [pid 318] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 319] <... futex resumed>) = 0 [pid 318] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 319] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 318] <... futex resumed>) = 0 [pid 318] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 319] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... futex resumed>) = 0 [pid 318] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 318] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[322]}, 88) = 322 [pid 318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 322 attached [pid 318] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] set_robust_list(0x7fcf97db39a0, 24 [pid 319] <... futex resumed>) = 1 [pid 322] <... set_robust_list resumed>) = 0 [pid 319] write(4, 0x200000c0, 120) = 120 [pid 319] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 23.143250][ T319] loop0: detected capacity change from 0 to 2048 [ 23.154110][ T319] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.171667][ T322] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 318] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 318] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 322] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 322] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 318] exit_group(0 [pid 319] <... futex resumed>) = ? [pid 318] <... exit_group resumed>) = ? [pid 322] <... futex resumed>) = ? [pid 319] +++ exited with 0 +++ [pid 322] +++ exited with 0 +++ [pid 318] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=318, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 23.186392][ T322] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 23.198516][ T322] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.198516][ T322] [ 23.208035][ T322] EXT4-fs (loop0): Total free blocks count 0 [ 23.214313][ T322] EXT4-fs (loop0): Free/Dirty block details [ 23.220057][ T322] EXT4-fs (loop0): free_blocks=2415919104 [ 23.225619][ T322] EXT4-fs (loop0): dirty_blocks=16 [ 23.230532][ T322] EXT4-fs (loop0): Block reservation details [ 23.236372][ T322] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 324 ./strace-static-x86_64: Process 324 attached [pid 324] set_robust_list(0x555556cb7760, 24) = 0 [pid 324] chdir("./5") = 0 [pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 324] setpgid(0, 0) = 0 [pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 324] write(3, "1000", 4) = 4 [pid 324] close(3) = 0 [pid 324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 324] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 324] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 324] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[325]}, 88) = 325 [pid 324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 324] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 325] memfd_create("syzkaller", 0) = 3 [pid 325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 325] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 325] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 325] close(3) = 0 [pid 325] close(4) = 0 [pid 325] mkdir("./file0", 0777) = 0 [pid 325] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 325] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 325] chdir("./file0") = 0 [pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 325] ioctl(4, LOOP_CLR_FD) = 0 [pid 325] close(4) = 0 [pid 325] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] <... futex resumed>) = 0 [pid 324] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 325] <... futex resumed>) = 1 [pid 325] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 325] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] <... futex resumed>) = 0 [pid 324] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 325] <... futex resumed>) = 1 [pid 325] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 325] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] <... futex resumed>) = 0 [pid 324] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 325] <... futex resumed>) = 1 [pid 325] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 325] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] <... futex resumed>) = 0 [pid 324] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 324] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE [pid 325] <... futex resumed>) = 1 [pid 324] <... mprotect resumed>) = 0 [pid 324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} [pid 325] write(4, 0x200000c0, 120 [pid 324] <... clone3 resumed> => {parent_tid=[328]}, 88) = 328 [pid 324] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 328 attached [pid 325] <... write resumed>) = 120 [pid 324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 324] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] set_robust_list(0x7fcf97db39a0, 24 [pid 325] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 328] <... set_robust_list resumed>) = 0 [pid 328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 23.249190][ T294] EXT4-fs (loop0): unmounting filesystem. [ 23.272837][ T325] loop0: detected capacity change from 0 to 2048 [ 23.284609][ T325] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.301974][ T328] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.317025][ T328] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 23.329185][ T328] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.329185][ T328] [ 23.338763][ T328] EXT4-fs (loop0): Total free blocks count 0 [ 23.344574][ T328] EXT4-fs (loop0): Free/Dirty block details [pid 324] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 328] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 328] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 324] exit_group(0 [pid 325] <... futex resumed>) = ? [pid 324] <... exit_group resumed>) = ? [pid 325] +++ exited with 0 +++ [pid 328] <... futex resumed>) = ? [pid 328] +++ exited with 0 +++ [pid 324] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 329 ./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x555556cb7760, 24) = 0 [pid 329] chdir("./6") = 0 [pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 329] setpgid(0, 0) = 0 [pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 329] write(3, "1000", 4) = 4 [pid 329] close(3) = 0 [pid 329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 329] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 329] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[330]}, 88) = 330 [pid 329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 329] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 330 attached [pid 330] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 330] memfd_create("syzkaller", 0) = 3 [pid 330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 330] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 23.350282][ T328] EXT4-fs (loop0): free_blocks=2415919104 [ 23.355863][ T328] EXT4-fs (loop0): dirty_blocks=16 [ 23.360872][ T328] EXT4-fs (loop0): Block reservation details [ 23.366631][ T328] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 23.381228][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 330] close(3) = 0 [pid 330] close(4) = 0 [pid 330] mkdir("./file0", 0777) = 0 [pid 330] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 330] chdir("./file0") = 0 [pid 330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 330] ioctl(4, LOOP_CLR_FD) = 0 [pid 330] close(4) = 0 [pid 330] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 329] <... futex resumed>) = 0 [pid 329] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 330] <... futex resumed>) = 1 [pid 330] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 330] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 329] <... futex resumed>) = 0 [pid 329] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 330] <... futex resumed>) = 1 [pid 330] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 330] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 329] <... futex resumed>) = 0 [pid 329] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 330] <... futex resumed>) = 1 [pid 330] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 330] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 329] <... futex resumed>) = 0 [pid 329] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 330] <... futex resumed>) = 1 [pid 329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 330] write(4, 0x200000c0, 120 [pid 329] <... mmap resumed>) = 0x7fcf97d93000 [pid 329] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE [pid 330] <... write resumed>) = 120 [pid 329] <... mprotect resumed>) = 0 [pid 330] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0}./strace-static-x86_64: Process 333 attached [pid 330] <... futex resumed>) = 0 [pid 329] <... clone3 resumed> => {parent_tid=[333]}, 88) = 333 [pid 329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 329] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] set_robust_list(0x7fcf97db39a0, 24 [pid 330] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 333] <... set_robust_list resumed>) = 0 [pid 333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 23.407046][ T330] loop0: detected capacity change from 0 to 2048 [ 23.424084][ T330] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 329] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 23.442997][ T333] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.457894][ T333] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 23.469945][ T333] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.469945][ T333] [ 23.479469][ T333] EXT4-fs (loop0): Total free blocks count 0 [ 23.485450][ T333] EXT4-fs (loop0): Free/Dirty block details [ 23.491145][ T333] EXT4-fs (loop0): free_blocks=2415919104 [ 23.496741][ T333] EXT4-fs (loop0): dirty_blocks=16 [ 23.501650][ T333] EXT4-fs (loop0): Block reservation details [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 333] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 333] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 329] exit_group(0) = ? [pid 330] <... futex resumed>) = ? [pid 333] <... futex resumed>) = ? [pid 330] +++ exited with 0 +++ [pid 333] +++ exited with 0 +++ [pid 329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 334 ./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x555556cb7760, 24) = 0 [pid 334] chdir("./7") = 0 [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 334] setpgid(0, 0) = 0 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 334] write(3, "1000", 4) = 4 [pid 334] close(3) = 0 [pid 334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 334] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 334] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 334] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[335]}, 88) = 335 [pid 334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 334] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 335] memfd_create("syzkaller", 0) = 3 [pid 335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 335] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 335] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 335] close(3) = 0 [pid 335] close(4) = 0 [pid 335] mkdir("./file0", 0777) = 0 [ 23.507491][ T333] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 23.521098][ T294] EXT4-fs (loop0): unmounting filesystem. [ 23.544777][ T335] loop0: detected capacity change from 0 to 2048 [pid 335] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 335] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 335] chdir("./file0") = 0 [pid 335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 335] ioctl(4, LOOP_CLR_FD) = 0 [pid 335] close(4) = 0 [pid 335] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... futex resumed>) = 0 [pid 335] <... futex resumed>) = 1 [pid 334] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 334] <... futex resumed>) = 0 [pid 334] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] <... openat resumed>) = 4 [pid 335] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... futex resumed>) = 0 [pid 335] <... futex resumed>) = 1 [pid 334] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8 [pid 334] <... futex resumed>) = 0 [pid 334] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] <... write resumed>) = 8 [pid 335] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... futex resumed>) = 0 [pid 334] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] <... futex resumed>) = 1 [pid 335] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 335] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... futex resumed>) = 0 [pid 334] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 334] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[338]}, 88) = 338 [pid 334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 334] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] <... futex resumed>) = 1 ./strace-static-x86_64: Process 338 attached [pid 335] write(4, 0x200000c0, 120 [pid 338] set_robust_list(0x7fcf97db39a0, 24) = 0 [pid 338] rt_sigprocmask(SIG_SETMASK, [], [pid 335] <... write resumed>) = 120 [pid 338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 335] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 23.563537][ T335] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.582632][ T338] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.597705][ T338] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [pid 334] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 334] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 334] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 338] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 338] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 338] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 334] exit_group(0 [pid 335] <... futex resumed>) = ? [pid 334] <... exit_group resumed>) = ? [pid 335] +++ exited with 0 +++ [pid 338] <... futex resumed>) = ? [pid 338] +++ exited with 0 +++ [pid 334] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 23.609800][ T338] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.609800][ T338] [ 23.619298][ T338] EXT4-fs (loop0): Total free blocks count 0 [ 23.625270][ T338] EXT4-fs (loop0): Free/Dirty block details [ 23.631059][ T338] EXT4-fs (loop0): free_blocks=2415919104 [ 23.636842][ T338] EXT4-fs (loop0): dirty_blocks=16 [ 23.641768][ T338] EXT4-fs (loop0): Block reservation details [ 23.647606][ T338] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 340 ./strace-static-x86_64: Process 340 attached [pid 340] set_robust_list(0x555556cb7760, 24) = 0 [pid 340] chdir("./8") = 0 [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 340] setpgid(0, 0) = 0 [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 340] write(3, "1000", 4) = 4 [pid 340] close(3) = 0 [pid 340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 340] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 340] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 340] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[341]}, 88) = 341 [pid 340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 340] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 341 attached [pid 341] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 341] memfd_create("syzkaller", 0) = 3 [pid 341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 341] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 341] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 341] close(3) = 0 [pid 341] close(4) = 0 [pid 341] mkdir("./file0", 0777) = 0 [ 23.670567][ T294] EXT4-fs (loop0): unmounting filesystem. [ 23.701843][ T341] loop0: detected capacity change from 0 to 2048 [pid 341] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 341] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 341] chdir("./file0") = 0 [pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 341] ioctl(4, LOOP_CLR_FD) = 0 [pid 341] close(4) = 0 [pid 341] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = 0 [pid 340] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 1 [pid 341] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 341] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = 0 [pid 340] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 1 [pid 341] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 341] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = 0 [pid 340] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 1 [pid 341] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 341] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = 0 [pid 340] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 340] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[344]}, 88) = 344 [pid 340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 340] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 1 [pid 341] write(4, 0x200000c0, 120) = 120 [pid 341] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 341] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 344 attached [pid 344] set_robust_list(0x7fcf97db39a0, 24) = 0 [pid 344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 23.714398][ T341] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.732891][ T344] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.747989][ T344] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 23.760060][ T344] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.760060][ T344] [pid 340] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 344] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 344] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 344] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 340] exit_group(0 [pid 341] <... futex resumed>) = ? [pid 340] <... exit_group resumed>) = ? [pid 341] +++ exited with 0 +++ [pid 344] <... futex resumed>) = ? [pid 344] +++ exited with 0 +++ [pid 340] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 345 ./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x555556cb7760, 24) = 0 [pid 345] chdir("./9") = 0 [pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 345] setpgid(0, 0) = 0 [pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 345] write(3, "1000", 4) = 4 [pid 345] close(3) = 0 [pid 345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 345] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 345] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 345] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 345] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 345] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[346]}, 88) = 346 [pid 345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 345] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 346 attached [pid 346] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 346] memfd_create("syzkaller", 0) = 3 [pid 346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 346] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 346] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 23.769474][ T344] EXT4-fs (loop0): Total free blocks count 0 [ 23.775277][ T344] EXT4-fs (loop0): Free/Dirty block details [ 23.780981][ T344] EXT4-fs (loop0): free_blocks=2415919104 [ 23.786570][ T344] EXT4-fs (loop0): dirty_blocks=16 [ 23.791468][ T344] EXT4-fs (loop0): Block reservation details [ 23.797309][ T344] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 23.810521][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 346] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 346] close(3) = 0 [pid 346] close(4) = 0 [pid 346] mkdir("./file0", 0777) = 0 [pid 346] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 346] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 346] chdir("./file0") = 0 [pid 346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 346] ioctl(4, LOOP_CLR_FD) = 0 [pid 346] close(4) = 0 [pid 346] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 346] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 345] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] <... futex resumed>) = 0 [pid 346] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 346] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] <... futex resumed>) = 1 [pid 346] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 346] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 346] <... futex resumed>) = 1 [pid 346] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 346] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 345] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 346] <... futex resumed>) = 1 [pid 346] write(4, 0x200000c0, 120 [pid 345] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 345] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} [pid 346] <... write resumed>) = 120 [pid 346] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... clone3 resumed> => {parent_tid=[349]}, 88) = 349 [pid 346] <... futex resumed>) = 0 [pid 345] rt_sigprocmask(SIG_SETMASK, [], [pid 346] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 345] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 349 attached [pid 345] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] set_robust_list(0x7fcf97db39a0, 24 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 349] <... set_robust_list resumed>) = 0 [pid 349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 23.834080][ T346] loop0: detected capacity change from 0 to 2048 [ 23.853710][ T346] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 345] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 345] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 345] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 345] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 345] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 23.888994][ T349] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.904212][ T349] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 23.916218][ T349] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.916218][ T349] [ 23.925690][ T349] EXT4-fs (loop0): Total free blocks count 0 [ 23.931448][ T349] EXT4-fs (loop0): Free/Dirty block details [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 349] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 349] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 345] exit_group(0 [pid 346] <... futex resumed>) = ? [pid 345] <... exit_group resumed>) = ? [pid 346] +++ exited with 0 +++ [pid 349] <... futex resumed>) = ? [pid 349] +++ exited with 0 +++ [pid 345] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 350 ./strace-static-x86_64: Process 350 attached [pid 350] set_robust_list(0x555556cb7760, 24) = 0 [pid 350] chdir("./10") = 0 [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 350] setpgid(0, 0) = 0 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 350] write(3, "1000", 4) = 4 [pid 350] close(3) = 0 [pid 350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 350] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 350] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 350] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[351]}, 88) = 351 ./strace-static-x86_64: Process 351 attached [pid 350] rt_sigprocmask(SIG_SETMASK, [], [pid 351] set_robust_list(0x7fcf97dd49a0, 24 [pid 350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 350] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 351] <... set_robust_list resumed>) = 0 [pid 351] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 351] memfd_create("syzkaller", 0) = 3 [pid 351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 351] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 23.937208][ T349] EXT4-fs (loop0): free_blocks=2415919104 [ 23.942757][ T349] EXT4-fs (loop0): dirty_blocks=16 [ 23.947675][ T349] EXT4-fs (loop0): Block reservation details [ 23.953537][ T349] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 23.965561][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 351] close(3) = 0 [pid 351] close(4) = 0 [pid 351] mkdir("./file0", 0777) = 0 [pid 351] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 351] chdir("./file0") = 0 [pid 351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 351] ioctl(4, LOOP_CLR_FD) = 0 [pid 351] close(4) = 0 [pid 351] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 351] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 351] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 351] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] <... futex resumed>) = 0 [pid 350] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 350] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[354]}, 88) = 354 [pid 350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 350] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] write(4, 0x200000c0, 120) = 120 [pid 351] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 351] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 354 attached [pid 354] set_robust_list(0x7fcf97db39a0, 24) = 0 [pid 354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 23.994212][ T351] loop0: detected capacity change from 0 to 2048 [ 24.014790][ T351] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 350] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 350] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 24.033497][ T354] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.048294][ T354] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 24.060336][ T354] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.060336][ T354] [ 24.069798][ T354] EXT4-fs (loop0): Total free blocks count 0 [ 24.075720][ T354] EXT4-fs (loop0): Free/Dirty block details [ 24.081505][ T354] EXT4-fs (loop0): free_blocks=2415919104 [ 24.087070][ T354] EXT4-fs (loop0): dirty_blocks=16 [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 354] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 354] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 354] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] exit_group(0 [pid 351] <... futex resumed>) = ? [pid 350] <... exit_group resumed>) = ? [pid 351] +++ exited with 0 +++ [pid 354] <... futex resumed>) = ? [pid 354] +++ exited with 0 +++ [pid 350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 355 ./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x555556cb7760, 24) = 0 [pid 355] chdir("./11") = 0 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 355] setpgid(0, 0) = 0 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 355] write(3, "1000", 4) = 4 [pid 355] close(3) = 0 [pid 355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 355] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 355] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 355] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[356]}, 88) = 356 ./strace-static-x86_64: Process 356 attached [pid 355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 355] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 356] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 356] memfd_create("syzkaller", 0) = 3 [pid 356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 356] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 24.091915][ T354] EXT4-fs (loop0): Block reservation details [ 24.097752][ T354] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 24.111618][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 356] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 356] close(3) = 0 [pid 356] close(4) = 0 [pid 356] mkdir("./file0", 0777) = 0 [pid 356] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 356] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 356] chdir("./file0") = 0 [pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 356] ioctl(4, LOOP_CLR_FD) = 0 [pid 356] close(4) = 0 [pid 356] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] <... futex resumed>) = 1 [pid 356] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 356] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] <... futex resumed>) = 1 [pid 356] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 356] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] <... futex resumed>) = 1 [pid 356] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 356] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 355] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[359]}, 88) = 359 [pid 355] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 359 attached [pid 356] <... futex resumed>) = 1 [pid 355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 355] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] set_robust_list(0x7fcf97db39a0, 24 [pid 356] write(4, 0x200000c0, 120 [pid 359] <... set_robust_list resumed>) = 0 [pid 355] <... futex resumed>) = 0 [pid 359] rt_sigprocmask(SIG_SETMASK, [], [pid 356] <... write resumed>) = 120 [pid 355] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [pid 356] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 24.143000][ T356] loop0: detected capacity change from 0 to 2048 [ 24.163515][ T356] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 356] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 24.180719][ T359] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.195466][ T359] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 24.207599][ T359] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.207599][ T359] [ 24.217108][ T359] EXT4-fs (loop0): Total free blocks count 0 [ 24.223037][ T359] EXT4-fs (loop0): Free/Dirty block details [ 24.228733][ T359] EXT4-fs (loop0): free_blocks=2415919104 [ 24.234348][ T359] EXT4-fs (loop0): dirty_blocks=16 [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 359] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 359] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] exit_group(0 [pid 356] <... futex resumed>) = ? [pid 355] <... exit_group resumed>) = ? [pid 356] +++ exited with 0 +++ [pid 359] <... futex resumed>) = ? [pid 359] +++ exited with 0 +++ [pid 355] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=355, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 361 ./strace-static-x86_64: Process 361 attached [pid 361] set_robust_list(0x555556cb7760, 24) = 0 [pid 361] chdir("./12") = 0 [pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 361] setpgid(0, 0) = 0 [pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 361] write(3, "1000", 4) = 4 [pid 361] close(3) = 0 [pid 361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 361] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 361] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 361] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[362]}, 88) = 362 [pid 361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 361] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 362] memfd_create("syzkaller", 0) = 3 [pid 362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 362] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 362] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 24.239234][ T359] EXT4-fs (loop0): Block reservation details [ 24.245106][ T359] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 24.259033][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 362] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 362] close(3) = 0 [pid 362] close(4) = 0 [pid 362] mkdir("./file0", 0777) = 0 [pid 362] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 362] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 362] chdir("./file0") = 0 [pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 362] ioctl(4, LOOP_CLR_FD) = 0 [pid 362] close(4) = 0 [pid 362] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... futex resumed>) = 1 [pid 362] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 362] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... futex resumed>) = 1 [pid 362] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 362] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... futex resumed>) = 1 [pid 362] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 362] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 361] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[365]}, 88) = 365 ./strace-static-x86_64: Process 365 attached [pid 361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 361] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... futex resumed>) = 1 [pid 362] write(4, 0x200000c0, 120) = 120 [pid 362] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 365] set_robust_list(0x7fcf97db39a0, 24) = 0 [pid 365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 24.283833][ T362] loop0: detected capacity change from 0 to 2048 [ 24.303541][ T362] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 361] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 361] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 24.322740][ T365] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.337575][ T365] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 24.349606][ T365] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.349606][ T365] [ 24.359082][ T365] EXT4-fs (loop0): Total free blocks count 0 [ 24.364856][ T365] EXT4-fs (loop0): Free/Dirty block details [ 24.370640][ T365] EXT4-fs (loop0): free_blocks=2415919104 [ 24.376378][ T365] EXT4-fs (loop0): dirty_blocks=16 [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 365] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 365] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] exit_group(0 [pid 362] <... futex resumed>) = ? [pid 361] <... exit_group resumed>) = ? [pid 365] <... futex resumed>) = ? [pid 362] +++ exited with 0 +++ [pid 365] +++ exited with 0 +++ [pid 361] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=361, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 367 ./strace-static-x86_64: Process 367 attached [pid 367] set_robust_list(0x555556cb7760, 24) = 0 [pid 367] chdir("./13") = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 367] setpgid(0, 0) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3) = 0 [pid 367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 367] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 367] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[368]}, 88) = 368 [pid 367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 367] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 368] memfd_create("syzkaller", 0) = 3 [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 368] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 24.381309][ T365] EXT4-fs (loop0): Block reservation details [ 24.387156][ T365] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 24.399930][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 368] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 368] close(3) = 0 [pid 368] close(4) = 0 [pid 368] mkdir("./file0", 0777) = 0 [pid 368] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 368] chdir("./file0") = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 368] ioctl(4, LOOP_CLR_FD) = 0 [pid 368] close(4) = 0 [pid 368] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 1 [pid 368] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 368] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 1 [pid 368] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 368] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 1 [pid 368] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 368] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 367] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[371]}, 88) = 371 [pid 367] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 371 attached [pid 368] <... futex resumed>) = 0 [pid 367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 371] set_robust_list(0x7fcf97db39a0, 24) = 0 [pid 368] write(4, 0x200000c0, 120) = 120 [pid 371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 371] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 368] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] <... futex resumed>) = 0 [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 24.426887][ T368] loop0: detected capacity change from 0 to 2048 [ 24.444028][ T368] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 24.461436][ T371] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 367] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 24.476692][ T371] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 24.488936][ T371] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.488936][ T371] [ 24.498637][ T371] EXT4-fs (loop0): Total free blocks count 0 [ 24.504453][ T371] EXT4-fs (loop0): Free/Dirty block details [ 24.510138][ T371] EXT4-fs (loop0): free_blocks=2415919104 [ 24.515846][ T371] EXT4-fs (loop0): dirty_blocks=16 [ 24.520776][ T371] EXT4-fs (loop0): Block reservation details [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 371] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 371] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] exit_group(0 [pid 368] <... futex resumed>) = ? [pid 367] <... exit_group resumed>) = ? [pid 368] +++ exited with 0 +++ [pid 371] <... futex resumed>) = ? [pid 371] +++ exited with 0 +++ [pid 367] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=367, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 372 ./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x555556cb7760, 24) = 0 [pid 372] chdir("./14") = 0 [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 372] setpgid(0, 0) = 0 [pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 372] write(3, "1000", 4) = 4 [pid 372] close(3) = 0 [pid 372] symlink("/dev/binderfs", "./binderfs") = 0 [pid 372] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 372] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 372] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[373]}, 88) = 373 [pid 372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 372] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 373 attached [pid 373] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 373] memfd_create("syzkaller", 0) = 3 [pid 373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 373] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 24.526642][ T371] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 24.541464][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 373] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 373] close(3) = 0 [pid 373] close(4) = 0 [pid 373] mkdir("./file0", 0777) = 0 [pid 373] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 373] chdir("./file0") = 0 [pid 373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 373] ioctl(4, LOOP_CLR_FD) = 0 [pid 373] close(4) = 0 [pid 373] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] <... futex resumed>) = 0 [pid 372] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] <... futex resumed>) = 1 [pid 373] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 373] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] <... futex resumed>) = 0 [pid 372] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] <... futex resumed>) = 1 [pid 373] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 373] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] <... futex resumed>) = 0 [pid 372] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] <... futex resumed>) = 1 [pid 373] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 373] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] <... futex resumed>) = 0 [pid 372] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 372] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[376]}, 88) = 376 [pid 372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 372] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] <... futex resumed>) = 1 [pid 373] write(4, 0x200000c0, 120) = 120 [pid 373] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x7fcf97db39a0, 24) = 0 [pid 376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 24.570662][ T373] loop0: detected capacity change from 0 to 2048 [ 24.583888][ T373] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 24.601589][ T376] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 372] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 372] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 24.616473][ T376] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 24.628619][ T376] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.628619][ T376] [ 24.638512][ T376] EXT4-fs (loop0): Total free blocks count 0 [ 24.644336][ T376] EXT4-fs (loop0): Free/Dirty block details [ 24.650048][ T376] EXT4-fs (loop0): free_blocks=2415919104 [ 24.655778][ T376] EXT4-fs (loop0): dirty_blocks=16 [ 24.660710][ T376] EXT4-fs (loop0): Block reservation details [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 376] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 376] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] exit_group(0 [pid 373] <... futex resumed>) = ? [pid 372] <... exit_group resumed>) = ? [pid 373] +++ exited with 0 +++ [pid 376] <... futex resumed>) = ? [pid 376] +++ exited with 0 +++ [pid 372] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 377 ./strace-static-x86_64: Process 377 attached [pid 377] set_robust_list(0x555556cb7760, 24) = 0 [pid 377] chdir("./15") = 0 [pid 377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 377] setpgid(0, 0) = 0 [pid 377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 377] write(3, "1000", 4) = 4 [pid 377] close(3) = 0 [pid 377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 377] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 377] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 377] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[378]}, 88) = 378 [pid 377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 377] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 378 attached [pid 378] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 378] memfd_create("syzkaller", 0) = 3 [pid 378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 378] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 378] close(3) = 0 [pid 378] close(4) = 0 [pid 378] mkdir("./file0", 0777) = 0 [ 24.666569][ T376] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 24.679867][ T294] EXT4-fs (loop0): unmounting filesystem. [ 24.710802][ T378] loop0: detected capacity change from 0 to 2048 [pid 378] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 378] chdir("./file0") = 0 [pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 378] ioctl(4, LOOP_CLR_FD) = 0 [pid 378] close(4) = 0 [pid 378] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 378] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... futex resumed>) = 0 [pid 378] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 378] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... futex resumed>) = 1 [pid 378] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 378] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... futex resumed>) = 1 [pid 378] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 378] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 377] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[381]}, 88) = 381 ./strace-static-x86_64: Process 381 attached [pid 377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 377] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... futex resumed>) = 1 [pid 378] write(4, 0x200000c0, 120) = 120 [pid 378] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 381] set_robust_list(0x7fcf97db39a0, 24) = 0 [pid 381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 24.723841][ T378] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 24.742611][ T381] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.757412][ T381] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [pid 377] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 377] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 381] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 381] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 381] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 377] exit_group(0 [pid 378] <... futex resumed>) = ? [pid 377] <... exit_group resumed>) = ? [pid 378] +++ exited with 0 +++ [pid 381] <... futex resumed>) = ? [pid 381] +++ exited with 0 +++ [pid 377] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=377, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 24.769600][ T381] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.769600][ T381] [ 24.779245][ T381] EXT4-fs (loop0): Total free blocks count 0 [ 24.785239][ T381] EXT4-fs (loop0): Free/Dirty block details [ 24.791080][ T381] EXT4-fs (loop0): free_blocks=2415919104 [ 24.796794][ T381] EXT4-fs (loop0): dirty_blocks=16 [ 24.801723][ T381] EXT4-fs (loop0): Block reservation details [ 24.807566][ T381] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 382 ./strace-static-x86_64: Process 382 attached [pid 382] set_robust_list(0x555556cb7760, 24) = 0 [pid 382] chdir("./16") = 0 [pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 382] setpgid(0, 0) = 0 [pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 382] write(3, "1000", 4) = 4 [pid 382] close(3) = 0 [pid 382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 382] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 382] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 382] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 382] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[383]}, 88) = 383 [pid 382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 382] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 383 attached [pid 383] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 383] memfd_create("syzkaller", 0) = 3 [pid 383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 383] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 383] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 24.822729][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 383] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 383] close(3) = 0 [pid 383] close(4) = 0 [pid 383] mkdir("./file0", 0777) = 0 [pid 383] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 383] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 383] chdir("./file0") = 0 [pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 383] ioctl(4, LOOP_CLR_FD) = 0 [pid 383] close(4) = 0 [pid 383] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 383] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 383] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 383] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 382] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 382] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[386]}, 88) = 386 [pid 382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 382] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 383] <... futex resumed>) = 1 [pid 383] write(4, 0x200000c0, 120./strace-static-x86_64: Process 386 attached ) = 120 [pid 386] set_robust_list(0x7fcf97db39a0, 24) = 0 [pid 386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [pid 383] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 24.852292][ T383] loop0: detected capacity change from 0 to 2048 [ 24.867027][ T383] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 24.882922][ T386] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 383] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 382] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [ 24.897667][ T386] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 24.909846][ T386] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.909846][ T386] [ 24.919399][ T386] EXT4-fs (loop0): Total free blocks count 0 [ 24.925221][ T386] EXT4-fs (loop0): Free/Dirty block details [ 24.930927][ T386] EXT4-fs (loop0): free_blocks=2415919104 [ 24.936527][ T386] EXT4-fs (loop0): dirty_blocks=16 [ 24.941424][ T386] EXT4-fs (loop0): Block reservation details [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 386] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 386] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 386] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 382] exit_group(0) = ? [pid 386] <... futex resumed>) = ? [pid 386] +++ exited with 0 +++ [pid 383] <... futex resumed>) = ? [pid 383] +++ exited with 0 +++ [pid 382] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 387 ./strace-static-x86_64: Process 387 attached [pid 387] set_robust_list(0x555556cb7760, 24) = 0 [pid 387] chdir("./17") = 0 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 387] setpgid(0, 0) = 0 [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 387] write(3, "1000", 4) = 4 [pid 387] close(3) = 0 [pid 387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 387] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 387] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 387] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[388]}, 88) = 388 [pid 387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 387] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 388 attached [pid 388] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 388] memfd_create("syzkaller", 0) = 3 [pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 388] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 388] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 388] close(3) = 0 [pid 388] close(4) = 0 [pid 388] mkdir("./file0", 0777) = 0 [pid 388] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 388] chdir("./file0") = 0 [pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 388] ioctl(4, LOOP_CLR_FD) = 0 [pid 388] close(4) = 0 [pid 388] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 1 [pid 388] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 388] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 1 [pid 388] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 388] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 1 [pid 388] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 388] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 387] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[391]}, 88) = 391 [pid 387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 387] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 1 [pid 388] write(4, 0x200000c0, 120) = 120 [pid 388] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 391 attached ) = 0 [pid 388] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] set_robust_list(0x7fcf97db39a0, 24) = 0 [pid 391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 24.947264][ T386] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 24.959505][ T294] EXT4-fs (loop0): unmounting filesystem. [ 24.982930][ T388] loop0: detected capacity change from 0 to 2048 [ 24.994512][ T388] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 387] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 387] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 387] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 25.012782][ T391] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.027750][ T391] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 25.039805][ T391] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.039805][ T391] [ 25.049261][ T391] EXT4-fs (loop0): Total free blocks count 0 [ 25.055167][ T391] EXT4-fs (loop0): Free/Dirty block details [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 391] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 391] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 387] exit_group(0 [pid 388] <... futex resumed>) = ? [pid 388] +++ exited with 0 +++ [pid 387] <... exit_group resumed>) = ? [pid 391] <... futex resumed>) = ? [pid 391] +++ exited with 0 +++ [pid 387] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=387, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 392 ./strace-static-x86_64: Process 392 attached [pid 392] set_robust_list(0x555556cb7760, 24) = 0 [pid 392] chdir("./18") = 0 [pid 392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 392] setpgid(0, 0) = 0 [pid 392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 392] write(3, "1000", 4) = 4 [pid 392] close(3) = 0 [pid 392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 392] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 392] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 392] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[393]}, 88) = 393 [pid 392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 392] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 393 attached [pid 393] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 393] memfd_create("syzkaller", 0) = 3 [pid 393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 393] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 25.061300][ T391] EXT4-fs (loop0): free_blocks=2415919104 [ 25.067061][ T391] EXT4-fs (loop0): dirty_blocks=16 [ 25.072077][ T391] EXT4-fs (loop0): Block reservation details [ 25.077962][ T391] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 25.100597][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 393] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 393] close(3) = 0 [pid 393] close(4) = 0 [pid 393] mkdir("./file0", 0777) = 0 [pid 393] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 393] chdir("./file0") = 0 [pid 393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 393] ioctl(4, LOOP_CLR_FD) = 0 [pid 393] close(4) = 0 [pid 393] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 393] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 392] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... futex resumed>) = 0 [pid 393] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 393] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... futex resumed>) = 1 [pid 393] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 393] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... futex resumed>) = 1 [pid 393] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 393] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 392] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 393] <... futex resumed>) = 1 [pid 392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} [pid 393] write(4, 0x200000c0, 120 [pid 392] <... clone3 resumed> => {parent_tid=[396]}, 88) = 396 ./strace-static-x86_64: Process 396 attached [pid 392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 392] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... write resumed>) = 120 [pid 396] set_robust_list(0x7fcf97db39a0, 24 [pid 393] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... set_robust_list resumed>) = 0 [pid 393] <... futex resumed>) = 0 [pid 396] rt_sigprocmask(SIG_SETMASK, [], [pid 393] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 25.129243][ T393] loop0: detected capacity change from 0 to 2048 [ 25.143622][ T393] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 25.161180][ T396] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 392] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 25.177137][ T396] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 25.189340][ T396] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.189340][ T396] [ 25.199087][ T396] EXT4-fs (loop0): Total free blocks count 0 [ 25.205028][ T396] EXT4-fs (loop0): Free/Dirty block details [ 25.210748][ T396] EXT4-fs (loop0): free_blocks=2415919104 [ 25.216451][ T396] EXT4-fs (loop0): dirty_blocks=16 [ 25.221392][ T396] EXT4-fs (loop0): Block reservation details [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 396] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 396] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 392] exit_group(0 [pid 393] <... futex resumed>) = ? [pid 392] <... exit_group resumed>) = ? [pid 393] +++ exited with 0 +++ [pid 396] <... futex resumed>) = ? [pid 396] +++ exited with 0 +++ [pid 392] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=392, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 398 ./strace-static-x86_64: Process 398 attached [pid 398] set_robust_list(0x555556cb7760, 24) = 0 [pid 398] chdir("./19") = 0 [pid 398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 398] setpgid(0, 0) = 0 [pid 398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 398] write(3, "1000", 4) = 4 [pid 398] close(3) = 0 [pid 398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 398] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 398] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 398] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[399]}, 88) = 399 ./strace-static-x86_64: Process 399 attached [pid 398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 398] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 399] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 399] memfd_create("syzkaller", 0) = 3 [pid 399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 399] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 25.227257][ T396] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 25.240329][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 399] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 399] close(3) = 0 [pid 399] close(4) = 0 [pid 399] mkdir("./file0", 0777) = 0 [pid 399] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 399] chdir("./file0") = 0 [pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 399] ioctl(4, LOOP_CLR_FD) = 0 [pid 399] close(4) = 0 [pid 399] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] <... futex resumed>) = 1 [pid 399] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 399] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 398] <... futex resumed>) = 0 [pid 399] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 398] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 398] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] <... futex resumed>) = 0 [pid 399] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 399] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] <... futex resumed>) = 1 [pid 399] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 399] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 398] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE [pid 399] <... futex resumed>) = 1 [pid 398] <... mprotect resumed>) = 0 [pid 398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[402]}, 88) = 402 ./strace-static-x86_64: Process 402 attached [pid 399] write(4, 0x200000c0, 120 [pid 398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 398] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] set_robust_list(0x7fcf97db39a0, 24) = 0 [pid 399] <... write resumed>) = 120 [pid 402] rt_sigprocmask(SIG_SETMASK, [], [pid 399] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [pid 399] <... futex resumed>) = 0 [ 25.272709][ T399] loop0: detected capacity change from 0 to 2048 [ 25.284280][ T399] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 25.302978][ T402] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 399] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 398] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 402] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 402] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 398] exit_group(0 [pid 402] <... futex resumed>) = ? [pid 399] <... futex resumed>) = ? [pid 398] <... exit_group resumed>) = ? [pid 399] +++ exited with 0 +++ [pid 402] +++ exited with 0 +++ [pid 398] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=398, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 25.317778][ T402] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 25.329796][ T402] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.329796][ T402] [ 25.339269][ T402] EXT4-fs (loop0): Total free blocks count 0 [ 25.345064][ T402] EXT4-fs (loop0): Free/Dirty block details [ 25.350760][ T402] EXT4-fs (loop0): free_blocks=2415919104 [ 25.356366][ T402] EXT4-fs (loop0): dirty_blocks=16 [ 25.361257][ T402] EXT4-fs (loop0): Block reservation details [ 25.367100][ T402] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 403 ./strace-static-x86_64: Process 403 attached [pid 403] set_robust_list(0x555556cb7760, 24) = 0 [pid 403] chdir("./20") = 0 [pid 403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 403] setpgid(0, 0) = 0 [pid 403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 403] write(3, "1000", 4) = 4 [pid 403] close(3) = 0 [pid 403] symlink("/dev/binderfs", "./binderfs") = 0 [pid 403] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 403] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 403] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 403] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[404]}, 88) = 404 [pid 403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 403] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 404 attached [pid 404] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 404] memfd_create("syzkaller", 0) = 3 [pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 404] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 404] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 404] close(3) = 0 [pid 404] close(4) = 0 [pid 404] mkdir("./file0", 0777) = 0 [ 25.390375][ T294] EXT4-fs (loop0): unmounting filesystem. [ 25.414641][ T404] loop0: detected capacity change from 0 to 2048 [pid 404] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 404] chdir("./file0") = 0 [pid 404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 404] ioctl(4, LOOP_CLR_FD) = 0 [pid 404] close(4) = 0 [pid 404] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 404] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = 0 [pid 404] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 404] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = 1 [pid 404] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 404] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = 1 [pid 404] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 404] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] <... futex resumed>) = 0 [pid 404] write(4, 0x200000c0, 120 [pid 403] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] <... write resumed>) = 120 [pid 403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 404] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] <... mmap resumed>) = 0x7fcf97d93000 [pid 404] <... futex resumed>) = 0 [pid 403] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE [pid 404] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] <... mprotect resumed>) = 0 [pid 403] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0}./strace-static-x86_64: Process 407 attached => {parent_tid=[407]}, 88) = 407 [pid 403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 403] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 407] set_robust_list(0x7fcf97db39a0, 24) = 0 [pid 407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 25.443760][ T404] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 25.461460][ T407] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.476440][ T407] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [pid 403] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 407] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 407] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] exit_group(0 [pid 407] <... futex resumed>) = ? [pid 404] <... futex resumed>) = ? [pid 403] <... exit_group resumed>) = ? [pid 407] +++ exited with 0 +++ [pid 404] +++ exited with 0 +++ [pid 403] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=403, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 25.488481][ T407] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.488481][ T407] [ 25.497917][ T407] EXT4-fs (loop0): Total free blocks count 0 [ 25.503716][ T407] EXT4-fs (loop0): Free/Dirty block details [ 25.509418][ T407] EXT4-fs (loop0): free_blocks=2415919104 [ 25.515011][ T407] EXT4-fs (loop0): dirty_blocks=16 [ 25.519924][ T407] EXT4-fs (loop0): Block reservation details [ 25.525767][ T407] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 408 ./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x555556cb7760, 24) = 0 [pid 408] chdir("./21") = 0 [pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 408] setpgid(0, 0) = 0 [pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 408] write(3, "1000", 4) = 4 [pid 408] close(3) = 0 [pid 408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 408] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 408] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 408] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[409]}, 88) = 409 [pid 408] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 409 attached NULL, 8) = 0 [pid 408] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 409] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 409] memfd_create("syzkaller", 0) = 3 [pid 409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 409] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 409] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 409] close(3) = 0 [pid 409] close(4) = 0 [pid 409] mkdir("./file0", 0777) = 0 [ 25.549490][ T294] EXT4-fs (loop0): unmounting filesystem. [ 25.580714][ T409] loop0: detected capacity change from 0 to 2048 [pid 409] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 409] chdir("./file0") = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 409] ioctl(4, LOOP_CLR_FD) = 0 [pid 409] close(4) = 0 [pid 409] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 0 [pid 409] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 409] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 1 [pid 409] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 409] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 1 [pid 409] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 409] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 408] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[412]}, 88) = 412 [pid 408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 408] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 412 attached [pid 409] <... futex resumed>) = 1 [pid 412] set_robust_list(0x7fcf97db39a0, 24 [pid 409] write(4, 0x200000c0, 120 [pid 412] <... set_robust_list resumed>) = 0 [pid 409] <... write resumed>) = 120 [pid 412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 409] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 25.594638][ T409] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 25.611729][ T412] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.626602][ T412] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 25.638843][ T412] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.638843][ T412] [pid 408] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 412] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 412] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 408] exit_group(0 [pid 409] <... futex resumed>) = ? [pid 408] <... exit_group resumed>) = ? [pid 409] +++ exited with 0 +++ [pid 412] <... futex resumed>) = ? [pid 412] +++ exited with 0 +++ [pid 408] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=408, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 413 ./strace-static-x86_64: Process 413 attached [pid 413] set_robust_list(0x555556cb7760, 24) = 0 [pid 413] chdir("./22") = 0 [pid 413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 413] setpgid(0, 0) = 0 [pid 413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 413] write(3, "1000", 4) = 4 [pid 413] close(3) = 0 [pid 413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 413] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 413] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 413] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0}./strace-static-x86_64: Process 414 attached => {parent_tid=[414]}, 88) = 414 [pid 414] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 414] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 413] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] memfd_create("syzkaller", 0) = 3 [pid 413] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 414] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 25.648361][ T412] EXT4-fs (loop0): Total free blocks count 0 [ 25.654248][ T412] EXT4-fs (loop0): Free/Dirty block details [ 25.659958][ T412] EXT4-fs (loop0): free_blocks=2415919104 [ 25.665639][ T412] EXT4-fs (loop0): dirty_blocks=16 [ 25.670565][ T412] EXT4-fs (loop0): Block reservation details [ 25.676440][ T412] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 25.689853][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 414] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 414] close(3) = 0 [pid 414] close(4) = 0 [pid 414] mkdir("./file0", 0777) = 0 [pid 414] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 414] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 414] chdir("./file0") = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 414] ioctl(4, LOOP_CLR_FD) = 0 [pid 414] close(4) = 0 [pid 414] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 413] <... futex resumed>) = 0 [pid 413] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 414] <... futex resumed>) = 1 [pid 414] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 414] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 413] <... futex resumed>) = 0 [pid 413] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 414] <... futex resumed>) = 1 [pid 414] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 414] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 413] <... futex resumed>) = 0 [pid 413] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 414] <... futex resumed>) = 1 [pid 414] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 414] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 413] <... futex resumed>) = 0 [pid 413] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 413] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[417]}, 88) = 417 [pid 413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 413] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 414] <... futex resumed>) = 1 [pid 414] write(4, 0x200000c0, 120) = 120 [pid 414] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 417 attached [pid 417] set_robust_list(0x7fcf97db39a0, 24) = 0 [pid 417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 25.720828][ T414] loop0: detected capacity change from 0 to 2048 [ 25.744238][ T414] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 413] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 413] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 25.758826][ T417] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.773831][ T417] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 25.785901][ T417] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.785901][ T417] [ 25.795309][ T417] EXT4-fs (loop0): Total free blocks count 0 [ 25.801088][ T417] EXT4-fs (loop0): Free/Dirty block details [ 25.806905][ T417] EXT4-fs (loop0): free_blocks=2415919104 [ 25.812684][ T417] EXT4-fs (loop0): dirty_blocks=16 [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 417] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 417] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 417] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 413] exit_group(0 [pid 414] <... futex resumed>) = ? [pid 413] <... exit_group resumed>) = ? [pid 414] +++ exited with 0 +++ [pid 417] <... futex resumed>) = ? [pid 417] +++ exited with 0 +++ [pid 413] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=413, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 418 ./strace-static-x86_64: Process 418 attached [pid 418] set_robust_list(0x555556cb7760, 24) = 0 [pid 418] chdir("./23") = 0 [pid 418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 418] setpgid(0, 0) = 0 [pid 418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 418] write(3, "1000", 4) = 4 [pid 418] close(3) = 0 [pid 418] symlink("/dev/binderfs", "./binderfs") = 0 [pid 418] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 418] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 418] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 418] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 418] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[419]}, 88) = 419 ./strace-static-x86_64: Process 419 attached [pid 418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 418] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 419] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 419] memfd_create("syzkaller", 0) = 3 [pid 419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 419] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 25.817610][ T417] EXT4-fs (loop0): Block reservation details [ 25.823555][ T417] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 25.837140][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 419] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 419] close(3) = 0 [pid 419] close(4) = 0 [pid 419] mkdir("./file0", 0777) = 0 [pid 419] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 419] chdir("./file0") = 0 [pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 419] ioctl(4, LOOP_CLR_FD) = 0 [pid 419] close(4) = 0 [pid 419] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 419] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] <... futex resumed>) = 0 [pid 419] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 419] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] <... futex resumed>) = 1 [pid 419] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 419] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] <... futex resumed>) = 1 [pid 419] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 419] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 418] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 418] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 418] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[422]}, 88) = 422 [pid 418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 418] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] <... futex resumed>) = 1 ./strace-static-x86_64: Process 422 attached [pid 419] write(4, 0x200000c0, 120) = 120 [pid 419] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] set_robust_list(0x7fcf97db39a0, 24 [pid 419] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 422] <... set_robust_list resumed>) = 0 [pid 422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 25.872062][ T419] loop0: detected capacity change from 0 to 2048 [ 25.884135][ T419] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 418] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 25.911599][ T422] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.926609][ T422] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 25.938842][ T422] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.938842][ T422] [ 25.948420][ T422] EXT4-fs (loop0): Total free blocks count 0 [ 25.954313][ T422] EXT4-fs (loop0): Free/Dirty block details [ 25.960139][ T422] EXT4-fs (loop0): free_blocks=2415919104 [ 25.965789][ T422] EXT4-fs (loop0): dirty_blocks=16 [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 422] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 422] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] exit_group(0 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 418] <... exit_group resumed>) = ? [pid 422] +++ exited with 0 +++ [pid 419] <... futex resumed>) = ? [pid 419] +++ exited with 0 +++ [pid 418] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=418, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 423 ./strace-static-x86_64: Process 423 attached [pid 423] set_robust_list(0x555556cb7760, 24) = 0 [pid 423] chdir("./24") = 0 [pid 423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 423] setpgid(0, 0) = 0 [pid 423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 423] write(3, "1000", 4) = 4 [pid 423] close(3) = 0 [pid 423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 423] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 423] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[424]}, 88) = 424 ./strace-static-x86_64: Process 424 attached [pid 423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 423] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 424] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 424] memfd_create("syzkaller", 0) = 3 [pid 424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 424] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 25.970713][ T422] EXT4-fs (loop0): Block reservation details [ 25.976578][ T422] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 26.001202][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 424] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 424] close(3) = 0 [pid 424] close(4) = 0 [pid 424] mkdir("./file0", 0777) = 0 [pid 424] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 424] chdir("./file0") = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 424] ioctl(4, LOOP_CLR_FD) = 0 [pid 424] close(4) = 0 [pid 424] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 424] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] <... futex resumed>) = 0 [pid 424] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 424] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] <... futex resumed>) = 1 [pid 424] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 424] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] <... futex resumed>) = 1 [pid 424] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 424] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] <... futex resumed>) = 0 [pid 423] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 423] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[427]}, 88) = 427 [pid 423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 423] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] <... futex resumed>) = 1 [pid 424] write(4, 0x200000c0, 120) = 120 [pid 424] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 427 attached [pid 427] set_robust_list(0x7fcf97db39a0, 24) = 0 [pid 427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 26.031646][ T424] loop0: detected capacity change from 0 to 2048 [ 26.043912][ T424] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 26.061458][ T427] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 423] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 423] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 423] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 427] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 427] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 423] exit_group(0 [pid 424] <... futex resumed>) = ? [pid 423] <... exit_group resumed>) = ? [pid 424] +++ exited with 0 +++ [pid 427] <... futex resumed>) = ? [pid 427] +++ exited with 0 +++ [pid 423] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=423, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 26.076756][ T427] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 26.088896][ T427] EXT4-fs (loop0): This should not happen!! Data will be lost [ 26.088896][ T427] [ 26.098343][ T427] EXT4-fs (loop0): Total free blocks count 0 [ 26.104150][ T427] EXT4-fs (loop0): Free/Dirty block details [ 26.109850][ T427] EXT4-fs (loop0): free_blocks=2415919104 [ 26.115650][ T427] EXT4-fs (loop0): dirty_blocks=16 [ 26.120582][ T427] EXT4-fs (loop0): Block reservation details [ 26.126435][ T427] EXT4-fs (loop0): i_reserved_data_blocks=1 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 428 ./strace-static-x86_64: Process 428 attached [pid 428] set_robust_list(0x555556cb7760, 24) = 0 [pid 428] chdir("./25") = 0 [pid 428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 428] setpgid(0, 0) = 0 [pid 428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 428] write(3, "1000", 4) = 4 [pid 428] close(3) = 0 [pid 428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 428] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 428] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 428] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 428] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[429]}, 88) = 429 [pid 428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 428] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 429 attached [pid 429] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 429] memfd_create("syzkaller", 0) = 3 [pid 429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 429] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 429] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 429] close(3) = 0 [pid 429] close(4) = 0 [pid 429] mkdir("./file0", 0777) = 0 [pid 429] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 429] chdir("./file0") = 0 [pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 429] ioctl(4, LOOP_CLR_FD) = 0 [pid 429] close(4) = 0 [pid 429] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 429] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 429] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 429] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] write(4, 0x200000c0, 120 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 428] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 428] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[432]}, 88) = 432 [pid 428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 428] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] <... write resumed>) = 120 [pid 429] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 432 attached [pid 429] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] set_robust_list(0x7fcf97db39a0, 24) = 0 [pid 432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [ 26.139760][ T294] EXT4-fs (loop0): unmounting filesystem. [ 26.163878][ T429] loop0: detected capacity change from 0 to 2048 [ 26.174026][ T429] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 428] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 428] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 26.193310][ T432] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 26.208322][ T432] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 26.220337][ T432] EXT4-fs (loop0): This should not happen!! Data will be lost [ 26.220337][ T432] [ 26.230130][ T432] EXT4-fs (loop0): Total free blocks count 0 [ 26.236116][ T432] EXT4-fs (loop0): Free/Dirty block details [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 432] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 432] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7fcf97ea16d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 428] exit_group(0 [pid 429] <... futex resumed>) = ? [pid 428] <... exit_group resumed>) = ? [pid 429] +++ exited with 0 +++ [pid 432] <... futex resumed>) = ? [pid 432] +++ exited with 0 +++ [pid 428] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=428, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556cc0830 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556cc0830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555556cb87f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cb7750) = 434 ./strace-static-x86_64: Process 434 attached [pid 434] set_robust_list(0x555556cb7760, 24) = 0 [pid 434] chdir("./26") = 0 [pid 434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 434] setpgid(0, 0) = 0 [pid 434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 434] write(3, "1000", 4) = 4 [pid 434] close(3) = 0 [pid 434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 434] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] rt_sigaction(SIGRT_1, {sa_handler=0x7fcf97e461f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf97de7fa0}, NULL, 8) = 0 [pid 434] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97db4000 [pid 434] mprotect(0x7fcf97db5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 434] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97dd4990, parent_tid=0x7fcf97dd4990, exit_signal=0, stack=0x7fcf97db4000, stack_size=0x20240, tls=0x7fcf97dd46c0} => {parent_tid=[435]}, 88) = 435 [pid 434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 434] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 435 attached [pid 435] set_robust_list(0x7fcf97dd49a0, 24) = 0 [pid 435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 435] memfd_create("syzkaller", 0) = 3 [pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf8f9b4000 [pid 435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 435] munmap(0x7fcf8f9b4000, 138412032) = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 26.242389][ T432] EXT4-fs (loop0): free_blocks=2415919104 [ 26.247932][ T432] EXT4-fs (loop0): dirty_blocks=16 [ 26.253058][ T432] EXT4-fs (loop0): Block reservation details [ 26.258846][ T432] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 26.271412][ T294] EXT4-fs (loop0): unmounting filesystem. [pid 435] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 435] close(3) = 0 [pid 435] close(4) = 0 [pid 435] mkdir("./file0", 0777) = 0 [pid 435] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 435] chdir("./file0") = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 435] ioctl(4, LOOP_CLR_FD) = 0 [pid 435] close(4) = 0 [pid 435] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 434] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] <... futex resumed>) = 1 [pid 435] openat(AT_FDCWD, "pids.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 435] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 434] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] <... futex resumed>) = 1 [pid 435] write(4, "\x23\x21\x20\x0a\x00\x00\x00\x00", 8) = 8 [pid 435] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 435] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 434] <... futex resumed>) = 0 [pid 434] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] futex(0x7fcf97ea16cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] <... futex resumed>) = 0 [pid 435] mmap(0x20000000, 11755520, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 435] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 435] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 434] futex(0x7fcf97ea16c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 434] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] write(4, 0x200000c0, 120 [pid 434] <... futex resumed>) = 0 [pid 434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf97d93000 [pid 434] mprotect(0x7fcf97d94000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 434] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fcf97db3990, parent_tid=0x7fcf97db3990, exit_signal=0, stack=0x7fcf97d93000, stack_size=0x20240, tls=0x7fcf97db36c0} => {parent_tid=[438]}, 88) = 438 [pid 434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 434] futex(0x7fcf97ea16d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7fcf97ea16dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 438 attached [pid 438] set_robust_list(0x7fcf97db39a0, 24) = 0 [pid 438] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c0} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c4} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054c8} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d0} --- [pid 435] <... write resumed>) = 120 [pid 435] futex(0x7fcf97ea16cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7fcf97ea16c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000100} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054d8} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054dc} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e0} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054e8} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054ec} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200054f0} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005500} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005504} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005508} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000550c} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005510} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005518} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000551c} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005520} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005528} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000552c} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005530} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005534} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005538} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005540} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20005548} --- [pid 438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000554c} --- [pid 438] bpf(BPF_PROG_LOAD, 0x200054c0, 144) = -1 EFAULT (Bad address) [pid 438] futex(0x7fcf97ea16dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 434] <... futex resumed>) = 0 [pid 434] exit_group(0) = ? [pid 435] <... futex resumed>) = ? [pid 438] +++ exited with 0 +++ [pid 435] +++ exited with 0 +++ [pid 434] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=434, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556cb87f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 26.301395][ T435] loop0: detected capacity change from 0 to 2048 [ 26.314734][ T435] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 26.333424][ T438] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 26.354839][ T312] ------------[ cut here ]------------ [ 26.360142][ T312] kernel BUG at fs/ext4/inode.c:2749! [ 26.365617][ T312] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 26.371489][ T312] CPU: 1 PID: 312 Comm: kworker/u4:3 Not tainted 6.1.75-syzkaller-00045-g503add184388 #0 [ 26.381120][ T312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 26.391015][ T312] Workqueue: writeback wb_workfn (flush-7:0) [ 26.396830][ T312] RIP: 0010:ext4_writepages+0x3fab/0x3fd0 [ 26.402523][ T312] Code: 43 81 ff 31 ff 89 de e8 23 43 81 ff 45 84 f6 75 2a e8 89 40 81 ff 49 bc 00 00 00 00 00 fc ff df e9 6e f6 ff ff e8 75 40 81 ff <0f> 0b e8 6e 40 81 ff e8 25 52 0c ff e9 46 c3 ff ff e8 5f 40 81 ff [ 26.421968][ T312] RSP: 0018:ffffc90000e87000 EFLAGS: 00010293 [ 26.427867][ T312] RAX: ffffffff81f42ddb RBX: 0000008000000000 RCX: ffff88810ba71440 [ 26.435674][ T312] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 26.443589][ T312] RBP: ffffc90000e87410 R08: ffffffff81f3f53b R09: ffffed102178e2e7 [ 26.451397][ T312] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888112a8a000 [ 26.459333][ T312] R13: ffff88810bc71870 R14: 000000c410000000 R15: ffffc90000e872e0 [ 26.467136][ T312] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 26.475902][ T312] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.482324][ T312] CR2: 0000555556cc07f8 CR3: 0000000122679000 CR4: 00000000003506a0 [ 26.490139][ T312] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.497957][ T312] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.505759][ T312] Call Trace: [ 26.508893][ T312] [ 26.511662][ T312] ? __die_body+0x62/0xb0 [ 26.515829][ T312] ? die+0x88/0xb0 [ 26.519386][ T312] ? do_trap+0x103/0x330 [ 26.523467][ T312] ? ext4_writepages+0x3fab/0x3fd0 [ 26.528412][ T312] ? handle_invalid_op+0x95/0xc0 [ 26.533185][ T312] ? ext4_writepages+0x3fab/0x3fd0 [ 26.538132][ T312] ? exc_invalid_op+0x32/0x50 [ 26.542644][ T312] ? asm_exc_invalid_op+0x1b/0x20 [ 26.547506][ T312] ? ext4_writepages+0x70b/0x3fd0 [ 26.552380][ T312] ? ext4_writepages+0x3fab/0x3fd0 [ 26.557313][ T312] ? ext4_writepages+0x3fab/0x3fd0 [ 26.562270][ T312] ? psi_task_change+0x1d3/0x360 [ 26.567035][ T312] ? ext4_read_folio+0x240/0x240 [ 26.571806][ T312] ? xas_start+0x32c/0x3f0 [ 26.576064][ T312] ? cpudl_cleanup+0x40/0x40 [ 26.580661][ T312] ? __filemap_get_folio+0x95e/0xae0 [ 26.585907][ T312] ? xas_load+0x39d/0x3b0 [ 26.590065][ T312] ? ext4_read_folio+0x240/0x240 [ 26.595146][ T312] do_writepages+0x385/0x620 [ 26.599550][ T312] ? __writepage+0x130/0x130 [ 26.603971][ T312] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 26.609444][ T312] __writeback_single_inode+0xdc/0xb80 [ 26.614934][ T312] writeback_sb_inodes+0xb32/0x1910 [ 26.619975][ T312] ? _raw_spin_lock+0xa4/0x1b0 [ 26.624573][ T312] ? queue_io+0x520/0x520 [ 26.628732][ T312] ? __writeback_inodes_wb+0x3f0/0x3f0 [ 26.634029][ T312] ? queue_io+0x3d0/0x520 [ 26.638193][ T312] ? memset+0x35/0x40 [ 26.642011][ T312] wb_writeback+0x3b9/0x9f0 [ 26.646369][ T312] ? inode_cgwb_move_to_attached+0x3c0/0x3c0 [ 26.652165][ T312] ? set_worker_desc+0x158/0x1c0 [ 26.656951][ T312] ? cpudl_cleanup+0x40/0x40 [ 26.661364][ T312] ? __kasan_check_write+0x14/0x20 [ 26.666322][ T312] wb_workfn+0x399/0x1030 [ 26.670580][ T312] ? inode_wait_for_writeback+0x280/0x280 [ 26.676126][ T312] ? kthread_data+0x53/0xc0 [ 26.680460][ T312] ? _raw_spin_unlock+0x4c/0x70 [ 26.685147][ T312] ? finish_task_switch+0x167/0x7b0 [ 26.690180][ T312] ? __kasan_check_read+0x11/0x20 [ 26.695039][ T312] ? read_word_at_a_time+0x12/0x20 [ 26.699986][ T312] ? strscpy+0x9c/0x260 [ 26.703982][ T312] process_one_work+0x73d/0xcb0 [ 26.708672][ T312] worker_thread+0xa60/0x1260 [ 26.713181][ T312] ? __kasan_check_read+0x11/0x20 [ 26.718040][ T312] kthread+0x26d/0x300 [ 26.721943][ T312] ? worker_clr_flags+0x1a0/0x1a0 [ 26.726805][ T312] ? kthread_blkcg+0xd0/0xd0 [ 26.731244][ T312] ret_from_fork+0x1f/0x30 [ 26.735487][ T312] [ 26.738350][ T312] Modules linked in: [ 26.742194][ T312] ---[ end trace 0000000000000000 ]--- [ 26.747387][ T312] RIP: 0010:ext4_writepages+0x3fab/0x3fd0 [ 26.752965][ T312] Code: 43 81 ff 31 ff 89 de e8 23 43 81 ff 45 84 f6 75 2a e8 89 40 81 ff 49 bc 00 00 00 00 00 fc ff df e9 6e f6 ff ff e8 75 40 81 ff <0f> 0b e8 6e 40 81 ff e8 25 52 0c ff e9 46 c3 ff ff e8 5f 40 81 ff [ 26.772429][ T312] RSP: 0018:ffffc90000e87000 EFLAGS: 00010293 [ 26.778274][ T312] RAX: ffffffff81f42ddb RBX: 0000008000000000 RCX: ffff88810ba71440 [ 26.786228][ T312] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 26.794065][ T312] RBP: ffffc90000e87410 R08: ffffffff81f3f53b R09: ffffed102178e2e7 [ 26.801827][ T312] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888112a8a000 [ 26.809664][ T312] R13: ffff88810bc71870 R14: 000000c410000000 R15: ffffc90000e872e0 [ 26.817465][ T312] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 26.826241][ T312] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.832655][ T312] CR2: 0000555556cc07f8 CR3: 0000000122679000 CR4: 00000000003506a0 [ 26.840452][ T312] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.848290][ T312] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.856236][ T312] Kernel panic - not syncing: Fatal exception [ 26.862436][ T312] Kernel Offset: disabled [ 26.866569][ T312] Rebooting in 86400 seconds..