./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor728281256 <...> Warning: Permanently added '10.128.15.213' (ECDSA) to the list of known hosts. execve("./syz-executor728281256", ["./syz-executor728281256"], 0x7ffeb6975b30 /* 10 vars */) = 0 brk(NULL) = 0x555556020000 brk(0x555556020c40) = 0x555556020c40 arch_prctl(ARCH_SET_FS, 0x555556020300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555560205d0) = 5076 set_robust_list(0x5555560205e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fba1e45d500, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fba1e45dbd0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fba1e45d5a0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fba1e45dbd0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor728281256", 4096) = 27 brk(0x555556041c40) = 0x555556041c40 brk(0x555556042000) = 0x555556042000 mprotect(0x7fba1e51f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5076 mkdir("./syzkaller.MPGQAZ", 0700) = 0 chmod("./syzkaller.MPGQAZ", 0777) = 0 chdir("./syzkaller.MPGQAZ") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560205d0) = 5077 ./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x5555560205e0, 24) = 0 [pid 5077] chdir("./0") = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1e42c000 [pid 5077] mprotect(0x7fba1e42d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] clone(child_stack=0x7fba1e44c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5079], tls=0x7fba1e44c700, child_tidptr=0x7fba1e44c9d0) = 5079 [pid 5077] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x7fba1e44c9e0, 24) = 0 [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba1602c000 [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5079] munmap(0x7fba1602c000, 1048576) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] mkdir("./file0", 0777) = 0 [ 59.698088][ T5079] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5079 'syz-executor728' [ 59.725494][ T5079] loop0: detected capacity change from 0 to 2048 [pid 5079] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./file0") = 0 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [pid 5079] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 1 [pid 5079] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 5079] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 1 [pid 5079] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 5079] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 1 [pid 5079] open("./bus", O_RDWR) = 5 [pid 5079] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 1 [pid 5079] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7fba1e5257bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1610b000 [pid 5077] mprotect(0x7fba1610c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] clone(child_stack=0x7fba1612b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5083], tls=0x7fba1612b700, child_tidptr=0x7fba1612b9d0) = 5083 [pid 5077] futex(0x7fba1e5257b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7fba1e5257bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 1 [pid 5079] write(4, 0x20000f80, 9) = 9 [pid 5079] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5083 attached [pid 5083] set_robust_list(0x7fba1612b9e0, 24) = 0 [ 59.761058][ T5079] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5083] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 5079] <... futex resumed>) = ? [pid 5079] +++ killed by SIGBUS +++ [pid 5077] <... futex resumed>) = ? [pid 5083] +++ killed by SIGBUS +++ [pid 5077] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5077, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556021620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556029660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556029660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555556021620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560205d0) = 5084 ./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x5555560205e0, 24) = 0 [pid 5084] chdir("./1") = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [ 59.803249][ T5083] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1095: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 59.833602][ T5076] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1e42c000 [pid 5084] mprotect(0x7fba1e42d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] clone(child_stack=0x7fba1e44c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5085], tls=0x7fba1e44c700, child_tidptr=0x7fba1e44c9d0) = 5085 [pid 5084] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5085 attached [pid 5085] set_robust_list(0x7fba1e44c9e0, 24) = 0 [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba1602c000 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5085] munmap(0x7fba1602c000, 1048576) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] mkdir("./file0", 0777) = 0 [pid 5085] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./file0") = 0 [pid 5085] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] close(4) = 0 [pid 5085] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5085] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000 [pid 5084] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... open resumed>) = 4 [pid 5085] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 5085] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] open("./bus", O_RDWR) = 5 [pid 5085] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7fba1e5257bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1610b000 [pid 5084] mprotect(0x7fba1610c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] clone(child_stack=0x7fba1612b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5088], tls=0x7fba1612b700, child_tidptr=0x7fba1612b9d0) = 5088 [pid 5084] futex(0x7fba1e5257b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7fba1e5257bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] write(4, 0x20000f80, 9) = 9 [pid 5085] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5088 attached [pid 5088] set_robust_list(0x7fba1612b9e0, 24) = 0 [ 59.918453][ T5085] loop0: detected capacity change from 0 to 2048 [ 59.938257][ T5085] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5088] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 5085] <... futex resumed>) = ? [pid 5085] +++ killed by SIGBUS +++ [pid 5084] <... futex resumed>) = ? [pid 5088] +++ killed by SIGBUS +++ [pid 5084] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5084, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556021620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556029660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556029660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555556021620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560205d0) = 5089 ./strace-static-x86_64: Process 5089 attached [pid 5089] set_robust_list(0x5555560205e0, 24) = 0 [pid 5089] chdir("./2") = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 59.996030][ T5088] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1095: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 60.021697][ T5076] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1e42c000 [pid 5089] mprotect(0x7fba1e42d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] clone(child_stack=0x7fba1e44c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5090], tls=0x7fba1e44c700, child_tidptr=0x7fba1e44c9d0) = 5090 [pid 5089] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x7fba1e44c9e0, 24) = 0 [pid 5090] memfd_create("syzkaller", 0) = 3 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba1602c000 [pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5090] munmap(0x7fba1602c000, 1048576) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5090] close(3) = 0 [pid 5090] mkdir("./file0", 0777) = 0 [pid 5090] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5090] chdir("./file0") = 0 [pid 5090] ioctl(4, LOOP_CLR_FD) = 0 [pid 5090] close(4) = 0 [pid 5090] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... futex resumed>) = 1 [pid 5090] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 5090] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... futex resumed>) = 1 [pid 5090] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 5090] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... futex resumed>) = 1 [pid 5090] open("./bus", O_RDWR) = 5 [pid 5090] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... futex resumed>) = 1 [pid 5090] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7fba1e5257bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1610b000 [pid 5089] mprotect(0x7fba1610c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] clone(child_stack=0x7fba1612b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5093], tls=0x7fba1612b700, child_tidptr=0x7fba1612b9d0) = 5093 [pid 5089] futex(0x7fba1e5257b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7fba1e5257bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... futex resumed>) = 1 [pid 5090] write(4, 0x20000f80, 9) = 9 [pid 5090] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x7fba1612b9e0, 24) = 0 [ 60.096432][ T5090] loop0: detected capacity change from 0 to 2048 [ 60.118330][ T5090] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5093] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 5090] <... futex resumed>) = ? [pid 5090] +++ killed by SIGBUS +++ [pid 5089] <... futex resumed>) = ? [pid 5093] +++ killed by SIGBUS +++ [pid 5089] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5089, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556021620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556029660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556029660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555556021620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560205d0) = 5094 ./strace-static-x86_64: Process 5094 attached [pid 5094] set_robust_list(0x5555560205e0, 24) = 0 [pid 5094] chdir("./3") = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5094] setpgid(0, 0) = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5094] write(3, "1000", 4) = 4 [pid 5094] close(3) = 0 [pid 5094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5094] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1e42c000 [pid 5094] mprotect(0x7fba1e42d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5094] clone(child_stack=0x7fba1e44c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5095], tls=0x7fba1e44c700, child_tidptr=0x7fba1e44c9d0) = 5095 [pid 5094] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x7fba1e44c9e0, 24) = 0 [pid 5095] memfd_create("syzkaller", 0) = 3 [pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba1602c000 [ 60.153449][ T5093] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1095: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 60.179272][ T5076] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5095] munmap(0x7fba1602c000, 1048576) = 0 [pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5095] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5095] close(3) = 0 [pid 5095] mkdir("./file0", 0777) = 0 [pid 5095] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5095] chdir("./file0") = 0 [pid 5095] ioctl(4, LOOP_CLR_FD) = 0 [pid 5095] close(4) = 0 [pid 5095] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5094] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 5095] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 5095] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5095] <... futex resumed>) = 1 [pid 5094] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] open("./bus", O_RDWR) = 5 [pid 5095] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... mmap resumed>) = 0x20000000 [pid 5095] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5095] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5094] futex(0x7fba1e5257bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1610b000 [pid 5095] write(4, 0x20000f80, 9 [pid 5094] mprotect(0x7fba1610c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5094] clone(child_stack=0x7fba1612b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5098], tls=0x7fba1612b700, child_tidptr=0x7fba1612b9d0) = 5098 [pid 5094] futex(0x7fba1e5257b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] <... write resumed>) = 9 [pid 5094] futex(0x7fba1e5257bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x7fba1612b9e0, 24) = 0 [ 60.254746][ T5095] loop0: detected capacity change from 0 to 2048 [ 60.277908][ T5095] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5098] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 5095] <... futex resumed>) = ? [pid 5095] +++ killed by SIGBUS +++ [pid 5094] <... futex resumed>) = ? [pid 5098] +++ killed by SIGBUS +++ [pid 5094] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5094, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556021620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556029660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556029660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555556021620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560205d0) = 5099 ./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x5555560205e0, 24) = 0 [pid 5099] chdir("./4") = 0 [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5099] setpgid(0, 0) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5099] write(3, "1000", 4) = 4 [pid 5099] close(3) = 0 [pid 5099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5099] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1e42c000 [pid 5099] mprotect(0x7fba1e42d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] clone(child_stack=0x7fba1e44c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5100 attached , parent_tid=[5100], tls=0x7fba1e44c700, child_tidptr=0x7fba1e44c9d0) = 5100 [pid 5100] set_robust_list(0x7fba1e44c9e0, 24) = 0 [pid 5100] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 60.323697][ T5098] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1095: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 60.349407][ T5076] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5099] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5099] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5100] memfd_create("syzkaller", 0) = 3 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba1602c000 [pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5100] munmap(0x7fba1602c000, 1048576) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5100] close(3) = 0 [pid 5100] mkdir("./file0", 0777) = 0 [pid 5100] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5100] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5100] chdir("./file0") = 0 [pid 5100] ioctl(4, LOOP_CLR_FD) = 0 [pid 5100] close(4) = 0 [pid 5100] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 5100] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 1 [pid 5100] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 5100] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 1 [pid 5100] open("./bus", O_RDWR) = 5 [pid 5100] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 1 [pid 5100] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7fba1e5257bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1610b000 [pid 5099] mprotect(0x7fba1610c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] clone(child_stack=0x7fba1612b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5103], tls=0x7fba1612b700, child_tidptr=0x7fba1612b9d0) = 5103 [pid 5099] futex(0x7fba1e5257b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7fba1e5257bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... futex resumed>) = 1 [pid 5100] write(4, 0x20000f80, 9./strace-static-x86_64: Process 5103 attached ) = 9 [pid 5100] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] set_robust_list(0x7fba1612b9e0, 24) = 0 [ 60.423235][ T5100] loop0: detected capacity change from 0 to 2048 [ 60.448014][ T5100] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5103] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 5100] <... futex resumed>) = ? [pid 5099] <... futex resumed>) = ? [pid 5100] +++ killed by SIGBUS +++ [pid 5103] +++ killed by SIGBUS +++ [pid 5099] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5099, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556021620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556029660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556029660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555556021620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached , child_tidptr=0x5555560205d0) = 5104 [pid 5104] set_robust_list(0x5555560205e0, 24) = 0 [pid 5104] chdir("./5") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5104] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1e42c000 [pid 5104] mprotect(0x7fba1e42d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] clone(child_stack=0x7fba1e44c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5105], tls=0x7fba1e44c700, child_tidptr=0x7fba1e44c9d0) = 5105 [pid 5104] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 60.496812][ T5103] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1095: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 60.525084][ T5076] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5104] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5105 attached [pid 5105] set_robust_list(0x7fba1e44c9e0, 24) = 0 [pid 5105] memfd_create("syzkaller", 0) = 3 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba1602c000 [pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5105] munmap(0x7fba1602c000, 1048576) = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5105] close(3) = 0 [pid 5105] mkdir("./file0", 0777) = 0 [pid 5105] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5105] chdir("./file0") = 0 [pid 5105] ioctl(4, LOOP_CLR_FD) = 0 [pid 5105] close(4) = 0 [pid 5105] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5104] <... futex resumed>) = 0 [pid 5105] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000 [pid 5104] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... open resumed>) = 4 [pid 5105] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5104] <... futex resumed>) = 0 [pid 5105] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 5104] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... write resumed>) = 9 [pid 5105] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5104] <... futex resumed>) = 0 [pid 5105] open("./bus", O_RDWR [pid 5104] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... open resumed>) = 5 [pid 5105] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5104] <... futex resumed>) = 0 [pid 5105] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5104] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... mmap resumed>) = 0x20000000 [pid 5105] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5104] <... futex resumed>) = 0 [pid 5105] write(4, 0x20000f80, 9 [pid 5104] futex(0x7fba1e5257bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... write resumed>) = 9 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5105] <... futex resumed>) = 0 [pid 5104] <... mmap resumed>) = 0x7fba1610b000 [pid 5105] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] mprotect(0x7fba1610c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] clone(child_stack=0x7fba1612b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5108 attached [pid 5108] set_robust_list(0x7fba1612b9e0, 24 [pid 5104] <... clone resumed>, parent_tid=[5108], tls=0x7fba1612b700, child_tidptr=0x7fba1612b9d0) = 5108 [pid 5108] <... set_robust_list resumed>) = 0 [pid 5104] futex(0x7fba1e5257b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 60.594116][ T5105] loop0: detected capacity change from 0 to 2048 [ 60.618107][ T5105] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5104] futex(0x7fba1e5257bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 5105] <... futex resumed>) = ? [pid 5104] <... futex resumed>) = ? [pid 5105] +++ killed by SIGBUS +++ [pid 5108] +++ killed by SIGBUS +++ [pid 5104] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5104, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556021620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556029660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556029660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555556021620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 60.666986][ T5108] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1095: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 60.696690][ T5076] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560205d0) = 5109 ./strace-static-x86_64: Process 5109 attached [pid 5109] set_robust_list(0x5555560205e0, 24) = 0 [pid 5109] chdir("./6") = 0 [pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5109] setpgid(0, 0) = 0 [pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5109] write(3, "1000", 4) = 4 [pid 5109] close(3) = 0 [pid 5109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5109] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1e42c000 [pid 5109] mprotect(0x7fba1e42d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5109] clone(child_stack=0x7fba1e44c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5110 attached , parent_tid=[5110], tls=0x7fba1e44c700, child_tidptr=0x7fba1e44c9d0) = 5110 [pid 5110] set_robust_list(0x7fba1e44c9e0, 24) = 0 [pid 5110] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5110] memfd_create("syzkaller", 0 [pid 5109] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5110] <... memfd_create resumed>) = 3 [pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba1602c000 [pid 5110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5110] munmap(0x7fba1602c000, 1048576) = 0 [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5110] close(3) = 0 [pid 5110] mkdir("./file0", 0777) = 0 [pid 5110] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5110] chdir("./file0") = 0 [pid 5110] ioctl(4, LOOP_CLR_FD) = 0 [pid 5110] close(4) = 0 [pid 5110] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5109] <... futex resumed>) = 1 [pid 5110] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000 [pid 5109] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... open resumed>) = 4 [pid 5110] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5110] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... futex resumed>) = 0 [pid 5110] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 5110] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5109] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] open("./bus", O_RDWR) = 5 [pid 5110] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5110] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5109] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] <... mmap resumed>) = 0x20000000 [pid 5110] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = 0 [pid 5110] <... futex resumed>) = 1 [pid 5109] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] write(4, 0x20000f80, 9 [pid 5109] <... futex resumed>) = 0 [pid 5109] futex(0x7fba1e5257bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5110] <... write resumed>) = 9 [pid 5110] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... mmap resumed>) = 0x7fba1610b000 [pid 5110] <... futex resumed>) = 0 [pid 5109] mprotect(0x7fba1610c000, 131072, PROT_READ|PROT_WRITE [pid 5110] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5109] <... mprotect resumed>) = 0 [pid 5109] clone(child_stack=0x7fba1612b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5113], tls=0x7fba1612b700, child_tidptr=0x7fba1612b9d0) = 5113 [pid 5109] futex(0x7fba1e5257b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7fba1e5257bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5113 attached [pid 5113] set_robust_list(0x7fba1612b9e0, 24) = 0 [ 60.778083][ T5110] loop0: detected capacity change from 0 to 2048 [ 60.797474][ T5110] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5113] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 5109] <... futex resumed>) = ? [pid 5110] <... futex resumed>) = ? [pid 5113] +++ killed by SIGBUS +++ [pid 5110] +++ killed by SIGBUS +++ [pid 5109] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5109, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556021620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556029660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556029660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555556021620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5114 attached [pid 5114] set_robust_list(0x5555560205e0, 24) = 0 [pid 5076] <... clone resumed>, child_tidptr=0x5555560205d0) = 5114 [pid 5114] chdir("./7") = 0 [pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5114] setpgid(0, 0) = 0 [pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 60.842578][ T5113] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1095: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 60.870373][ T5076] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5114] write(3, "1000", 4) = 4 [pid 5114] close(3) = 0 [pid 5114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5114] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1e42c000 [pid 5114] mprotect(0x7fba1e42d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5114] clone(child_stack=0x7fba1e44c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5115], tls=0x7fba1e44c700, child_tidptr=0x7fba1e44c9d0) = 5115 [pid 5114] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5115 attached [pid 5115] set_robust_list(0x7fba1e44c9e0, 24) = 0 [pid 5115] memfd_create("syzkaller", 0) = 3 [pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba1602c000 [pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5115] munmap(0x7fba1602c000, 1048576) = 0 [pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5115] close(3) = 0 [pid 5115] mkdir("./file0", 0777) = 0 [pid 5115] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5115] chdir("./file0") = 0 [pid 5115] ioctl(4, LOOP_CLR_FD) = 0 [pid 5115] close(4) = 0 [pid 5115] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 5115] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 5115] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] open("./bus", O_RDWR) = 5 [pid 5115] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5115] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5114] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7fba1e5257bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1610b000 [pid 5114] mprotect(0x7fba1610c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5114] clone(child_stack=0x7fba1612b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5118], tls=0x7fba1612b700, child_tidptr=0x7fba1612b9d0) = 5118 [pid 5115] write(4, 0x20000f80, 9 [pid 5114] futex(0x7fba1e5257b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5118 attached ) = 0 [pid 5118] set_robust_list(0x7fba1612b9e0, 24 [pid 5114] futex(0x7fba1e5257bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... set_robust_list resumed>) = 0 [pid 5115] <... write resumed>) = 9 [pid 5115] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 60.954114][ T5115] loop0: detected capacity change from 0 to 2048 [ 60.968762][ T5115] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5115] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5118] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 5114] <... futex resumed>) = ? [pid 5115] <... futex resumed>) = ? [pid 5115] +++ killed by SIGBUS +++ [pid 5118] +++ killed by SIGBUS +++ [pid 5114] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5114, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556021620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556029660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556029660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555556021620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x5555560205e0, 24) = 0 [pid 5119] chdir("./8") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5076] <... clone resumed>, child_tidptr=0x5555560205d0) = 5119 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [ 61.013591][ T5118] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1095: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 61.039562][ T5076] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1e42c000 [pid 5119] mprotect(0x7fba1e42d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] clone(child_stack=0x7fba1e44c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5120 attached [pid 5120] set_robust_list(0x7fba1e44c9e0, 24) = 0 [pid 5120] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... clone resumed>, parent_tid=[5120], tls=0x7fba1e44c700, child_tidptr=0x7fba1e44c9d0) = 5120 [pid 5119] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5120] memfd_create("syzkaller", 0 [pid 5119] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5120] <... memfd_create resumed>) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba1602c000 [pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5120] munmap(0x7fba1602c000, 1048576) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] mkdir("./file0", 0777) = 0 [pid 5120] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./file0") = 0 [pid 5120] ioctl(4, LOOP_CLR_FD) = 0 [pid 5120] close(4) = 0 [pid 5120] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... futex resumed>) = 0 [pid 5120] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 5120] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 5120] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] open("./bus", O_RDWR) = 5 [pid 5120] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5119] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... mmap resumed>) = 0x20000000 [pid 5120] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7fba1e5257bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] write(4, 0x20000f80, 9 [pid 5119] <... futex resumed>) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1610b000 [pid 5119] mprotect(0x7fba1610c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5120] <... write resumed>) = 9 [pid 5119] clone(child_stack=0x7fba1612b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5120] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... clone resumed>, parent_tid=[5123], tls=0x7fba1612b700, child_tidptr=0x7fba1612b9d0) = 5123 ./strace-static-x86_64: Process 5123 attached [pid 5120] <... futex resumed>) = 0 [pid 5119] futex(0x7fba1e5257b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] set_robust_list(0x7fba1612b9e0, 24 [pid 5120] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7fba1e5257bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... set_robust_list resumed>) = 0 [ 61.121439][ T5120] loop0: detected capacity change from 0 to 2048 [ 61.137968][ T5120] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5123] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 5120] <... futex resumed>) = ? [pid 5119] <... futex resumed>) = ? [pid 5120] +++ killed by SIGBUS +++ [pid 5123] +++ killed by SIGBUS +++ [pid 5119] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5119, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556021620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556029660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556029660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555556021620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560205d0) = 5124 ./strace-static-x86_64: Process 5124 attached [pid 5124] set_robust_list(0x5555560205e0, 24) = 0 [pid 5124] chdir("./9") = 0 [pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5124] setpgid(0, 0) = 0 [pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5124] write(3, "1000", 4) = 4 [pid 5124] close(3) = 0 [pid 5124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5124] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1e42c000 [pid 5124] mprotect(0x7fba1e42d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5124] clone(child_stack=0x7fba1e44c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5125], tls=0x7fba1e44c700, child_tidptr=0x7fba1e44c9d0) = 5125 [pid 5124] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 61.190501][ T5123] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1095: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 61.216899][ T5076] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5124] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5125 attached [pid 5125] set_robust_list(0x7fba1e44c9e0, 24) = 0 [pid 5125] memfd_create("syzkaller", 0) = 3 [pid 5125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba1602c000 [pid 5125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5125] munmap(0x7fba1602c000, 1048576) = 0 [pid 5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5125] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5125] close(3) = 0 [pid 5125] mkdir("./file0", 0777) = 0 [pid 5125] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5125] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5125] chdir("./file0") = 0 [pid 5125] ioctl(4, LOOP_CLR_FD) = 0 [pid 5125] close(4) = 0 [pid 5125] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... futex resumed>) = 0 [pid 5125] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 5125] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... futex resumed>) = 1 [pid 5125] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 5125] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] <... futex resumed>) = 1 [pid 5125] open("./bus", O_RDWR) = 5 [pid 5125] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5124] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = 1 [pid 5124] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] write(4, 0x20000f80, 9 [pid 5124] <... futex resumed>) = 0 [pid 5124] futex(0x7fba1e5257bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1610b000 [pid 5125] <... write resumed>) = 9 [pid 5125] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] mprotect(0x7fba1610c000, 131072, PROT_READ|PROT_WRITE [pid 5125] <... futex resumed>) = 0 [pid 5124] <... mprotect resumed>) = 0 [pid 5125] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] clone(child_stack=0x7fba1612b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5128 attached [pid 5128] set_robust_list(0x7fba1612b9e0, 24 [pid 5124] <... clone resumed>, parent_tid=[5128], tls=0x7fba1612b700, child_tidptr=0x7fba1612b9d0) = 5128 [pid 5124] futex(0x7fba1e5257b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] <... set_robust_list resumed>) = 0 [ 61.288216][ T5125] loop0: detected capacity change from 0 to 2048 [ 61.308676][ T5125] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5124] futex(0x7fba1e5257bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5128] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 5125] <... futex resumed>) = ? [pid 5124] <... futex resumed>) = ? [pid 5125] +++ killed by SIGBUS +++ [pid 5128] +++ killed by SIGBUS +++ [pid 5124] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5124, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556021620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556029660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556029660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555556021620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 61.352486][ T5128] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1095: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 61.382606][ T5076] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5129 attached , child_tidptr=0x5555560205d0) = 5129 [pid 5129] set_robust_list(0x5555560205e0, 24) = 0 [pid 5129] chdir("./10") = 0 [pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5129] setpgid(0, 0) = 0 [pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5129] write(3, "1000", 4) = 4 [pid 5129] close(3) = 0 [pid 5129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5129] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1e42c000 [pid 5129] mprotect(0x7fba1e42d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5129] clone(child_stack=0x7fba1e44c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5130 attached [pid 5130] set_robust_list(0x7fba1e44c9e0, 24) = 0 [pid 5129] <... clone resumed>, parent_tid=[5130], tls=0x7fba1e44c700, child_tidptr=0x7fba1e44c9d0) = 5130 [pid 5130] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5130] memfd_create("syzkaller", 0) = 3 [pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba1602c000 [pid 5130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5130] munmap(0x7fba1602c000, 1048576) = 0 [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5130] close(3) = 0 [pid 5130] mkdir("./file0", 0777) = 0 [pid 5130] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5130] chdir("./file0") = 0 [pid 5130] ioctl(4, LOOP_CLR_FD) = 0 [pid 5130] close(4) = 0 [pid 5130] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5130] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5130] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 5130] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 1 [pid 5130] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 5130] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 1 [pid 5130] open("./bus", O_RDWR) = 5 [pid 5130] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] <... futex resumed>) = 1 [pid 5130] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7fba1e5257bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1610b000 [pid 5129] mprotect(0x7fba1610c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5129] clone(child_stack=0x7fba1612b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5133], tls=0x7fba1612b700, child_tidptr=0x7fba1612b9d0) = 5133 [pid 5129] futex(0x7fba1e5257b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5130] <... futex resumed>) = 1 [pid 5129] futex(0x7fba1e5257bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] write(4, 0x20000f80, 9./strace-static-x86_64: Process 5133 attached [pid 5133] set_robust_list(0x7fba1612b9e0, 24) = 0 [pid 5130] <... write resumed>) = 9 [pid 5130] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 61.473815][ T5130] loop0: detected capacity change from 0 to 2048 [ 61.497657][ T5130] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5130] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5133] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 5130] <... futex resumed>) = ? [pid 5129] <... futex resumed>) = ? [pid 5130] +++ killed by SIGBUS +++ [pid 5133] +++ killed by SIGBUS +++ [pid 5129] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5129, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556021620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556029660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556029660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555556021620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560205d0) = 5134 ./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x5555560205e0, 24) = 0 [pid 5134] chdir("./11") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1e42c000 [pid 5134] mprotect(0x7fba1e42d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] clone(child_stack=0x7fba1e44c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5135], tls=0x7fba1e44c700, child_tidptr=0x7fba1e44c9d0) = 5135 [pid 5134] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 61.540611][ T5133] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1095: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 61.566545][ T5076] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5134] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5135 attached [pid 5135] set_robust_list(0x7fba1e44c9e0, 24) = 0 [pid 5135] memfd_create("syzkaller", 0) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba1602c000 [pid 5135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5135] munmap(0x7fba1602c000, 1048576) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] mkdir("./file0", 0777) = 0 [pid 5135] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] chdir("./file0") = 0 [pid 5135] ioctl(4, LOOP_CLR_FD) = 0 [pid 5135] close(4) = 0 [pid 5135] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000 [pid 5134] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... open resumed>) = 4 [pid 5135] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... futex resumed>) = 1 [pid 5135] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 5135] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] open("./bus", O_RDWR [pid 5134] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... open resumed>) = 5 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5135] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5134] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... mmap resumed>) = 0x20000000 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5135] write(4, 0x20000f80, 9 [pid 5134] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... write resumed>) = 9 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] futex(0x7fba1e5257bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1610b000 [pid 5134] mprotect(0x7fba1610c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] clone(child_stack=0x7fba1612b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5138 attached , parent_tid=[5138], tls=0x7fba1612b700, child_tidptr=0x7fba1612b9d0) = 5138 [pid 5134] futex(0x7fba1e5257b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7fba1e5257bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] set_robust_list(0x7fba1612b9e0, 24) = 0 [ 61.633891][ T5135] loop0: detected capacity change from 0 to 2048 [ 61.658369][ T5135] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5138] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 5135] <... futex resumed>) = ? [pid 5134] <... futex resumed>) = ? [pid 5135] +++ killed by SIGBUS +++ [pid 5138] +++ killed by SIGBUS +++ [pid 5134] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5134, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556021620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556029660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556029660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555556021620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560205d0) = 5139 ./strace-static-x86_64: Process 5139 attached [pid 5139] set_robust_list(0x5555560205e0, 24) = 0 [pid 5139] chdir("./12") = 0 [pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 61.704091][ T5138] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1095: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 61.733490][ T5076] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5139] setpgid(0, 0) = 0 [pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5139] write(3, "1000", 4) = 4 [pid 5139] close(3) = 0 [pid 5139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5139] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1e42c000 [pid 5139] mprotect(0x7fba1e42d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5139] clone(child_stack=0x7fba1e44c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5140 attached [pid 5140] set_robust_list(0x7fba1e44c9e0, 24) = 0 [pid 5140] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] <... clone resumed>, parent_tid=[5140], tls=0x7fba1e44c700, child_tidptr=0x7fba1e44c9d0) = 5140 [pid 5139] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5140] memfd_create("syzkaller", 0 [pid 5139] <... futex resumed>) = 0 [pid 5140] <... memfd_create resumed>) = 3 [pid 5140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba1602c000 [pid 5139] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5140] munmap(0x7fba1602c000, 1048576) = 0 [pid 5140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5140] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5140] close(3) = 0 [pid 5140] mkdir("./file0", 0777) = 0 [pid 5140] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5140] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5140] chdir("./file0") = 0 [pid 5140] ioctl(4, LOOP_CLR_FD) = 0 [pid 5140] close(4) = 0 [pid 5140] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5140] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5139] <... futex resumed>) = 0 [pid 5140] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000 [pid 5139] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... open resumed>) = 4 [pid 5140] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5139] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 5139] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... write resumed>) = 9 [pid 5140] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5140] open("./bus", O_RDWR [pid 5139] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] <... open resumed>) = 5 [pid 5140] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5139] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5140] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5140] write(4, 0x20000f80, 9 [pid 5139] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] futex(0x7fba1e5257bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1610b000 [pid 5139] mprotect(0x7fba1610c000, 131072, PROT_READ|PROT_WRITE [pid 5140] <... write resumed>) = 9 [pid 5140] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] <... mprotect resumed>) = 0 [pid 5140] <... futex resumed>) = 0 [pid 5139] clone(child_stack=0x7fba1612b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5140] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5139] <... clone resumed>, parent_tid=[5143], tls=0x7fba1612b700, child_tidptr=0x7fba1612b9d0) = 5143 [pid 5139] futex(0x7fba1e5257b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5143 attached [pid 5139] futex(0x7fba1e5257bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] set_robust_list(0x7fba1612b9e0, 24) = 0 [ 61.812333][ T5140] loop0: detected capacity change from 0 to 2048 [ 61.827784][ T5140] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5143] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 5140] <... futex resumed>) = ? [pid 5140] +++ killed by SIGBUS +++ [pid 5139] <... futex resumed>) = ? [pid 5143] +++ killed by SIGBUS +++ [pid 5139] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5139, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556021620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556029660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556029660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555556021620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560205d0) = 5144 ./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x5555560205e0, 24) = 0 [pid 5144] chdir("./13") = 0 [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5144] setpgid(0, 0) = 0 [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5144] write(3, "1000", 4) = 4 [pid 5144] close(3) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5144] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1e42c000 [pid 5144] mprotect(0x7fba1e42d000, 131072, PROT_READ|PROT_WRITE) = 0 [ 61.870476][ T5143] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1095: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 61.892905][ T5076] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5144] clone(child_stack=0x7fba1e44c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5145], tls=0x7fba1e44c700, child_tidptr=0x7fba1e44c9d0) = 5145 [pid 5144] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5145 attached [pid 5145] set_robust_list(0x7fba1e44c9e0, 24) = 0 [pid 5145] memfd_create("syzkaller", 0) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba1602c000 [pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5145] munmap(0x7fba1602c000, 1048576) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] mkdir("./file0", 0777) = 0 [pid 5145] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5145] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] chdir("./file0") = 0 [pid 5145] ioctl(4, LOOP_CLR_FD) = 0 [pid 5145] close(4) = 0 [pid 5145] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5145] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000 [pid 5144] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] <... open resumed>) = 4 [pid 5145] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 5145] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] open("./bus", O_RDWR) = 5 [pid 5145] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5144] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7fba1e5257bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5145] write(4, 0x20000f80, 9 [pid 5144] <... mmap resumed>) = 0x7fba1610b000 [pid 5144] mprotect(0x7fba1610c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] clone(child_stack=0x7fba1612b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5145] <... write resumed>) = 9 [pid 5144] <... clone resumed>, parent_tid=[5148], tls=0x7fba1612b700, child_tidptr=0x7fba1612b9d0) = 5148 ./strace-static-x86_64: Process 5148 attached [pid 5145] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] futex(0x7fba1e5257b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] set_robust_list(0x7fba1612b9e0, 24 [pid 5145] <... futex resumed>) = 0 [pid 5144] <... futex resumed>) = 0 [pid 5148] <... set_robust_list resumed>) = 0 [pid 5145] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 61.968110][ T5145] loop0: detected capacity change from 0 to 2048 [ 61.988986][ T5145] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5144] futex(0x7fba1e5257bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5148] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 5145] <... futex resumed>) = ? [pid 5144] <... futex resumed>) = ? [pid 5148] +++ killed by SIGBUS +++ [pid 5145] +++ killed by SIGBUS +++ [pid 5144] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5144, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556021620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556029660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556029660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555556021620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560205d0) = 5149 ./strace-static-x86_64: Process 5149 attached [ 62.040585][ T5148] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1095: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 62.066580][ T5076] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5149] set_robust_list(0x5555560205e0, 24) = 0 [pid 5149] chdir("./14") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1e42c000 [pid 5149] mprotect(0x7fba1e42d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] clone(child_stack=0x7fba1e44c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5150 attached , parent_tid=[5150], tls=0x7fba1e44c700, child_tidptr=0x7fba1e44c9d0) = 5150 [pid 5150] set_robust_list(0x7fba1e44c9e0, 24) = 0 [pid 5150] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5150] memfd_create("syzkaller", 0) = 3 [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba1602c000 [pid 5149] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5150] munmap(0x7fba1602c000, 1048576) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5150] close(3) = 0 [pid 5150] mkdir("./file0", 0777) = 0 [pid 5150] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5150] chdir("./file0") = 0 [pid 5150] ioctl(4, LOOP_CLR_FD) = 0 [pid 5150] close(4) = 0 [pid 5150] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... futex resumed>) = 1 [pid 5150] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 5150] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... futex resumed>) = 1 [pid 5150] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 5150] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... futex resumed>) = 1 [pid 5150] open("./bus", O_RDWR) = 5 [pid 5150] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5149] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... mmap resumed>) = 0x20000000 [pid 5150] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7fba1e5257bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1610b000 [pid 5149] mprotect(0x7fba1610c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] clone(child_stack=0x7fba1612b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5153], tls=0x7fba1612b700, child_tidptr=0x7fba1612b9d0) = 5153 [pid 5149] futex(0x7fba1e5257b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7fba1e5257bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... futex resumed>) = 1 [pid 5150] write(4, 0x20000f80, 9) = 9 [pid 5150] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5153 attached [pid 5153] set_robust_list(0x7fba1612b9e0, 24) = 0 [ 62.160737][ T5150] loop0: detected capacity change from 0 to 2048 [ 62.178728][ T5150] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5153] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 5150] <... futex resumed>) = ? [pid 5149] <... futex resumed>) = ? [pid 5150] +++ killed by SIGBUS +++ [pid 5153] +++ killed by SIGBUS +++ [pid 5149] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5149, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556021620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556029660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556029660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555556021620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5154 attached , child_tidptr=0x5555560205d0) = 5154 [pid 5154] set_robust_list(0x5555560205e0, 24) = 0 [pid 5154] chdir("./15") = 0 [pid 5154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5154] setpgid(0, 0) = 0 [pid 5154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5154] write(3, "1000", 4) = 4 [ 62.224194][ T5153] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1095: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 62.250499][ T5076] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5154] close(3) = 0 [pid 5154] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5154] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1e42c000 [pid 5154] mprotect(0x7fba1e42d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5154] clone(child_stack=0x7fba1e44c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5155 attached , parent_tid=[5155], tls=0x7fba1e44c700, child_tidptr=0x7fba1e44c9d0) = 5155 [pid 5155] set_robust_list(0x7fba1e44c9e0, 24) = 0 [pid 5155] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5155] memfd_create("syzkaller", 0 [pid 5154] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5155] <... memfd_create resumed>) = 3 [pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba1602c000 [pid 5155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5155] munmap(0x7fba1602c000, 1048576) = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5155] close(3) = 0 [pid 5155] mkdir("./file0", 0777) = 0 [pid 5155] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5155] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5155] chdir("./file0") = 0 [pid 5155] ioctl(4, LOOP_CLR_FD) = 0 [pid 5155] close(4) = 0 [pid 5155] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... futex resumed>) = 1 [pid 5155] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 5155] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... futex resumed>) = 1 [pid 5155] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 5155] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... futex resumed>) = 1 [pid 5155] open("./bus", O_RDWR) = 5 [pid 5155] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5154] <... futex resumed>) = 0 [pid 5155] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5154] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5154] <... futex resumed>) = 0 [pid 5154] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... mmap resumed>) = 0x20000000 [pid 5155] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5154] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5154] <... futex resumed>) = 1 [pid 5154] futex(0x7fba1e5257bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] write(4, 0x20000f80, 9 [pid 5154] <... futex resumed>) = 0 [pid 5154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1610b000 [pid 5155] <... write resumed>) = 9 [pid 5154] mprotect(0x7fba1610c000, 131072, PROT_READ|PROT_WRITE [pid 5155] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... mprotect resumed>) = 0 [pid 5155] <... futex resumed>) = 0 [pid 5154] clone(child_stack=0x7fba1612b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5158 attached [pid 5155] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] set_robust_list(0x7fba1612b9e0, 24 [pid 5154] <... clone resumed>, parent_tid=[5158], tls=0x7fba1612b700, child_tidptr=0x7fba1612b9d0) = 5158 [ 62.329394][ T5155] loop0: detected capacity change from 0 to 2048 [ 62.348442][ T5155] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5158] <... set_robust_list resumed>) = 0 [pid 5154] futex(0x7fba1e5257b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] futex(0x7fba1e5257bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 5155] <... futex resumed>) = ? [pid 5155] +++ killed by SIGBUS +++ [pid 5154] <... futex resumed>) = ? [pid 5158] +++ killed by SIGBUS +++ [pid 5154] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5154, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556021620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556029660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556029660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555556021620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555560205d0) = 5159 ./strace-static-x86_64: Process 5159 attached [pid 5159] set_robust_list(0x5555560205e0, 24) = 0 [pid 5159] chdir("./16") = 0 [pid 5159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5159] setpgid(0, 0) = 0 [pid 5159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5159] write(3, "1000", 4) = 4 [ 62.385779][ T5158] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1095: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 62.412928][ T5076] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5159] close(3) = 0 [pid 5159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5159] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1e42c000 [pid 5159] mprotect(0x7fba1e42d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5159] clone(child_stack=0x7fba1e44c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5160], tls=0x7fba1e44c700, child_tidptr=0x7fba1e44c9d0) = 5160 [pid 5159] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5160 attached [pid 5160] set_robust_list(0x7fba1e44c9e0, 24) = 0 [pid 5160] memfd_create("syzkaller", 0) = 3 [pid 5160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fba1602c000 [pid 5160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5160] munmap(0x7fba1602c000, 1048576) = 0 [pid 5160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5160] close(3) = 0 [pid 5160] mkdir("./file0", 0777) = 0 [pid 5160] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5160] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5160] chdir("./file0") = 0 [pid 5160] ioctl(4, LOOP_CLR_FD) = 0 [pid 5160] close(4) = 0 [pid 5160] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5160] futex(0x7fba1e5257a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5159] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5159] <... futex resumed>) = 0 [pid 5160] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000 [pid 5159] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... open resumed>) = 4 [pid 5160] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5160] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 5159] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... write resumed>) = 9 [pid 5160] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5160] open("./bus", O_RDWR [pid 5159] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] <... open resumed>) = 5 [pid 5159] <... futex resumed>) = 0 [pid 5160] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] <... futex resumed>) = 0 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5160] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5159] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] <... mmap resumed>) = 0x20000000 [pid 5159] <... futex resumed>) = 0 [ 62.487683][ T5160] loop0: detected capacity change from 0 to 2048 [ 62.507767][ T5160] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5160] futex(0x7fba1e5257ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] futex(0x7fba1e5257ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5159] futex(0x7fba1e5257a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7fba1e5257bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fba1610b000 [pid 5159] mprotect(0x7fba1610c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5159] clone(child_stack=0x7fba1612b3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5163], tls=0x7fba1612b700, child_tidptr=0x7fba1612b9d0) = 5163 ./strace-static-x86_64: Process 5163 attached [pid 5159] futex(0x7fba1e5257b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] set_robust_list(0x7fba1612b9e0, 24) = 0 [pid 5160] <... futex resumed>) = 0 [pid 5159] <... futex resumed>) = 0 [pid 5159] futex(0x7fba1e5257bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5160] write(4, 0x20000f80, 9 [pid 5163] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [ 62.548148][ T5163] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1095: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 62.564611][ T5160] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 62.578282][ T5160] EXT4-fs (loop0): This should not happen!! Data will be lost [ 62.578282][ T5160] [ 62.588514][ T5160] EXT4-fs (loop0): Total free blocks count 0 [pid 5159] <... futex resumed>) = ? [pid 5163] +++ killed by SIGBUS +++ [pid 5160] <... write resumed>) = ? [pid 5160] +++ killed by SIGBUS +++ [pid 5159] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5159, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556021620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 [ 62.594593][ T5160] EXT4-fs (loop0): Free/Dirty block details [ 62.600952][ T5160] EXT4-fs (loop0): free_blocks=2415919104 [ 62.606801][ T5160] EXT4-fs (loop0): dirty_blocks=16 [ 62.611963][ T5160] EXT4-fs (loop0): Block reservation details [ 62.618016][ T5160] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 62.635185][ T9] ------------[ cut here ]------------ [ 62.640818][ T9] kernel BUG at fs/ext4/inode.c:2781! [ 62.647090][ T9] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 62.653163][ T9] CPU: 1 PID: 9 Comm: kworker/u4:0 Not tainted 6.2.0-rc3-next-20230111-syzkaller #0 [ 62.662518][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 62.672556][ T9] Workqueue: writeback wb_workfn (flush-7:0) [ 62.678540][ T9] RIP: 0010:ext4_do_writepages+0x247a/0x30e0 [ 62.684518][ T9] Code: 00 fc ff df 44 89 6c 24 10 48 c1 ea 03 80 3c 02 00 0f 84 af e6 ff ff 48 8b 3c 24 e8 00 39 aa ff e9 a1 e6 ff ff e8 f6 4d 5c ff <0f> 0b e8 ef 4d 5c ff 48 8b 84 24 c0 00 00 00 48 8d 78 40 48 89 f8 [ 62.704138][ T9] RSP: 0018:ffffc900000e7488 EFLAGS: 00010293 [ 62.710188][ T9] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 62.718144][ T9] RDX: ffff88813fe38000 RSI: ffffffff822572fa RDI: 0000000000000007 [ 62.726098][ T9] RBP: ffffc900000e7688 R08: 0000000000000007 R09: 0000000000000000 [ 62.734138][ T9] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8880731e16c0 [ 62.742091][ T9] R13: 0000000000000001 R14: ffff8880731e1460 R15: ffff88807c17a000 [ 62.750047][ T9] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 62.758973][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 62.765567][ T9] CR2: 0000000020000204 CR3: 00000000298d6000 CR4: 00000000003506e0 [ 62.773538][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 62.781516][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 62.789472][ T9] Call Trace: [ 62.792750][ T9] [ 62.795668][ T9] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 62.801649][ T9] ? lock_chain_count+0x20/0x20 [ 62.806486][ T9] ? mark_lock.part.0+0xee/0x1910 [ 62.811592][ T9] ? __lock_acquire+0x166e/0x5660 [ 62.816636][ T9] ? ext4_writepage_cb+0x24a0/0x24a0 [ 62.822016][ T9] ? do_writepages+0x1a8/0x640 [ 62.826767][ T9] ? rcu_read_lock_sched_held+0x3e/0x70 [ 62.832310][ T9] ? trace_lock_acquire+0x1f1/0x290 [ 62.837582][ T9] ext4_writepages+0x27c/0x5e0 [ 62.842435][ T9] ? ext4_normal_submit_inode_data_buffers+0x1a0/0x1a0 [ 62.849470][ T9] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 62.855455][ T9] ? ext4_normal_submit_inode_data_buffers+0x1a0/0x1a0 [ 62.862337][ T9] do_writepages+0x1a8/0x640 [ 62.866918][ T9] ? writeback_set_ratelimit+0x150/0x150 [ 62.872538][ T9] ? wbc_attach_and_unlock_inode+0x44d/0x910 [ 62.878503][ T9] ? lock_downgrade+0x6e0/0x6e0 [ 62.883344][ T9] __writeback_single_inode+0x159/0x14d0 [ 62.888962][ T9] ? wbc_attach_and_unlock_inode+0x4a3/0x910 [ 62.894928][ T9] writeback_sb_inodes+0x54d/0xfb0 [ 62.900055][ T9] ? sync_inode_metadata+0xe0/0xe0 [ 62.905161][ T9] ? rcu_read_lock_sched_held+0x3e/0x70 [ 62.910692][ T9] ? queue_io+0x427/0x620 [ 62.915093][ T9] wb_writeback+0x2c5/0xdd0 [ 62.919583][ T9] ? __writeback_inodes_wb+0x280/0x280 [ 62.925028][ T9] wb_workfn+0x2d4/0xdc0 [ 62.929260][ T9] ? inode_wait_for_writeback+0x40/0x40 [ 62.934819][ T9] ? lock_release+0x810/0x810 [ 62.939496][ T9] ? process_one_work+0x8a1/0x1750 [ 62.944593][ T9] ? rcu_read_lock_sched_held+0x3e/0x70 [ 62.950136][ T9] ? trace_lock_acquire+0x1f1/0x290 [ 62.955529][ T9] process_one_work+0x9bf/0x1750 [ 62.960593][ T9] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 62.965963][ T9] ? rcu_read_lock_sched_held+0x3e/0x70 [ 62.971500][ T9] ? rwlock_bug.part.0+0x90/0x90 [ 62.976424][ T9] ? lock_acquire+0x32/0xc0 [ 62.980915][ T9] ? worker_thread+0x16d/0x1090 [ 62.985843][ T9] worker_thread+0x669/0x1090 [ 62.990513][ T9] ? process_one_work+0x1750/0x1750 [ 62.995718][ T9] kthread+0x2e8/0x3a0 [ 62.999772][ T9] ? kthread_complete_and_exit+0x40/0x40 [ 63.005391][ T9] ret_from_fork+0x1f/0x30 [ 63.009802][ T9] [ 63.012805][ T9] Modules linked in: [ 63.016829][ T9] ---[ end trace 0000000000000000 ]--- [ 63.022303][ T9] RIP: 0010:ext4_do_writepages+0x247a/0x30e0 [ 63.028464][ T9] Code: 00 fc ff df 44 89 6c 24 10 48 c1 ea 03 80 3c 02 00 0f 84 af e6 ff ff 48 8b 3c 24 e8 00 39 aa ff e9 a1 e6 ff ff e8 f6 4d 5c ff <0f> 0b e8 ef 4d 5c ff 48 8b 84 24 c0 00 00 00 48 8d 78 40 48 89 f8 [ 63.048174][ T9] RSP: 0018:ffffc900000e7488 EFLAGS: 00010293 [ 63.054255][ T9] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 63.062241][ T9] RDX: ffff88813fe38000 RSI: ffffffff822572fa RDI: 0000000000000007 [ 63.070237][ T9] RBP: ffffc900000e7688 R08: 0000000000000007 R09: 0000000000000000 [ 63.078221][ T9] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8880731e16c0 [ 63.086214][ T9] R13: 0000000000000001 R14: ffff8880731e1460 R15: ffff88807c17a000 [ 63.094171][ T9] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 63.103208][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 63.109818][ T9] CR2: 0000555556029628 CR3: 0000000077b82000 CR4: 00000000003506f0 [ 63.117817][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 63.125838][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 63.133869][ T9] Kernel panic - not syncing: Fatal exception [ 63.140336][ T9] Kernel Offset: disabled [ 63.144667][ T9] Rebooting in 86400 seconds..