./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2473958904 <...> Warning: Permanently added '10.128.1.16' (ECDSA) to the list of known hosts. execve("./syz-executor2473958904", ["./syz-executor2473958904"], 0x7ffe91e7c1e0 /* 10 vars */) = 0 brk(NULL) = 0x55555702c000 brk(0x55555702cc40) = 0x55555702cc40 arch_prctl(ARCH_SET_FS, 0x55555702c300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555702c5d0) = 371 set_robust_list(0x55555702c5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f01942ae570, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f01942aec40}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f01942ae610, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f01942aec40}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2473958904", 4096) = 28 brk(0x55555704dc40) = 0x55555704dc40 brk(0x55555704e000) = 0x55555704e000 mprotect(0x7f0194370000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 371 mkdir("./syzkaller.swEvnf", 0700) = 0 chmod("./syzkaller.swEvnf", 0777) = 0 chdir("./syzkaller.swEvnf") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 373 ./strace-static-x86_64: Process 373 attached [pid 373] set_robust_list(0x55555702c5e0, 24) = 0 [pid 373] chdir("./0") = 0 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 373] setpgid(0, 0) = 0 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 373] write(3, "1000", 4) = 4 [pid 373] close(3) = 0 [pid 373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 373] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 373] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 373] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[374], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 374 [pid 373] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 374 attached [pid 374] set_robust_list(0x7f019429d9e0, 24) = 0 [pid 374] memfd_create("syzkaller", 0) = 3 [pid 374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [pid 374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 374] munmap(0x7f018be7d000, 1048576) = 0 [pid 374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 374] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 374] close(3) = 0 [pid 374] mkdir("./file0", 0777) = 0 [ 21.235774][ T23] audit: type=1400 audit(1677426203.380:73): avc: denied { execmem } for pid=371 comm="syz-executor247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.255251][ T23] audit: type=1400 audit(1677426203.390:74): avc: denied { read write } for pid=371 comm="syz-executor247" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 374] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 374] chdir("./file0") = 0 [pid 374] ioctl(4, LOOP_CLR_FD) = 0 [pid 374] close(4) = 0 [pid 374] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] <... futex resumed>) = 1 [pid 374] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 374] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf5c000 [pid 373] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 373] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[378], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 378 [pid 373] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf3b000 [pid 373] mprotect(0x7f018bf3c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 373] clone(child_stack=0x7f018bf5b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[379], tls=0x7f018bf5b700, child_tidptr=0x7f018bf5b9d0) = 379 [pid 373] futex(0x7f01943767c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f01943767cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] <... futex resumed>) = 1 [pid 374] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 374] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 378 attached [pid 378] set_robust_list(0x7f018bf7c9e0, 24) = 0 [pid 378] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 373] <... futex resumed>) = ? ./strace-static-x86_64: Process 379 attached [pid 374] <... futex resumed>) = ? [pid 379] +++ killed by SIGBUS +++ [pid 374] +++ killed by SIGBUS +++ [ 21.279740][ T23] audit: type=1400 audit(1677426203.390:75): avc: denied { open } for pid=371 comm="syz-executor247" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.289579][ T374] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 378] +++ killed by SIGBUS +++ [pid 373] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=373, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555702d620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 21.304138][ T23] audit: type=1400 audit(1677426203.390:76): avc: denied { ioctl } for pid=371 comm="syz-executor247" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.338422][ T23] audit: type=1400 audit(1677426203.430:77): avc: denied { mounton } for pid=373 comm="syz-executor247" path="/root/syzkaller.swEvnf/0/file0" dev="sda1" ino=1141 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 21.363097][ T23] audit: type=1400 audit(1677426203.470:78): avc: denied { mount } for pid=373 comm="syz-executor247" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 21.385136][ T23] audit: type=1400 audit(1677426203.480:79): avc: denied { write } for pid=373 comm="syz-executor247" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.407224][ T23] audit: type=1400 audit(1677426203.480:80): avc: denied { add_name } for pid=373 comm="syz-executor247" name="blkio.throttle.io_service_bytes" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557035660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557035660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x55555702d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 21.430372][ T23] audit: type=1400 audit(1677426203.480:81): avc: denied { create } for pid=373 comm="syz-executor247" name="blkio.throttle.io_service_bytes" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 21.453093][ T23] audit: type=1400 audit(1677426203.480:82): avc: denied { read append open } for pid=373 comm="syz-executor247" path="/root/syzkaller.swEvnf/0/file0/blkio.throttle.io_service_bytes" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 380 ./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x55555702c5e0, 24) = 0 [pid 380] chdir("./1") = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0) = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 380] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 380] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 380] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[381], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 381 [pid 380] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 381 attached [pid 381] set_robust_list(0x7f019429d9e0, 24) = 0 [pid 381] memfd_create("syzkaller", 0) = 3 [pid 381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [pid 381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 381] munmap(0x7f018be7d000, 1048576) = 0 [pid 381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 381] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 381] close(3) = 0 [pid 381] mkdir("./file0", 0777) = 0 [pid 381] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 381] chdir("./file0") = 0 [pid 381] ioctl(4, LOOP_CLR_FD) = 0 [pid 381] close(4) = 0 [pid 381] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 381] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 380] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... openat resumed>) = 4 [pid 381] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf5c000 [pid 381] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 380] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 380] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 385 attached [pid 381] <... mmap resumed>) = 0x20000000 [pid 380] <... clone resumed>, parent_tid=[385], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 385 [pid 380] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 385] set_robust_list(0x7f018bf7c9e0, 24 [pid 381] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] <... mmap resumed>) = 0x7f018bf3b000 [pid 380] mprotect(0x7f018bf3c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 380] clone(child_stack=0x7f018bf5b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 385] <... set_robust_list resumed>) = 0 [pid 381] <... futex resumed>) = 0 ./strace-static-x86_64: Process 386 attached [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 381] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 380] <... clone resumed>, parent_tid=[386], tls=0x7f018bf5b700, child_tidptr=0x7f018bf5b9d0) = 386 [pid 380] futex(0x7f01943767c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = ? [pid 380] <... futex resumed>) = ? [pid 386] +++ killed by SIGBUS +++ [pid 381] +++ killed by SIGBUS +++ [pid 385] +++ killed by SIGBUS +++ [pid 380] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=380, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555702d620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 21.538804][ T381] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557035660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557035660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x55555702d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 387 ./strace-static-x86_64: Process 387 attached [pid 387] set_robust_list(0x55555702c5e0, 24) = 0 [pid 387] chdir("./2") = 0 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 387] setpgid(0, 0) = 0 [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 387] write(3, "1000", 4) = 4 [pid 387] close(3) = 0 [pid 387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 387] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 387] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 387] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[388], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 388 [pid 387] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 388 attached [pid 388] set_robust_list(0x7f019429d9e0, 24) = 0 [pid 388] memfd_create("syzkaller", 0) = 3 [pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [pid 388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 388] munmap(0x7f018be7d000, 1048576) = 0 [pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 388] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 388] close(3) = 0 [pid 388] mkdir("./file0", 0777) = 0 [pid 388] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 388] chdir("./file0") = 0 [pid 388] ioctl(4, LOOP_CLR_FD) = 0 [pid 388] close(4) = 0 [pid 388] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 388] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 0 [pid 388] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 388] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf5c000 [pid 387] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 387] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[392], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 392 [pid 387] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf3b000 [pid 387] mprotect(0x7f018bf3c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 387] clone(child_stack=0x7f018bf5b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[393], tls=0x7f018bf5b700, child_tidptr=0x7f018bf5b9d0) = 393 [pid 387] futex(0x7f01943767c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f01943767cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 1 [pid 388] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0./strace-static-x86_64: Process 393 attached ./strace-static-x86_64: Process 392 attached ) = 0x20000000 [pid 392] set_robust_list(0x7f018bf7c9e0, 24) = 0 [pid 392] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 387] <... futex resumed>) = ? [pid 392] +++ killed by SIGBUS +++ [pid 393] +++ killed by SIGBUS +++ [pid 388] +++ killed by SIGBUS +++ [pid 387] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=387, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555702d620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 21.638921][ T388] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557035660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557035660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x55555702d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 394 ./strace-static-x86_64: Process 394 attached [pid 394] set_robust_list(0x55555702c5e0, 24) = 0 [pid 394] chdir("./3") = 0 [pid 394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 394] setpgid(0, 0) = 0 [pid 394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 394] write(3, "1000", 4) = 4 [pid 394] close(3) = 0 [pid 394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 394] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 394] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 394] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[395], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 395 [pid 394] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 395 attached [pid 395] set_robust_list(0x7f019429d9e0, 24) = 0 [pid 395] memfd_create("syzkaller", 0) = 3 [pid 395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [pid 395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 395] munmap(0x7f018be7d000, 1048576) = 0 [pid 395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 395] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 395] close(3) = 0 [pid 395] mkdir("./file0", 0777) = 0 [pid 395] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 395] chdir("./file0") = 0 [pid 395] ioctl(4, LOOP_CLR_FD) = 0 [pid 395] close(4) = 0 [pid 395] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] <... futex resumed>) = 0 [pid 394] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] <... futex resumed>) = 1 [pid 395] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 395] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] <... futex resumed>) = 0 [pid 394] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf5c000 [pid 394] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 394] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[399], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 399 [pid 394] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf3b000 [pid 394] mprotect(0x7f018bf3c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 394] clone(child_stack=0x7f018bf5b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[400], tls=0x7f018bf5b700, child_tidptr=0x7f018bf5b9d0) = 400 [pid 394] futex(0x7f01943767c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] futex(0x7f01943767cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] <... futex resumed>) = 1 [pid 395] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 395] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 399 attached [pid 399] set_robust_list(0x7f018bf7c9e0, 24) = 0 [pid 399] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 394] <... futex resumed>) = ? [pid 395] <... futex resumed>) = ? ./strace-static-x86_64: Process 400 attached [pid 395] +++ killed by SIGBUS +++ [pid 399] +++ killed by SIGBUS +++ [pid 400] +++ killed by SIGBUS +++ [pid 394] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=394, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555702d620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 21.739249][ T395] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557035660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557035660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x55555702d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 401 ./strace-static-x86_64: Process 401 attached [pid 401] set_robust_list(0x55555702c5e0, 24) = 0 [pid 401] chdir("./4") = 0 [pid 401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 401] setpgid(0, 0) = 0 [pid 401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 401] write(3, "1000", 4) = 4 [pid 401] close(3) = 0 [pid 401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 401] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 401] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 401] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 402 attached , parent_tid=[402], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 402 [pid 402] set_robust_list(0x7f019429d9e0, 24) = 0 [pid 401] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 402] memfd_create("syzkaller", 0) = 3 [pid 402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [pid 402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 402] munmap(0x7f018be7d000, 1048576) = 0 [pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 402] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 402] close(3) = 0 [pid 402] mkdir("./file0", 0777) = 0 [pid 402] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 402] chdir("./file0") = 0 [pid 402] ioctl(4, LOOP_CLR_FD) = 0 [pid 402] close(4) = 0 [pid 402] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 402] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf5c000 [pid 401] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 401] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 406 attached [pid 402] <... mmap resumed>) = 0x20000000 [pid 401] <... clone resumed>, parent_tid=[406], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 406 [pid 401] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 406] set_robust_list(0x7f018bf7c9e0, 24 [pid 402] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf3b000 [pid 401] mprotect(0x7f018bf3c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 401] clone(child_stack=0x7f018bf5b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 402] <... futex resumed>) = 0 [pid 401] <... clone resumed>, parent_tid=[407], tls=0x7f018bf5b700, child_tidptr=0x7f018bf5b9d0) = 407 [pid 406] <... set_robust_list resumed>) = 0 [pid 401] futex(0x7f01943767c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 406] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 402] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 401] futex(0x7f01943767cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] <... futex resumed>) = ? [pid 401] <... futex resumed>) = ? ./strace-static-x86_64: Process 407 attached [pid 407] +++ killed by SIGBUS +++ [pid 402] +++ killed by SIGBUS +++ [pid 406] +++ killed by SIGBUS +++ [pid 401] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=401, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555702d620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 21.859119][ T402] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557035660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557035660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x55555702d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 408 ./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x55555702c5e0, 24) = 0 [pid 408] chdir("./5") = 0 [pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 408] setpgid(0, 0) = 0 [pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 408] write(3, "1000", 4) = 4 [pid 408] close(3) = 0 [pid 408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 408] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 408] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 408] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 409 attached , parent_tid=[409], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 409 [pid 409] set_robust_list(0x7f019429d9e0, 24 [pid 408] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 409] <... set_robust_list resumed>) = 0 [pid 409] memfd_create("syzkaller", 0) = 3 [pid 409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 409] munmap(0x7f018be7d000, 1048576) = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 409] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 409] close(3) = 0 [pid 409] mkdir("./file0", 0777) = 0 [pid 409] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 409] chdir("./file0") = 0 [pid 409] ioctl(4, LOOP_CLR_FD) = 0 [pid 409] close(4) = 0 [pid 409] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 1 [pid 409] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 409] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf5c000 [pid 408] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 408] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[413], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 413 [pid 408] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf3b000 [pid 408] mprotect(0x7f018bf3c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 408] clone(child_stack=0x7f018bf5b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[414], tls=0x7f018bf5b700, child_tidptr=0x7f018bf5b9d0) = 414 [pid 408] futex(0x7f01943767c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7f01943767cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 1 [pid 409] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 409] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 414 attached [pid 414] set_robust_list(0x7f018bf5b9e0, 24) = 0 [pid 414] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 5 [pid 414] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 0 [pid 409] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000d0} --- [pid 408] <... futex resumed>) = ? [pid 414] <... futex resumed>) = ? ./strace-static-x86_64: Process 413 attached [pid 414] +++ killed by SIGBUS +++ [pid 413] +++ killed by SIGBUS +++ [pid 409] +++ killed by SIGBUS +++ [pid 408] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=408, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555702d620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 21.969041][ T409] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557035660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557035660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x55555702d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 415 ./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x55555702c5e0, 24) = 0 [pid 415] chdir("./6") = 0 [pid 415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 415] setpgid(0, 0) = 0 [pid 415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 415] write(3, "1000", 4) = 4 [pid 415] close(3) = 0 [pid 415] symlink("/dev/binderfs", "./binderfs") = 0 [pid 415] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 415] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 415] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 416 attached , parent_tid=[416], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 416 [pid 415] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 416] set_robust_list(0x7f019429d9e0, 24) = 0 [pid 416] memfd_create("syzkaller", 0) = 3 [pid 416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [pid 416] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 416] munmap(0x7f018be7d000, 1048576) = 0 [pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 416] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 416] close(3) = 0 [pid 416] mkdir("./file0", 0777) = 0 [pid 416] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 416] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 416] chdir("./file0") = 0 [pid 416] ioctl(4, LOOP_CLR_FD) = 0 [pid 416] close(4) = 0 [pid 416] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... futex resumed>) = 1 [pid 416] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 416] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf5c000 [pid 415] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 415] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[420], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 420 [pid 415] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf3b000 [pid 415] mprotect(0x7f018bf3c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 415] clone(child_stack=0x7f018bf5b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[421], tls=0x7f018bf5b700, child_tidptr=0x7f018bf5b9d0) = 421 [pid 415] futex(0x7f01943767c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7f01943767cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... futex resumed>) = 1 [pid 416] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 416] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 421 attached ./strace-static-x86_64: Process 420 attached [pid 421] set_robust_list(0x7f018bf5b9e0, 24) = 0 [pid 421] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 5 [pid 421] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 415] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... futex resumed>) = 0 [pid 416] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000d0} --- [pid 415] <... futex resumed>) = ? [pid 421] <... futex resumed>) = ? [pid 420] +++ killed by SIGBUS +++ [pid 416] +++ killed by SIGBUS +++ [pid 421] +++ killed by SIGBUS +++ [pid 415] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=415, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555702d620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 22.149175][ T416] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557035660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557035660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x55555702d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 422 ./strace-static-x86_64: Process 422 attached [pid 422] set_robust_list(0x55555702c5e0, 24) = 0 [pid 422] chdir("./7") = 0 [pid 422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 422] setpgid(0, 0) = 0 [pid 422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 422] write(3, "1000", 4) = 4 [pid 422] close(3) = 0 [pid 422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 422] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 422] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 422] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[423], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 423 [pid 422] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 423 attached [pid 423] set_robust_list(0x7f019429d9e0, 24) = 0 [pid 423] memfd_create("syzkaller", 0) = 3 [pid 423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [pid 423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 423] munmap(0x7f018be7d000, 1048576) = 0 [pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 423] close(3) = 0 [pid 423] mkdir("./file0", 0777) = 0 [pid 423] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 423] chdir("./file0") = 0 [pid 423] ioctl(4, LOOP_CLR_FD) = 0 [pid 423] close(4) = 0 [pid 423] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 423] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf5c000 [pid 422] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 422] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[427], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 427 [pid 422] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 427 attached [pid 422] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] set_robust_list(0x7f018bf7c9e0, 24 [pid 422] <... futex resumed>) = 0 [pid 422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf3b000 [pid 422] mprotect(0x7f018bf3c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 422] clone(child_stack=0x7f018bf5b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[428], tls=0x7f018bf5b700, child_tidptr=0x7f018bf5b9d0) = 428 [pid 422] futex(0x7f01943767c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f01943767cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 423] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 427] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 428 attached [pid 427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 428] set_robust_list(0x7f018bf5b9e0, 24) = ? [pid 422] <... futex resumed>) = ? [pid 423] <... futex resumed>) = ? [pid 427] +++ killed by SIGBUS +++ [pid 428] +++ killed by SIGBUS +++ [pid 423] +++ killed by SIGBUS +++ [pid 422] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=422, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555702d620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557035660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557035660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x55555702d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 429 ./strace-static-x86_64: Process 429 attached [pid 429] set_robust_list(0x55555702c5e0, 24) = 0 [pid 429] chdir("./8") = 0 [pid 429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 429] setpgid(0, 0) = 0 [pid 429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 429] write(3, "1000", 4) = 4 [pid 429] close(3) = 0 [pid 429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 429] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 429] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 429] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[430], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 430 [ 22.299042][ T423] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 429] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 430 attached [pid 430] set_robust_list(0x7f019429d9e0, 24) = 0 [pid 430] memfd_create("syzkaller", 0) = 3 [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [pid 430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 430] munmap(0x7f018be7d000, 1048576) = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 430] close(3) = 0 [pid 430] mkdir("./file0", 0777) = 0 [pid 430] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 430] chdir("./file0") = 0 [pid 430] ioctl(4, LOOP_CLR_FD) = 0 [pid 430] close(4) = 0 [pid 430] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] <... futex resumed>) = 0 [pid 429] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] <... futex resumed>) = 1 [pid 430] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 430] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] <... futex resumed>) = 0 [pid 429] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf5c000 [pid 429] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 429] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[434], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 434 [pid 429] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf3b000 [pid 429] mprotect(0x7f018bf3c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 429] clone(child_stack=0x7f018bf5b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[435], tls=0x7f018bf5b700, child_tidptr=0x7f018bf5b9d0) = 435 [pid 429] futex(0x7f01943767c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] futex(0x7f01943767cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] <... futex resumed>) = 1 [pid 430] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 430] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 434 attached ./strace-static-x86_64: Process 435 attached [pid 430] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 434] set_robust_list(0x7f018bf7c9e0, 24) = 0 [pid 434] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 429] <... futex resumed>) = ? [pid 430] <... futex resumed>) = ? [pid 430] +++ killed by SIGBUS +++ [pid 435] +++ killed by SIGBUS +++ [pid 434] +++ killed by SIGBUS +++ [pid 429] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=429, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555702d620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557035660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557035660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x55555702d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 436 ./strace-static-x86_64: Process 436 attached [pid 436] set_robust_list(0x55555702c5e0, 24) = 0 [pid 436] chdir("./9") = 0 [pid 436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 436] setpgid(0, 0) = 0 [pid 436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 436] write(3, "1000", 4) = 4 [pid 436] close(3) = 0 [pid 436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 436] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 436] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 436] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[437], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 437 [pid 436] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 437 attached [pid 437] set_robust_list(0x7f019429d9e0, 24) = 0 [pid 437] memfd_create("syzkaller", 0) = 3 [pid 437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [ 22.379084][ T430] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 437] munmap(0x7f018be7d000, 1048576) = 0 [pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 437] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 437] close(3) = 0 [pid 437] mkdir("./file0", 0777) = 0 [pid 437] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 437] chdir("./file0") = 0 [pid 437] ioctl(4, LOOP_CLR_FD) = 0 [pid 437] close(4) = 0 [pid 437] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 437] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 436] <... futex resumed>) = 0 [pid 436] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 436] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 437] <... futex resumed>) = 0 [pid 437] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 437] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = 0 [pid 436] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf5c000 [pid 436] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 437] <... futex resumed>) = 1 [pid 436] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[441], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 441 [pid 436] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf3b000 [pid 436] mprotect(0x7f018bf3c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 436] clone(child_stack=0x7f018bf5b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[442], tls=0x7f018bf5b700, child_tidptr=0x7f018bf5b9d0) = 442 [pid 436] futex(0x7f01943767c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7f01943767cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 441 attached ./strace-static-x86_64: Process 442 attached [pid 442] set_robust_list(0x7f018bf5b9e0, 24 [pid 441] set_robust_list(0x7f018bf7c9e0, 24 [pid 442] <... set_robust_list resumed>) = 0 [pid 441] <... set_robust_list resumed>) = 0 [pid 442] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP [pid 441] write(4, "#! ./file0 \n", 12 [pid 442] <... socket resumed>) = 5 [pid 442] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = 0 [pid 436] futex(0x7f01943767c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7f01943767cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] openat(AT_FDCWD, "/proc/thread-self", O_RDONLY|O_NOFOLLOW|O_NOATIME [pid 437] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 442] <... openat resumed>) = -1 ELOOP (Too many levels of symbolic links) [pid 442] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 437] <... mmap resumed>) = 0x20000000 [pid 441] <... write resumed>) = 12 [pid 436] <... futex resumed>) = 0 [pid 442] <... futex resumed>) = 1 [pid 441] write(4, 0x200002c0, 12 [pid 437] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 442] futex(0x7f01943767c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 437] <... futex resumed>) = 0 [pid 441] <... write resumed>) = 12 [pid 437] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 441] write(4, 0x200002c0, 12) = 12 [pid 441] write(4, 0x200002c0, 12) = 12 [pid 441] write(4, 0x200002c0, 12) = 12 [pid 441] write(4, 0x200002c0, 12) = 12 [ 22.449415][ T437] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 22.471329][ T441] EXT4-fs error (device loop0): ext4_mb_generate_buddy:805: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 22.486214][ T441] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [ 22.498635][ T441] EXT4-fs (loop0): This should not happen!! Data will be lost [ 22.498635][ T441] [ 22.508304][ T441] EXT4-fs (loop0): Total free blocks count 0 [ 22.514276][ T441] EXT4-fs (loop0): Free/Dirty block details [ 22.520228][ T441] EXT4-fs (loop0): free_blocks=2415919104 [ 22.525949][ T441] EXT4-fs (loop0): dirty_blocks=16 [ 22.531071][ T441] EXT4-fs (loop0): Block reservation details [ 22.537050][ T441] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 441] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7f01943767b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 436] exit_group(0 [pid 442] <... futex resumed>) = ? [pid 437] <... futex resumed>) = ? [pid 436] <... exit_group resumed>) = ? [pid 442] +++ exited with 0 +++ [pid 437] +++ exited with 0 +++ [pid 441] <... futex resumed>) = ? [pid 441] +++ exited with 0 +++ [pid 436] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=436, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555702d620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 [ 22.543369][ T441] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 22.555638][ T441] EXT4-fs (loop0): This should not happen!! Data will be lost [ 22.555638][ T441] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557035660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557035660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x55555702d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 443 ./strace-static-x86_64: Process 443 attached [pid 443] set_robust_list(0x55555702c5e0, 24) = 0 [pid 443] chdir("./10") = 0 [pid 443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 443] setpgid(0, 0) = 0 [pid 443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 443] write(3, "1000", 4) = 4 [pid 443] close(3) = 0 [pid 443] symlink("/dev/binderfs", "./binderfs") = 0 [pid 443] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 443] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 443] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[444], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 444 [pid 443] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 443] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 444 attached [pid 444] set_robust_list(0x7f019429d9e0, 24) = 0 [pid 444] memfd_create("syzkaller", 0) = 3 [pid 444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [pid 444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 444] munmap(0x7f018be7d000, 1048576) = 0 [pid 444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 444] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 444] close(3) = 0 [pid 444] mkdir("./file0", 0777) = 0 [pid 444] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 444] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 444] chdir("./file0") = 0 [pid 444] ioctl(4, LOOP_CLR_FD) = 0 [pid 444] close(4) = 0 [pid 444] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 444] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 443] <... futex resumed>) = 0 [pid 443] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 443] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 444] <... futex resumed>) = 0 [pid 444] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 444] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 443] <... futex resumed>) = 0 [pid 444] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 443] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 443] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 444] <... futex resumed>) = 0 [pid 443] <... futex resumed>) = 0 [pid 444] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 444] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 444] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf5c000 [pid 443] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 443] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[448], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 448 [pid 443] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 448 attached ) = 0 [pid 443] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 443] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 444] <... futex resumed>) = 0 [pid 444] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 5 [pid 444] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 443] <... futex resumed>) = 0 [pid 443] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 443] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 444] <... futex resumed>) = 1 [pid 444] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000d0} --- [pid 443] <... futex resumed>) = ? [pid 448] +++ killed by SIGBUS +++ [pid 444] +++ killed by SIGBUS +++ [pid 443] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=443, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555702d620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 [ 22.709308][ T444] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557035660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557035660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x55555702d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 449 ./strace-static-x86_64: Process 449 attached [pid 449] set_robust_list(0x55555702c5e0, 24) = 0 [pid 449] chdir("./11") = 0 [pid 449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 449] setpgid(0, 0) = 0 [pid 449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 449] write(3, "1000", 4) = 4 [pid 449] close(3) = 0 [pid 449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 449] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 449] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 449] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[450], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 450 [pid 449] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 450 attached [pid 450] set_robust_list(0x7f019429d9e0, 24) = 0 [pid 450] memfd_create("syzkaller", 0) = 3 [pid 450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [pid 450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 450] munmap(0x7f018be7d000, 1048576) = 0 [pid 450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 450] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 450] close(3) = 0 [pid 450] mkdir("./file0", 0777) = 0 [pid 450] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 450] chdir("./file0") = 0 [pid 450] ioctl(4, LOOP_CLR_FD) = 0 [pid 450] close(4) = 0 [pid 450] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 449] <... futex resumed>) = 0 [pid 449] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 450] <... futex resumed>) = 1 [pid 450] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 450] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 449] <... futex resumed>) = 0 [pid 449] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf5c000 [pid 449] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 449] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[454], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 454 [pid 449] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf3b000 [pid 449] mprotect(0x7f018bf3c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 449] clone(child_stack=0x7f018bf5b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[455], tls=0x7f018bf5b700, child_tidptr=0x7f018bf5b9d0) = 455 [pid 449] futex(0x7f01943767c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] futex(0x7f01943767cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 450] <... futex resumed>) = 1 [pid 450] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 450] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 450] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 455 attached [pid 455] set_robust_list(0x7f018bf5b9e0, 24) = 0 [pid 455] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 5 [pid 455] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 449] <... futex resumed>) = 0 [pid 449] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 449] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 450] <... futex resumed>) = 0 [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000d0} --- [pid 449] <... futex resumed>) = ? [pid 455] <... futex resumed>) = ? ./strace-static-x86_64: Process 454 attached [pid 450] +++ killed by SIGBUS +++ [pid 455] +++ killed by SIGBUS +++ [pid 454] +++ killed by SIGBUS +++ [pid 449] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=449, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555702d620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557035660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557035660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x55555702d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 456 ./strace-static-x86_64: Process 456 attached [pid 456] set_robust_list(0x55555702c5e0, 24) = 0 [pid 456] chdir("./12") = 0 [pid 456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 456] setpgid(0, 0) = 0 [pid 456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 22.828879][ T450] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 456] write(3, "1000", 4) = 4 [pid 456] close(3) = 0 [pid 456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 456] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 456] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 456] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[457], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 457 [pid 456] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 457 attached [pid 457] set_robust_list(0x7f019429d9e0, 24) = 0 [pid 457] memfd_create("syzkaller", 0) = 3 [pid 457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [pid 457] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 457] munmap(0x7f018be7d000, 1048576) = 0 [pid 457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 457] close(3) = 0 [pid 457] mkdir("./file0", 0777) = 0 [pid 457] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 457] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 457] chdir("./file0") = 0 [pid 457] ioctl(4, LOOP_CLR_FD) = 0 [pid 457] close(4) = 0 [pid 457] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] <... futex resumed>) = 1 [pid 457] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 457] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf5c000 [pid 456] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 456] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 461 attached [pid 457] <... futex resumed>) = 1 [pid 461] set_robust_list(0x7f018bf7c9e0, 24 [pid 457] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 456] <... clone resumed>, parent_tid=[461], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 461 [pid 461] <... set_robust_list resumed>) = 0 [pid 457] <... mmap resumed>) = 0x20000000 [pid 456] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf3b000 [pid 456] mprotect(0x7f018bf3c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 461] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 457] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] clone(child_stack=0x7f018bf5b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 457] <... futex resumed>) = ? [pid 456] <... clone resumed>, parent_tid=[0], tls=0x7f018bf5b700, child_tidptr=0x7f018bf5b9d0) = 230 [pid 461] +++ killed by SIGBUS +++ [pid 457] +++ killed by SIGBUS +++ [pid 456] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=456, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555702d620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557035660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557035660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x55555702d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 463 ./strace-static-x86_64: Process 463 attached [pid 463] set_robust_list(0x55555702c5e0, 24) = 0 [pid 463] chdir("./13") = 0 [ 22.908931][ T457] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 463] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 463] setpgid(0, 0) = 0 [pid 463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 463] write(3, "1000", 4) = 4 [pid 463] close(3) = 0 [pid 463] symlink("/dev/binderfs", "./binderfs") = 0 [pid 463] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 463] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 463] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 464 attached , parent_tid=[464], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 464 [pid 464] set_robust_list(0x7f019429d9e0, 24) = 0 [pid 464] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] memfd_create("syzkaller", 0) = 3 [pid 464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [pid 463] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 464] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 464] munmap(0x7f018be7d000, 1048576) = 0 [pid 464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 464] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 464] close(3) = 0 [pid 464] mkdir("./file0", 0777) = 0 [pid 464] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 464] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 464] chdir("./file0") = 0 [pid 464] ioctl(4, LOOP_CLR_FD) = 0 [pid 464] close(4) = 0 [pid 464] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 463] <... futex resumed>) = 0 [pid 463] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 463] <... futex resumed>) = 0 [pid 463] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... openat resumed>) = 4 [pid 464] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 463] <... futex resumed>) = 0 [pid 464] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 463] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 463] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 464] <... mmap resumed>) = 0x20000000 [pid 463] <... mmap resumed>) = 0x7f018bf5c000 [pid 464] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 463] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 464] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 468 attached , parent_tid=[468], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 468 [pid 468] set_robust_list(0x7f018bf7c9e0, 24) = 0 [pid 468] futex(0x7f01943767b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 463] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = 0 [pid 463] <... futex resumed>) = 1 [pid 463] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 463] <... futex resumed>) = 1 [pid 463] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 464] <... futex resumed>) = ? [pid 464] +++ killed by SIGBUS +++ [pid 468] +++ killed by SIGBUS +++ [pid 463] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=463, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555702d620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 [ 22.988870][ T464] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557035660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557035660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x55555702d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 469 ./strace-static-x86_64: Process 469 attached [pid 469] set_robust_list(0x55555702c5e0, 24) = 0 [pid 469] chdir("./14") = 0 [pid 469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 469] setpgid(0, 0) = 0 [pid 469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 469] write(3, "1000", 4) = 4 [pid 469] close(3) = 0 [pid 469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 469] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 469] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 469] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[470], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 470 [pid 469] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 470 attached [pid 470] set_robust_list(0x7f019429d9e0, 24) = 0 [pid 470] memfd_create("syzkaller", 0) = 3 [pid 470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [pid 470] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 470] munmap(0x7f018be7d000, 1048576) = 0 [pid 470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 470] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 470] close(3) = 0 [pid 470] mkdir("./file0", 0777) = 0 [pid 470] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 470] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 470] chdir("./file0") = 0 [pid 470] ioctl(4, LOOP_CLR_FD) = 0 [pid 470] close(4) = 0 [pid 470] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] <... futex resumed>) = 0 [pid 470] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 469] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] <... openat resumed>) = 4 [pid 470] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 469] <... futex resumed>) = 0 [pid 469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf5c000 [pid 469] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 469] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 470] <... mmap resumed>) = 0x20000000 [pid 470] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] <... clone resumed>, parent_tid=[474], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 474 ./strace-static-x86_64: Process 474 attached [pid 470] <... futex resumed>) = 0 [pid 469] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 474] set_robust_list(0x7f018bf7c9e0, 24 [pid 470] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP [pid 474] <... set_robust_list resumed>) = 0 [pid 470] <... socket resumed>) = 5 [pid 470] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 474] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 470] <... futex resumed>) = 1 [pid 469] <... futex resumed>) = 0 [pid 469] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 470] +++ killed by SIGBUS +++ [pid 474] +++ killed by SIGBUS +++ [pid 469] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=469, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555702d620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557035660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557035660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x55555702d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 475 ./strace-static-x86_64: Process 475 attached [pid 475] set_robust_list(0x55555702c5e0, 24) = 0 [pid 475] chdir("./15") = 0 [pid 475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 475] setpgid(0, 0) = 0 [pid 475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 475] write(3, "1000", 4) = 4 [pid 475] close(3) = 0 [pid 475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 475] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 475] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 475] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[476], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 476 [pid 475] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 476 attached [ 23.159014][ T470] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [pid 476] set_robust_list(0x7f019429d9e0, 24) = 0 [pid 476] memfd_create("syzkaller", 0) = 3 [pid 476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [pid 476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 476] munmap(0x7f018be7d000, 1048576) = 0 [pid 476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 476] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 476] close(3) = 0 [pid 476] mkdir("./file0", 0777) = 0 [pid 476] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 476] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 476] chdir("./file0") = 0 [pid 476] ioctl(4, LOOP_CLR_FD) = 0 [pid 476] close(4) = 0 [pid 476] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... futex resumed>) = 0 [pid 476] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 476] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... futex resumed>) = 0 [pid 476] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 475] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... mmap resumed>) = 0x20000000 [pid 475] <... futex resumed>) = 0 [pid 476] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 475] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 475] <... futex resumed>) = 0 [pid 476] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf5c000 [pid 475] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 475] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 480 attached , parent_tid=[480], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 480 [pid 480] set_robust_list(0x7f018bf7c9e0, 24) = 0 [pid 480] futex(0x7f01943767b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 476] <... futex resumed>) = 0 [pid 476] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP [pid 475] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 480] <... futex resumed>) = 0 [pid 480] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 476] <... socket resumed>) = 5 [pid 475] <... futex resumed>) = ? [pid 476] +++ killed by SIGBUS +++ [pid 480] +++ killed by SIGBUS +++ [pid 475] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=475, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555702d620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 23.238982][ T476] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557035660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557035660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x55555702d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 481 ./strace-static-x86_64: Process 481 attached [pid 481] set_robust_list(0x55555702c5e0, 24) = 0 [pid 481] chdir("./16") = 0 [pid 481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 481] setpgid(0, 0) = 0 [pid 481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 481] write(3, "1000", 4) = 4 [pid 481] close(3) = 0 [pid 481] symlink("/dev/binderfs", "./binderfs") = 0 [pid 481] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 481] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 481] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[482], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 482 [pid 481] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 482 attached [pid 482] set_robust_list(0x7f019429d9e0, 24) = 0 [pid 482] memfd_create("syzkaller", 0) = 3 [pid 482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [pid 482] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 482] munmap(0x7f018be7d000, 1048576) = 0 [pid 482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 482] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 482] close(3) = 0 [pid 482] mkdir("./file0", 0777) = 0 [pid 482] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 482] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 482] chdir("./file0") = 0 [pid 482] ioctl(4, LOOP_CLR_FD) = 0 [pid 482] close(4) = 0 [pid 482] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] <... futex resumed>) = 0 [pid 482] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 482] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 482] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 481] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] <... mmap resumed>) = 0x20000000 [pid 482] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 482] <... futex resumed>) = 0 [pid 481] <... mmap resumed>) = 0x7f018bf5c000 [pid 481] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE [pid 482] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 481] <... mprotect resumed>) = 0 [pid 481] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 486 attached , parent_tid=[486], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 486 [pid 486] set_robust_list(0x7f018bf7c9e0, 24 [pid 481] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 486] <... set_robust_list resumed>) = 0 [pid 486] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 482] <... futex resumed>) = ? [pid 481] <... futex resumed>) = ? [pid 482] +++ killed by SIGBUS +++ [pid 486] +++ killed by SIGBUS +++ [pid 481] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=481, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555702d620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 [ 23.348881][ T482] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557035660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557035660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x55555702d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 487 ./strace-static-x86_64: Process 487 attached [pid 487] set_robust_list(0x55555702c5e0, 24) = 0 [pid 487] chdir("./17") = 0 [pid 487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 487] setpgid(0, 0) = 0 [pid 487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 487] write(3, "1000", 4) = 4 [pid 487] close(3) = 0 [pid 487] symlink("/dev/binderfs", "./binderfs") = 0 [pid 487] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 487] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 487] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[488], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 488 [pid 487] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 488 attached [pid 488] set_robust_list(0x7f019429d9e0, 24) = 0 [pid 488] memfd_create("syzkaller", 0) = 3 [pid 488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [pid 488] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 488] munmap(0x7f018be7d000, 1048576) = 0 [pid 488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 488] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 488] close(3) = 0 [pid 488] mkdir("./file0", 0777) = 0 [pid 488] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 488] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 488] chdir("./file0") = 0 [pid 488] ioctl(4, LOOP_CLR_FD) = 0 [pid 488] close(4) = 0 [pid 488] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... openat resumed>) = 4 [pid 488] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf5c000 [pid 487] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 488] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 487] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 492 attached [pid 488] <... mmap resumed>) = 0x20000000 [pid 487] <... clone resumed>, parent_tid=[492], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 492 [pid 487] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 492] set_robust_list(0x7f018bf7c9e0, 24 [pid 488] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] <... mmap resumed>) = 0x7f018bf3b000 [pid 487] mprotect(0x7f018bf3c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 487] clone(child_stack=0x7f018bf5b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 492] <... set_robust_list resumed>) = 0 [pid 488] <... futex resumed>) = 0 ./strace-static-x86_64: Process 493 attached [pid 487] <... clone resumed>, parent_tid=[493], tls=0x7f018bf5b700, child_tidptr=0x7f018bf5b9d0) = 493 [pid 488] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] futex(0x7f01943767c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7f01943767cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 493] set_robust_list(0x7f018bf5b9e0, 24 [pid 492] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 493] <... set_robust_list resumed>) = ? [pid 488] <... futex resumed>) = ? [pid 487] <... futex resumed>) = ? [pid 493] +++ killed by SIGBUS +++ [pid 488] +++ killed by SIGBUS +++ [pid 492] +++ killed by SIGBUS +++ [pid 487] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=487, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555702d620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 [ 23.429560][ T488] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557035660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557035660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x55555702d620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555702c5d0) = 494 ./strace-static-x86_64: Process 494 attached [pid 494] set_robust_list(0x55555702c5e0, 24) = 0 [pid 494] chdir("./18") = 0 [pid 494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 494] setpgid(0, 0) = 0 [pid 494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 494] write(3, "1000", 4) = 4 [pid 494] close(3) = 0 [pid 494] symlink("/dev/binderfs", "./binderfs") = 0 [pid 494] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f019427d000 [pid 494] mprotect(0x7f019427e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 494] clone(child_stack=0x7f019429d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 495 attached [pid 495] set_robust_list(0x7f019429d9e0, 24 [pid 494] <... clone resumed>, parent_tid=[495], tls=0x7f019429d700, child_tidptr=0x7f019429d9d0) = 495 [pid 495] <... set_robust_list resumed>) = 0 [pid 494] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] memfd_create("syzkaller", 0 [pid 494] <... futex resumed>) = 0 [pid 495] <... memfd_create resumed>) = 3 [pid 494] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f018be7d000 [pid 495] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 495] munmap(0x7f018be7d000, 1048576) = 0 [pid 495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 495] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 495] close(3) = 0 [pid 495] mkdir("./file0", 0777) = 0 [pid 495] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 495] chdir("./file0") = 0 [pid 495] ioctl(4, LOOP_CLR_FD) = 0 [pid 495] close(4) = 0 [pid 495] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 495] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 494] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... futex resumed>) = 0 [pid 495] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 495] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f01943767bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf5c000 [pid 494] mprotect(0x7f018bf5d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 494] clone(child_stack=0x7f018bf7c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 499 attached , parent_tid=[499], tls=0x7f018bf7c700, child_tidptr=0x7f018bf7c9d0) = 499 [pid 499] set_robust_list(0x7f018bf7c9e0, 24 [pid 494] futex(0x7f01943767b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] <... set_robust_list resumed>) = 0 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f018bf3b000 [pid 494] mprotect(0x7f018bf3c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 499] write(4, "#! ./file0 \n", 12 [pid 494] clone(child_stack=0x7f018bf5b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[500], tls=0x7f018bf5b700, child_tidptr=0x7f018bf5b9d0) = 500 [pid 494] futex(0x7f01943767c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f01943767cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... futex resumed>) = 1 [pid 495] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0./strace-static-x86_64: Process 500 attached [pid 499] <... write resumed>) = 12 [pid 495] <... mmap resumed>) = 0x20000000 [pid 495] futex(0x7f01943767ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7f01943767a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 500] set_robust_list(0x7f018bf5b9e0, 24 [pid 499] write(4, 0x200002c0, 12 [pid 500] <... set_robust_list resumed>) = 0 [pid 500] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 5 [pid 500] futex(0x7f01943767cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f01943767a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 494] futex(0x7f01943767ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 499] <... write resumed>) = 12 [pid 495] <... futex resumed>) = 0 [pid 499] write(4, 0x200002c0, 12 [pid 500] <... futex resumed>) = 1 [pid 500] futex(0x7f01943767c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000d0} --- [pid 500] <... futex resumed>) = ? [pid 494] <... futex resumed>) = ? [ 23.589076][ T495] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 23.611517][ T495] EXT4-fs error (device loop0): ext4_mb_generate_buddy:805: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.626610][ T499] ------------[ cut here ]------------ [ 23.632144][ T499] kernel BUG at fs/ext4/inode.c:2767! [ 23.637524][ T499] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 23.643590][ T499] CPU: 1 PID: 499 Comm: syz-executor247 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0 [ 23.653813][ T499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 [ 23.663878][ T499] RIP: 0010:ext4_writepages+0x36f6/0x3710 [ 23.669580][ T499] Code: c6 31 ff e8 8c 07 90 ff 84 db 75 2c e8 73 04 90 ff 48 bb 00 00 00 00 00 fc ff df 4c 8b 64 24 40 e9 28 f7 ff ff e8 5a 04 90 ff <0f> 0b e8 53 04 90 ff e8 ed 64 23 ff eb a0 e8 47 04 90 ff e8 e1 64 [ 23.689184][ T499] RSP: 0018:ffffc90001007300 EFLAGS: 00010293 [ 23.695237][ T499] RAX: ffffffff81dd1d56 RBX: 0000008000000000 RCX: ffff88810e784f00 [ 23.703322][ T499] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 23.711289][ T499] RBP: ffffc900010076f0 R08: ffffffff81dced3a R09: ffffed10235613bc [ 23.719265][ T499] R10: ffffed10235613bc R11: 1ffff110235613bb R12: ffff8881067e8000 [ 23.727329][ T499] R13: ffffc900010075c0 R14: 0000008410000000 R15: ffffc90001007860 [ 23.735312][ T499] FS: 00007f018bf7c700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 23.744224][ T499] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.750796][ T499] CR2: 00007f018bee3000 CR3: 000000010a101000 CR4: 00000000003506a0 [ 23.758759][ T499] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 23.766878][ T499] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 23.774856][ T499] Call Trace: [ 23.778145][ T499] ? __ext4_get_inode_loc+0x44c/0xd20 [ 23.783504][ T499] ? errseq_check+0x40/0x70 [ 23.788009][ T499] ? __kasan_check_read+0x11/0x20 [ 23.793026][ T499] ? mark_buffer_dirty+0x1eb/0x310 [ 23.798133][ T499] ? __ext4_handle_dirty_metadata+0x2d0/0x800 [ 23.804198][ T499] ? ext4_readpage+0x220/0x220 [ 23.808951][ T499] ? __kasan_check_write+0x14/0x20 [ 23.814043][ T499] ? ext4_mark_iloc_dirty+0x2183/0x3350 [ 23.819586][ T499] ? __ext4_expand_extra_isize+0x3d0/0x3d0 [ 23.825387][ T499] ? ext4_readpage+0x220/0x220 [ 23.830153][ T499] do_writepages+0x13a/0x280 [ 23.834740][ T499] ? __kasan_check_read+0x11/0x20 [ 23.839752][ T499] ? __writepage+0x130/0x130 [ 23.844329][ T499] ? __kasan_check_write+0x14/0x20 [ 23.849433][ T499] ? _raw_spin_unlock+0x4d/0x70 [ 23.854271][ T499] __filemap_fdatawrite_range+0x354/0x420 [ 23.859994][ T499] ? filemap_check_errors+0x120/0x120 [ 23.865367][ T499] ? generic_perform_write+0x51c/0x5b0 [ 23.870809][ T499] file_write_and_wait_range+0x89/0x120 [ 23.876341][ T499] ext4_sync_file+0x19e/0x9d0 [ 23.881011][ T499] vfs_fsync_range+0x17b/0x190 [ 23.885775][ T499] ext4_buffered_write_iter+0x565/0x610 [ 23.891307][ T499] ext4_file_write_iter+0x192/0x1c70 [ 23.896588][ T499] ? dequeue_task_fair+0x7ad/0xb50 [ 23.901712][ T499] ? __kasan_check_read+0x11/0x20 [ 23.906725][ T499] ? compat_start_thread+0x80/0x80 [ 23.911821][ T499] ? avc_policy_seqno+0x1b/0x70 [ 23.916681][ T499] ? selinux_file_permission+0x2a9/0x520 [ 23.922298][ T499] ? fsnotify_perm+0x67/0x4e0 [ 23.926959][ T499] ? ext4_file_read_iter+0x4d0/0x4d0 [ 23.932257][ T499] ? security_file_permission+0xa8/0xc0 [ 23.937797][ T499] ? iov_iter_init+0x3f/0x120 [ 23.942462][ T499] vfs_write+0xc4a/0xf80 [ 23.946706][ T499] ? __kasan_check_write+0x14/0x20 [ 23.951801][ T499] ? kernel_write+0x420/0x420 [ 23.956476][ T499] ? mutex_lock+0xb2/0x1e0 [ 23.960878][ T499] ? mutex_trylock+0x180/0x180 [ 23.965626][ T499] ? __fdget_pos+0x26d/0x310 [ 23.970206][ T499] ? ksys_write+0x77/0x2c0 [ 23.974617][ T499] ksys_write+0x198/0x2c0 [ 23.978933][ T499] ? do_notify_parent+0xa40/0xa40 [ 23.983972][ T499] ? __ia32_sys_read+0x90/0x90 [ 23.988725][ T499] ? switch_fpu_return+0x10/0x10 [ 23.993646][ T499] __x64_sys_write+0x7b/0x90 [ 23.998219][ T499] do_syscall_64+0x34/0x70 [ 24.002639][ T499] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 24.008514][ T499] RIP: 0033:0x7f01942f1619 [ 24.012913][ T499] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 24.032522][ T499] RSP: 002b:00007f018bf7c2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 24.040924][ T499] RAX: ffffffffffffffda RBX: 000000000000003f RCX: 00007f01942f1619 [ 24.048883][ T499] RDX: 000000000000000c RSI: 00000000200002c0 RDI: 0000000000000004 [ 24.056861][ T499] RBP: 00007f01943767b8 R08: 0000000000000000 R09: 0000000000000000 [ 24.064817][ T499] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f01943767b0 [ 24.072777][ T499] R13: 00007f0194343838 R14: 0000000020001200 R15: 0030656c69662f2e [ 24.080757][ T499] Modules linked in: [ 24.084857][ T499] ---[ end trace e63019e52e9e841e ]--- [ 24.090359][ T499] RIP: 0010:ext4_writepages+0x36f6/0x3710 [ 24.096078][ T499] Code: c6 31 ff e8 8c 07 90 ff 84 db 75 2c e8 73 04 90 ff 48 bb 00 00 00 00 00 fc ff df 4c 8b 64 24 40 e9 28 f7 ff ff e8 5a 04 90 ff <0f> 0b e8 53 04 90 ff e8 ed 64 23 ff eb a0 e8 47 04 90 ff e8 e1 64 [ 24.115723][ T499] RSP: 0018:ffffc90001007300 EFLAGS: 00010293 [ 24.121816][ T499] RAX: ffffffff81dd1d56 RBX: 0000008000000000 RCX: ffff88810e784f00 [ 24.129802][ T499] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 24.137793][ T499] RBP: ffffc900010076f0 R08: ffffffff81dced3a R09: ffffed10235613bc [ 24.145763][ T499] R10: ffffed10235613bc R11: 1ffff110235613bb R12: ffff8881067e8000 [ 24.153754][ T499] R13: ffffc900010075c0 R14: 0000008410000000 R15: ffffc90001007860 [ 24.161737][ T499] FS: 00007f018bf7c700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 24.170698][ T499] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.177281][ T499] CR2: 00007f018bee3000 CR3: 000000010a101000 CR4: 00000000003506a0 [ 24.185269][ T499] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.193250][ T499] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.201239][ T499] Kernel panic - not syncing: Fatal exception [ 24.207562][ T499] Kernel Offset: disabled [ 24.211902][ T499] Rebooting in 86400 seconds..