./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3538217945

<...>
Warning: Permanently added '10.128.10.29' (ECDSA) to the list of known hosts.
execve("./syz-executor3538217945", ["./syz-executor3538217945"], 0x7fff7530b450 /* 10 vars */) = 0
brk(NULL)                               = 0x555556b4f000
brk(0x555556b4fd40)                     = 0x555556b4fd40
arch_prctl(ARCH_SET_FS, 0x555556b4f400) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x555556b4f6d0)         = 4999
set_robust_list(0x555556b4f6e0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7f7deed37720, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f7deed36c70}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f7deed377c0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f7deed36c70}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3538217945", 4096) = 28
brk(0x555556b70d40)                     = 0x555556b70d40
brk(0x555556b71000)                     = 0x555556b71000
mprotect(0x7f7deedfa000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 4999
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11)             = 11
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2)                       = 2
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3)                      = 3
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7)                  = 7
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "4999", 4)                     = 4
close(3)                                = 0
mount(NULL, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, NULL) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3
write(3, "\x3a\x73\x79\x7a\x30\x3a\x4d\x3a\x30\x3a\x01\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a", 21) = 21
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3
write(3, "\x3a\x73\x79\x7a\x31\x3a\x4d\x3a\x31\x3a\x02\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a\x50\x4f\x43", 24) = 24
close(3)                                = 0
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f7deed30a80, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f7deed36c70}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f7deed30a80, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f7deed36c70}, NULL, 8) = 0
getpid()                                = 4999
mkdir("./syzkaller.Tpffuc", 0700)       = 0
chmod("./syzkaller.Tpffuc", 0777)       = 0
chdir("./syzkaller.Tpffuc")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5000 attached
, child_tidptr=0x555556b4f6d0) = 5000
[pid  5000] set_robust_list(0x555556b4f6e0, 24) = 0
[pid  5000] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5000] setsid()                    = 1
[pid  5000] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5000] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5000] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5000] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5000] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5000] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5000] unshare(CLONE_NEWNS)        = 0
[pid  5000] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5000] unshare(CLONE_NEWIPC)       = 0
[pid  5000] unshare(CLONE_NEWCGROUP)    = 0
[pid  5000] unshare(CLONE_NEWUTS)       = 0
[pid  5000] unshare(CLONE_SYSVSEM)      = 0
[pid  5000] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5000] write(3, "16777216", 8)     = 8
[pid  5000] close(3)                    = 0
[pid  5000] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5000] write(3, "536870912", 9)    = 9
[pid  5000] close(3)                    = 0
[pid  5000] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5000] write(3, "1024", 4)         = 4
[pid  5000] close(3)                    = 0
[pid  5000] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5000] write(3, "8192", 4)         = 4
[pid  5000] close(3)                    = 0
[pid  5000] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5000] write(3, "1024", 4)         = 4
[pid  5000] close(3)                    = 0
[pid  5000] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5000] write(3, "1024", 4)         = 4
[pid  5000] close(3)                    = 0
[pid  5000] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5000] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5000] close(3)                    = 0
[pid  5000] getpid()                    = 1
[pid  5000] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5000] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5000] unshare(CLONE_NEWNET)       = 0
[pid  5000] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5000] write(3, "0 65535", 7)      = 7
[pid  5000] close(3)                    = 0
[pid  5000] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid  5000] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid  5000] close(3)                    = 0
[pid  5000] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  5000] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5000] recvfrom(3, [{nlmsg_len=244, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x29\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x1c\x00\x00\x00\x90\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 244
[pid  5000] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5000] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5000] recvfrom(3, [{nlmsg_len=2496, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x45\x01\x00\x00\xec\x08\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2496
[pid  5000] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5000] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5000] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5000] access("/proc/net", R_OK)   = 0
[pid  5000] access("/proc/net/unix", R_OK) = 0
[pid  5000] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5000] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  5000] close(4)                    = 0
[pid  5000] sendto(3, [{nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5000] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5000] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5000] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5000] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5000] close(4)                    = 0
[pid  5000] sendto(3, [{nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5000] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5000] sendto(3, [{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5000] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x29 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5000] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5000] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5000] close(4)                    = 0
[pid  5000] sendto(3, [{nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5000] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5000] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5000] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5000] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5000] close(4)                    = 0
[pid  5000] sendto(3, [{nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5000] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5000] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5000] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  5000] close(4)                    = 0
[pid  5000] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5000] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5000] recvfrom(4, [{nlmsg_len=1444, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0b\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1444
[pid  5000] close(4)                    = 0
[pid  5000] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5000] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5000] close(4)                    = 0
[pid  5000] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5000] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
syzkaller login: [   40.942453][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   40.950799][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   40.961252][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   40.984887][   T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[pid  5000] recvfrom(4, [{nlmsg_len=1444, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x00\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x00\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1444
[pid  5000] close(4)                    = 0
[pid  5000] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5000] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5000] recvfrom(4, [{nlmsg_len=1444, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1444
[pid  5000] close(4)                    = 0
[pid  5000] close(3)                    = 0
[pid  5000] mkdir("/dev/binderfs", 0777) = 0
[pid  5000] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5000] mkdir("./0", 0777)          = 0
[pid  5000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5000] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5000] close(3)                    = 0
[pid  5000] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b4f6d0) = 2
./strace-static-x86_64: Process 5003 attached
[pid  5003] set_robust_list(0x555556b4f6e0, 24) = 0
[pid  5003] chdir("./0")                = 0
[pid  5003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5003] setpgid(0, 0)               = 0
[pid  5003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5003] write(3, "1000", 4)         = 4
[pid  5003] close(3)                    = 0
[pid  5003] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5003] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7deed05000
[pid  5003] mprotect(0x7f7deed06000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5003] clone(child_stack=0x7f7deed252f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5004 attached
 <unfinished ...>
[pid  5004] set_robust_list(0x7f7deed259e0, 24) = 0
[pid  5004] futex(0x7f7deee00788, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5003] <... clone resumed>, parent_tid=[3], tls=0x7f7deed25700, child_tidptr=0x7f7deed259d0) = 3
[pid  5003] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5004] <... futex resumed>)        = 0
[pid  5003] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  5004] memfd_create("syzkaller", 0) = 3
[   40.993215][   T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   41.002640][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[pid  5004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7de6905000
[pid  5004] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid  5004] munmap(0x7f7de6905000, 1048576) = 0
[pid  5004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5004] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5004] close(3)                    = 0
[pid  5004] mkdir("./file0", 0777)      = 0
[pid  5004] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid  5004] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5004] chdir("./file0")            = 0
[pid  5004] ioctl(4, LOOP_CLR_FD)       = 0
[   41.049929][ T5004] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5004 'syz-executor353'
[   41.070184][ T5004] loop0: detected capacity change from 0 to 2048
[pid  5004] close(4)                    = 0
[pid  5004] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5003] <... futex resumed>)        = 0
[pid  5003] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5003] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5004] <... futex resumed>)        = 1
[pid  5004] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4
[pid  5004] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5003] <... futex resumed>)        = 0
[pid  5003] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5003] futex(0x7f7deee0079c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7de69e4000
[pid  5003] mprotect(0x7f7de69e5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5003] clone(child_stack=0x7f7de6a042f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5008 attached
, parent_tid=[4], tls=0x7f7de6a04700, child_tidptr=0x7f7de6a049d0) = 4
[pid  5003] futex(0x7f7deee00798, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5003] futex(0x7f7deee0079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5008] set_robust_list(0x7f7de6a049e0, 24 <unfinished ...>
[pid  5004] <... futex resumed>)        = 1
[pid  5004] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 <unfinished ...>
[pid  5008] <... set_robust_list resumed>) = 0
[pid  5008] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 <unfinished ...>
[pid  5004] <... write resumed>)        = 9
[pid  5004] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5004] futex(0x7f7deee00788, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5008] <... write resumed>)        = 9
[pid  5008] futex(0x7f7deee0079c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5003] <... futex resumed>)        = 0
[pid  5003] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5003] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5004] <... futex resumed>)        = 0
[pid  5008] <... futex resumed>)        = 1
[pid  5004] open("./bus", O_RDWR <unfinished ...>
[pid  5008] futex(0x7f7deee00798, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5004] <... open resumed>)         = 5
[pid  5004] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5003] <... futex resumed>)        = 0
[pid  5003] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5003] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5004] <... futex resumed>)        = 1
[pid  5004] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5004] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5003] <... futex resumed>)        = 0
[pid  5003] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5003] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5004] <... futex resumed>)        = 1
[   41.091496][ T5004] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[pid  5004] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040) = -1 EFAULT (Bad address)
[pid  5004] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5003] <... futex resumed>)        = 0
[pid  5003] close(3)                    = 0
[pid  5004] futex(0x7f7deee00788, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5003] close(4)                    = 0
[pid  5003] close(5)                    = 0
[pid  5003] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5003] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5003] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5003] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5003] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5003] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5003] exit_group(0)               = ?
[pid  5008] <... futex resumed>)        = ?
[pid  5004] <... futex resumed>)        = ?
[pid  5008] +++ exited with 0 +++
[pid  5004] +++ exited with 0 +++
[pid  5003] +++ exited with 0 +++
[pid  5000] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} ---
[pid  5000] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5000] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5000] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5000] getdents64(3, 0x555556b50720 /* 4 entries */, 32768) = 112
[pid  5000] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  5000] unlink("./0/binderfs")      = 0
[   41.142115][ T5004] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[pid  5000] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  5000] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5000] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5000] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5000] getdents64(4, 0x555556b58760 /* 2 entries */, 32768) = 48
[pid  5000] getdents64(4, 0x555556b58760 /* 0 entries */, 32768) = 0
[pid  5000] close(4)                    = 0
[pid  5000] rmdir("./0/file0")          = 0
[pid  5000] getdents64(3, 0x555556b50720 /* 0 entries */, 32768) = 0
[pid  5000] close(3)                    = 0
[pid  5000] rmdir("./0")                = 0
[pid  5000] mkdir("./1", 0777)          = 0
[pid  5000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5000] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5000] close(3)                    = 0
[pid  5000] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b4f6d0) = 5
./strace-static-x86_64: Process 5009 attached
[pid  5009] set_robust_list(0x555556b4f6e0, 24) = 0
[pid  5009] chdir("./1")                = 0
[pid  5009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5009] setpgid(0, 0)               = 0
[pid  5009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5009] write(3, "1000", 4)         = 4
[pid  5009] close(3)                    = 0
[pid  5009] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5009] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7deed05000
[pid  5009] mprotect(0x7f7deed06000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5009] clone(child_stack=0x7f7deed252f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6], tls=0x7f7deed25700, child_tidptr=0x7f7deed259d0) = 6
[pid  5009] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5009] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5010 attached
 <unfinished ...>
[pid  5010] set_robust_list(0x7f7deed259e0, 24) = 0
[pid  5010] memfd_create("syzkaller", 0) = 3
[pid  5010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7de6905000
[pid  5010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid  5010] munmap(0x7f7de6905000, 1048576) = 0
[   41.190025][ T5000] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5010] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5010] close(3)                    = 0
[pid  5010] mkdir("./file0", 0777)      = 0
[pid  5010] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid  5010] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5010] chdir("./file0")            = 0
[pid  5010] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5010] close(4)                    = 0
[pid  5010] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5009] <... futex resumed>)        = 0
[pid  5009] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5009] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5010] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4
[pid  5010] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5009] <... futex resumed>)        = 0
[pid  5009] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5010] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 <unfinished ...>
[pid  5009] <... futex resumed>)        = 0
[pid  5009] futex(0x7f7deee0079c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  5010] <... write resumed>)        = 9
[pid  5010] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5009] <... mmap resumed>)         = 0x7f7de69e4000
[pid  5010] <... futex resumed>)        = 0
[pid  5010] futex(0x7f7deee00788, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5009] mprotect(0x7f7de69e5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5009] clone(child_stack=0x7f7de6a042f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5013 attached
 <unfinished ...>
[pid  5013] set_robust_list(0x7f7de6a049e0, 24 <unfinished ...>
[pid  5009] <... clone resumed>, parent_tid=[7], tls=0x7f7de6a04700, child_tidptr=0x7f7de6a049d0) = 7
[pid  5013] <... set_robust_list resumed>) = 0
[pid  5009] futex(0x7f7deee00798, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5013] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 <unfinished ...>
[pid  5009] <... futex resumed>)        = 0
[pid  5009] futex(0x7f7deee0079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5013] <... write resumed>)        = 9
[pid  5013] futex(0x7f7deee0079c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5009] <... futex resumed>)        = 0
[pid  5013] futex(0x7f7deee00798, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5009] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5010] <... futex resumed>)        = 0
[pid  5009] <... futex resumed>)        = 1
[pid  5010] open("./bus", O_RDWR <unfinished ...>
[pid  5009] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5010] <... open resumed>)         = 5
[pid  5010] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5009] <... futex resumed>)        = 0
[pid  5010] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0 <unfinished ...>
[pid  5009] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5009] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5010] <... mmap resumed>)         = 0x20000000
[pid  5010] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5009] <... futex resumed>)        = 0
[pid  5010] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040 <unfinished ...>
[pid  5009] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   41.261353][ T5010] loop0: detected capacity change from 0 to 2048
[   41.280487][ T5010] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[pid  5009] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5010] <... ioctl resumed>)        = -1 EFAULT (Bad address)
[pid  5010] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5009] <... futex resumed>)        = 0
[pid  5010] futex(0x7f7deee00788, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5009] close(3)                    = 0
[pid  5009] close(4)                    = 0
[pid  5009] close(5)                    = 0
[pid  5009] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5009] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5009] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5009] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5009] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5009] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5009] exit_group(0 <unfinished ...>
[pid  5013] <... futex resumed>)        = ?
[pid  5010] <... futex resumed>)        = ?
[pid  5009] <... exit_group resumed>)   = ?
[pid  5013] +++ exited with 0 +++
[pid  5010] +++ exited with 0 +++
[pid  5009] +++ exited with 0 +++
[pid  5000] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
[pid  5000] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5000] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5000] getdents64(3, 0x555556b50720 /* 4 entries */, 32768) = 112
[pid  5000] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  5000] unlink("./1/binderfs")      = 0
[pid  5000] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  5000] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5000] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5000] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5000] getdents64(4, 0x555556b58760 /* 2 entries */, 32768) = 48
[pid  5000] getdents64(4, 0x555556b58760 /* 0 entries */, 32768) = 0
[pid  5000] close(4)                    = 0
[pid  5000] rmdir("./1/file0")          = 0
[pid  5000] getdents64(3, 0x555556b50720 /* 0 entries */, 32768) = 0
[pid  5000] close(3)                    = 0
[pid  5000] rmdir("./1")                = 0
[pid  5000] mkdir("./2", 0777)          = 0
[pid  5000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5000] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5000] close(3)                    = 0
[   41.318253][ T5010] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   41.348363][ T5000] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5000] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b4f6d0) = 8
./strace-static-x86_64: Process 5014 attached
[pid  5014] set_robust_list(0x555556b4f6e0, 24) = 0
[pid  5014] chdir("./2")                = 0
[pid  5014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5014] setpgid(0, 0)               = 0
[pid  5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5014] write(3, "1000", 4)         = 4
[pid  5014] close(3)                    = 0
[pid  5014] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5014] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7deed05000
[pid  5014] mprotect(0x7f7deed06000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5014] clone(child_stack=0x7f7deed252f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5015 attached
 <unfinished ...>
[pid  5015] set_robust_list(0x7f7deed259e0, 24) = 0
[pid  5015] futex(0x7f7deee00788, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5014] <... clone resumed>, parent_tid=[9], tls=0x7f7deed25700, child_tidptr=0x7f7deed259d0) = 9
[pid  5014] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5015] <... futex resumed>)        = 0
[pid  5015] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5014] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  5015] <... memfd_create resumed>) = 3
[pid  5015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7de6905000
[pid  5015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid  5015] munmap(0x7f7de6905000, 1048576) = 0
[pid  5015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5015] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5015] close(3)                    = 0
[pid  5015] mkdir("./file0", 0777)      = 0
[pid  5015] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid  5015] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5015] chdir("./file0")            = 0
[pid  5015] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5015] close(4)                    = 0
[pid  5015] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5014] <... futex resumed>)        = 0
[pid  5014] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5014] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5015] <... futex resumed>)        = 1
[pid  5015] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4
[pid  5015] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5014] <... futex resumed>)        = 0
[pid  5014] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5014] futex(0x7f7deee0079c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7de69e4000
[pid  5014] mprotect(0x7f7de69e5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5014] clone(child_stack=0x7f7de6a042f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[10], tls=0x7f7de6a04700, child_tidptr=0x7f7de6a049d0) = 10
[pid  5014] futex(0x7f7deee00798, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5014] futex(0x7f7deee0079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5015] <... futex resumed>)        = 1
[pid  5015] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9
[pid  5015] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5015] futex(0x7f7deee00788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5018 attached
 <unfinished ...>
[pid  5018] set_robust_list(0x7f7de6a049e0, 24) = 0
[pid  5018] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9
[pid  5018] futex(0x7f7deee0079c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5014] <... futex resumed>)        = 0
[pid  5014] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5015] <... futex resumed>)        = 0
[pid  5014] <... futex resumed>)        = 1
[pid  5015] open("./bus", O_RDWR <unfinished ...>
[pid  5014] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5015] <... open resumed>)         = 5
[pid  5018] futex(0x7f7deee00798, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5015] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5014] <... futex resumed>)        = 0
[pid  5014] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5014] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5015] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5015] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5014] <... futex resumed>)        = 0
[pid  5014] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5015] <... futex resumed>)        = 1
[pid  5014] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[   41.432170][ T5015] loop0: detected capacity change from 0 to 2048
[   41.450094][ T5015] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[pid  5015] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040) = -1 EFAULT (Bad address)
[pid  5015] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5014] <... futex resumed>)        = 0
[pid  5014] close(3)                    = 0
[pid  5015] <... futex resumed>)        = 1
[pid  5015] futex(0x7f7deee00788, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5014] close(4)                    = 0
[pid  5014] close(5)                    = 0
[pid  5014] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5014] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5014] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5014] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5014] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5014] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5014] exit_group(0 <unfinished ...>
[pid  5018] <... futex resumed>)        = ?
[pid  5014] <... exit_group resumed>)   = ?
[pid  5018] +++ exited with 0 +++
[pid  5015] <... futex resumed>)        = ?
[pid  5015] +++ exited with 0 +++
[pid  5014] +++ exited with 0 +++
[pid  5000] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
[pid  5000] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5000] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5000] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5000] getdents64(3, 0x555556b50720 /* 4 entries */, 32768) = 112
[pid  5000] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  5000] unlink("./2/binderfs")      = 0
[pid  5000] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  5000] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5000] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5000] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5000] getdents64(4, 0x555556b58760 /* 2 entries */, 32768) = 48
[pid  5000] getdents64(4, 0x555556b58760 /* 0 entries */, 32768) = 0
[pid  5000] close(4)                    = 0
[pid  5000] rmdir("./2/file0")          = 0
[pid  5000] getdents64(3, 0x555556b50720 /* 0 entries */, 32768) = 0
[pid  5000] close(3)                    = 0
[pid  5000] rmdir("./2")                = 0
[pid  5000] mkdir("./3", 0777)          = 0
[pid  5000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5000] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5000] close(3)                    = 0
[pid  5000] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b4f6d0) = 11
./strace-static-x86_64: Process 5019 attached
[pid  5019] set_robust_list(0x555556b4f6e0, 24) = 0
[pid  5019] chdir("./3")                = 0
[pid  5019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5019] setpgid(0, 0)               = 0
[pid  5019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5019] write(3, "1000", 4)         = 4
[pid  5019] close(3)                    = 0
[pid  5019] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5019] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7deed05000
[pid  5019] mprotect(0x7f7deed06000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5019] clone(child_stack=0x7f7deed252f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5020 attached
, parent_tid=[12], tls=0x7f7deed25700, child_tidptr=0x7f7deed259d0) = 12
[pid  5020] set_robust_list(0x7f7deed259e0, 24) = 0
[pid  5020] futex(0x7f7deee00788, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5019] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5020] <... futex resumed>)        = 0
[pid  5020] memfd_create("syzkaller", 0) = 3
[pid  5020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7de6905000
[pid  5019] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  5020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid  5020] munmap(0x7f7de6905000, 1048576) = 0
[pid  5020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   41.492784][ T5015] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   41.528861][ T5000] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5020] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5020] close(3)                    = 0
[pid  5020] mkdir("./file0", 0777)      = 0
[pid  5020] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid  5020] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5020] chdir("./file0")            = 0
[pid  5020] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5020] close(4)                    = 0
[pid  5020] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5019] <... futex resumed>)        = 0
[pid  5019] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5019] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5020] <... futex resumed>)        = 1
[pid  5020] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4
[pid  5020] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5019] <... futex resumed>)        = 0
[pid  5019] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5019] futex(0x7f7deee0079c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7de69e4000
[pid  5019] mprotect(0x7f7de69e5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5019] clone(child_stack=0x7f7de6a042f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[13], tls=0x7f7de6a04700, child_tidptr=0x7f7de6a049d0) = 13
[pid  5019] futex(0x7f7deee00798, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5019] futex(0x7f7deee0079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5020] <... futex resumed>)        = 1
[pid  5020] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9
[pid  5020] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5020] futex(0x7f7deee00788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5023 attached
 <unfinished ...>
[pid  5023] set_robust_list(0x7f7de6a049e0, 24) = 0
[pid  5023] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9
[pid  5023] futex(0x7f7deee0079c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5019] <... futex resumed>)        = 0
[pid  5019] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5019] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5020] <... futex resumed>)        = 0
[pid  5020] open("./bus", O_RDWR)       = 5
[pid  5020] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5019] <... futex resumed>)        = 0
[pid  5019] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5019] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5020] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5020] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5019] <... futex resumed>)        = 0
[pid  5019] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5019] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5020] <... futex resumed>)        = 1
[pid  5020] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040 <unfinished ...>
[pid  5023] <... futex resumed>)        = 1
[   41.582073][ T5020] loop0: detected capacity change from 0 to 2048
[   41.600495][ T5020] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[pid  5023] futex(0x7f7deee00798, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5020] <... ioctl resumed>)        = -1 EFAULT (Bad address)
[pid  5020] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5019] <... futex resumed>)        = 0
[pid  5019] close(3)                    = 0
[pid  5019] close(4)                    = 0
[pid  5019] close(5)                    = 0
[pid  5019] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5019] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5019] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5019] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5019] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5019] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5019] exit_group(0 <unfinished ...>
[pid  5023] <... futex resumed>)        = ?
[pid  5019] <... exit_group resumed>)   = ?
[pid  5023] +++ exited with 0 +++
[pid  5020] <... futex resumed>)        = ?
[pid  5020] +++ exited with 0 +++
[pid  5019] +++ exited with 0 +++
[pid  5000] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
[pid  5000] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5000] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5000] getdents64(3, 0x555556b50720 /* 4 entries */, 32768) = 112
[pid  5000] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  5000] unlink("./3/binderfs")      = 0
[pid  5000] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  5000] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5000] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5000] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5000] getdents64(4, 0x555556b58760 /* 2 entries */, 32768) = 48
[pid  5000] getdents64(4, 0x555556b58760 /* 0 entries */, 32768) = 0
[pid  5000] close(4)                    = 0
[pid  5000] rmdir("./3/file0")          = 0
[pid  5000] getdents64(3, 0x555556b50720 /* 0 entries */, 32768) = 0
[pid  5000] close(3)                    = 0
[pid  5000] rmdir("./3")                = 0
[pid  5000] mkdir("./4", 0777)          = 0
[   41.626448][ T5020] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   41.658972][ T5000] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5000] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5000] close(3)                    = 0
[pid  5000] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5024 attached
 <unfinished ...>
[pid  5024] set_robust_list(0x555556b4f6e0, 24) = 0
[pid  5024] chdir("./4")                = 0
[pid  5024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5024] setpgid(0, 0)               = 0
[pid  5024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5024] write(3, "1000", 4)         = 4
[pid  5024] close(3)                    = 0
[pid  5024] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5024] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7deed05000
[pid  5024] mprotect(0x7f7deed06000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5024] clone(child_stack=0x7f7deed252f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[15], tls=0x7f7deed25700, child_tidptr=0x7f7deed259d0) = 15
[pid  5024] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5024] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5025 attached
 <unfinished ...>
[pid  5025] set_robust_list(0x7f7deed259e0, 24) = 0
[pid  5025] memfd_create("syzkaller", 0) = 3
[pid  5025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7de6905000
[pid  5000] <... clone resumed>, child_tidptr=0x555556b4f6d0) = 14
[pid  5025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid  5025] munmap(0x7f7de6905000, 1048576) = 0
[pid  5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5025] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5025] close(3)                    = 0
[pid  5025] mkdir("./file0", 0777)      = 0
[pid  5025] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid  5025] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5025] chdir("./file0")            = 0
[pid  5025] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5025] close(4)                    = 0
[pid  5025] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5025] futex(0x7f7deee00788, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5024] <... futex resumed>)        = 0
[pid  5024] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5024] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5025] <... futex resumed>)        = 0
[pid  5025] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4
[pid  5025] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5024] <... futex resumed>)        = 0
[pid  5024] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5024] futex(0x7f7deee0079c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7de69e4000
[pid  5024] mprotect(0x7f7de69e5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5024] clone(child_stack=0x7f7de6a042f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[16], tls=0x7f7de6a04700, child_tidptr=0x7f7de6a049d0) = 16
[pid  5024] futex(0x7f7deee00798, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5024] futex(0x7f7deee0079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5028 attached
 <unfinished ...>
[pid  5025] <... futex resumed>)        = 1
[pid  5025] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9
[pid  5025] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5025] futex(0x7f7deee00788, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5028] set_robust_list(0x7f7de6a049e0, 24) = 0
[pid  5028] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9
[pid  5028] futex(0x7f7deee0079c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5024] <... futex resumed>)        = 0
[pid  5024] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5024] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5025] <... futex resumed>)        = 0
[pid  5025] open("./bus", O_RDWR <unfinished ...>
[pid  5028] <... futex resumed>)        = 1
[pid  5025] <... open resumed>)         = 5
[pid  5028] futex(0x7f7deee00798, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5025] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5024] <... futex resumed>)        = 0
[pid  5024] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5024] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5025] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5025] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5024] <... futex resumed>)        = 0
[pid  5024] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5024] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[   41.744848][ T5025] loop0: detected capacity change from 0 to 2048
[   41.770280][ T5025] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[pid  5025] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040) = -1 EFAULT (Bad address)
[pid  5025] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5024] <... futex resumed>)        = 0
[pid  5024] close(3)                    = 0
[pid  5024] close(4)                    = 0
[pid  5024] close(5)                    = 0
[pid  5024] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5024] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5024] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5024] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5024] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5024] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5024] exit_group(0 <unfinished ...>
[pid  5028] <... futex resumed>)        = ?
[pid  5024] <... exit_group resumed>)   = ?
[pid  5028] +++ exited with 0 +++
[pid  5025] +++ exited with 0 +++
[pid  5024] +++ exited with 0 +++
[pid  5000] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=14, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
[pid  5000] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5000] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5000] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5000] getdents64(3, 0x555556b50720 /* 4 entries */, 32768) = 112
[pid  5000] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  5000] unlink("./4/binderfs")      = 0
[pid  5000] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  5000] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5000] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5000] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5000] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5000] getdents64(4, 0x555556b58760 /* 2 entries */, 32768) = 48
[pid  5000] getdents64(4, 0x555556b58760 /* 0 entries */, 32768) = 0
[pid  5000] close(4)                    = 0
[pid  5000] rmdir("./4/file0")          = 0
[pid  5000] getdents64(3, 0x555556b50720 /* 0 entries */, 32768) = 0
[pid  5000] close(3)                    = 0
[pid  5000] rmdir("./4")                = 0
[pid  5000] mkdir("./5", 0777)          = 0
[pid  5000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5000] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[   41.803650][ T5025] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   41.839597][ T5000] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[pid  5000] close(3)                    = 0
[pid  5000] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b4f6d0) = 17
./strace-static-x86_64: Process 5029 attached
[pid  5029] set_robust_list(0x555556b4f6e0, 24) = 0
[pid  5029] chdir("./5")                = 0
[pid  5029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5029] setpgid(0, 0)               = 0
[pid  5029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5029] write(3, "1000", 4)         = 4
[pid  5029] close(3)                    = 0
[pid  5029] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5029] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7deed05000
[pid  5029] mprotect(0x7f7deed06000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5029] clone(child_stack=0x7f7deed252f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5030 attached
, parent_tid=[18], tls=0x7f7deed25700, child_tidptr=0x7f7deed259d0) = 18
[pid  5030] set_robust_list(0x7f7deed259e0, 24) = 0
[pid  5030] futex(0x7f7deee00788, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5029] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5030] <... futex resumed>)        = 0
[pid  5030] memfd_create("syzkaller", 0 <unfinished ...>
[pid  5029] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  5030] <... memfd_create resumed>) = 3
[pid  5030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7de6905000
[pid  5030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid  5030] munmap(0x7f7de6905000, 1048576) = 0
[pid  5030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5030] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5030] close(3)                    = 0
[pid  5030] mkdir("./file0", 0777)      = 0
[pid  5030] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0
[pid  5030] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5030] chdir("./file0")            = 0
[pid  5030] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5030] close(4)                    = 0
[pid  5030] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5029] <... futex resumed>)        = 0
[pid  5029] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5029] futex(0x7f7deee0078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5030] <... futex resumed>)        = 1
[pid  5030] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOFOLLOW|O_NOATIME|0x29800030, 000) = 4
[pid  5030] futex(0x7f7deee0078c, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5029] <... futex resumed>)        = 0
[pid  5029] futex(0x7f7deee00788, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5029] futex(0x7f7deee0079c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7de69e4000
[pid  5029] mprotect(0x7f7de69e5000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5029] clone(child_stack=0x7f7de6a042f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[19], tls=0x7f7de6a04700, child_tidptr=0x7f7de6a049d0) = 19
[pid  5029] futex(0x7f7deee00798, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5029] futex(0x7f7deee0079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5033 attached
 <unfinished ...>
[pid  5033] set_robust_list(0x7f7de6a049e0, 24) = 0
[pid  5033] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9
[pid  5033] futex(0x7f7deee0079c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5029] <... futex resumed>)        = 0
[pid  5029] futex(0x7f7deee00798, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5029] futex(0x7f7deee0079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5033] <... futex resumed>)        = 1
[pid  5033] open("./bus", O_RDWR)       = 5
[pid  5033] futex(0x7f7deee0079c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5029] <... futex resumed>)        = 0
[pid  5029] futex(0x7f7deee00798, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5029] futex(0x7f7deee0079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5033] <... futex resumed>)        = 1
[pid  5033] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0 <unfinished ...>
[pid  5030] write(4, 0x20000f80, 9 <unfinished ...>
[pid  5033] <... mmap resumed>)         = 0x20000000
[pid  5033] futex(0x7f7deee0079c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5029] <... futex resumed>)        = 0
[pid  5029] futex(0x7f7deee00798, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5029] futex(0x7f7deee0079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5033] <... futex resumed>)        = 1
[   41.920021][ T5030] loop0: detected capacity change from 0 to 2048
[   41.940771][ T5030] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[pid  5033] ioctl(5, _IOC(_IOC_WRITE, 0x66, 0x29, 0x4), 0x20000040) = -1 EFAULT (Bad address)
[pid  5033] futex(0x7f7deee0079c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5029] <... futex resumed>)        = 0
[pid  5033] <... futex resumed>)        = 1
[   41.973399][ T5033] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   41.989547][ T5030] ------------[ cut here ]------------
[   41.995310][ T5030] kernel BUG at fs/ext4/ext4_jbd2.c:53!
[   42.001241][ T5030] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   42.007303][ T5030] CPU: 0 PID: 5030 Comm: syz-executor353 Not tainted 6.4.0-rc4-syzkaller-00047-gafead42fdfca #0
[   42.017707][ T5030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   42.027762][ T5030] RIP: 0010:__ext4_journal_stop+0x1b7/0x1f0
[   42.033673][ T5030] Code: bf c9 1a 00 31 ff 89 de 41 89 c4 e8 13 59 5e ff 85 db 44 0f 45 e3 e9 5e ff ff ff e8 d3 25 b1 ff e9 ae fe ff ff e8 d9 5c 5e ff <0f> 0b 4c 89 e7 e8 df 25 b1 ff e9 e5 fe ff ff 48 89 ef e8 d2 25 b1
[   42.053296][ T5030] RSP: 0018:ffffc90003aff960 EFLAGS: 00010293
[   42.059382][ T5030] RAX: 0000000000000000 RBX: 0000000000000012 RCX: 0000000000000000
[pid  5033] futex(0x7f7deee00798, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5029] close(3)                    = 0
[pid  5029] close(4)                    = 0
[pid  5029] close(5)                    = 0
[pid  5029] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5029] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5029] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5029] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5029] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5029] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5029] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5029] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5029] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5029] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5029] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5029] close(17)                   = -1 EBADF (Bad file descriptor)
[   42.067356][ T5030] RDX: ffff888028428000 RSI: ffffffff8225e747 RDI: 0000000000000007
[   42.075339][ T5030] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000fff
[   42.083321][ T5030] R10: 0000000000000000 R11: 0000000000000004 R12: ffff888078b8b500
[   42.091305][ T5030] R13: ffffffff8a62f0e0 R14: 000000000000032a R15: 0000000000000004
[   42.099280][ T5030] FS:  00007f7deed25700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   42.108201][ T5030] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   42.114786][ T5030] CR2: 00007f7deed26000 CR3: 000000001638e000 CR4: 0000000000350ef0
[pid  5029] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5029] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5029] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5029] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5029] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5029] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5029] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5029] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5029] close(26)                   = -1 EBADF (Bad file descriptor)
[   42.122777][ T5030] Call Trace:
[   42.126043][ T5030]  <TASK>
[   42.128958][ T5030]  ? die+0x32/0x90
[   42.132679][ T5030]  ? do_trap+0x1b2/0x3f0
[   42.136935][ T5030]  ? __ext4_journal_stop+0x1b7/0x1f0
[   42.142214][ T5030]  ? __ext4_journal_stop+0x1b7/0x1f0
[   42.147497][ T5030]  ? do_error_trap+0xb1/0x170
[   42.152167][ T5030]  ? __ext4_journal_stop+0x1b7/0x1f0
[   42.157452][ T5030]  ? handle_invalid_op+0x2c/0x30
[   42.162381][ T5030]  ? __ext4_journal_stop+0x1b7/0x1f0
[   42.167659][ T5030]  ? exc_invalid_op+0x2f/0x50
[   42.172334][ T5030]  ? asm_exc_invalid_op+0x1a/0x20
[   42.177348][ T5030]  ? __ext4_journal_stop+0x1b7/0x1f0
[   42.182621][ T5030]  ? __ext4_journal_stop+0x1b7/0x1f0
[   42.187899][ T5030]  ext4_write_inline_data_end+0x4cf/0xd20
[   42.193619][ T5030]  ? ext4_try_to_write_inline_data+0x1340/0x1340
[   42.199989][ T5030]  ? ext4_da_write_begin+0x22b/0x8c0
[   42.205271][ T5030]  ? csum_and_copy_from_iter+0x1460/0x1460
[   42.211084][ T5030]  ext4_da_write_end+0x3d0/0xad0
[   42.216009][ T5030]  generic_perform_write+0x316/0x570
[   42.221302][ T5030]  ? generic_file_readonly_mmap+0x180/0x180
[   42.227237][ T5030]  ? iunique+0x370/0x370
[   42.231505][ T5030]  ext4_buffered_write_iter+0x15b/0x460
[   42.237041][ T5030]  ext4_file_write_iter+0xbe0/0x1740
[   42.242317][ T5030]  ? ext4_file_mmap+0x6c0/0x6c0
[   42.247159][ T5030]  vfs_write+0x945/0xd50
[   42.251387][ T5030]  ? kernel_write+0x670/0x670
[   42.256050][ T5030]  ? recalc_sigpending_tsk+0x18b/0x1d0
[   42.261508][ T5030]  ? __fget_files+0x26a/0x480
[   42.266203][ T5030]  ksys_write+0x12b/0x250
[   42.270520][ T5030]  ? __ia32_sys_read+0xb0/0xb0
[   42.275270][ T5030]  ? lockdep_hardirqs_on+0x7d/0x100
[   42.280457][ T5030]  ? _raw_spin_unlock_irq+0x2e/0x50
[   42.285665][ T5030]  ? ptrace_notify+0xfe/0x140
[   42.290370][ T5030]  do_syscall_64+0x39/0xb0
[   42.294828][ T5030]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   42.300713][ T5030] RIP: 0033:0x7f7deed820a9
[   42.305112][ T5030] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid  5029] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5029] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5029] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5029] exit_group(0 <unfinished ...>
[pid  5033] <... futex resumed>)        = ?
[pid  5029] <... exit_group resumed>)   = ?
[pid  5033] +++ exited with 0 +++
[   42.324710][ T5030] RSP: 002b:00007f7deed25208 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   42.333106][ T5030] RAX: ffffffffffffffda RBX: 00007f7deee00788 RCX: 00007f7deed820a9
[   42.341098][ T5030] RDX: 0000000000000009 RSI: 0000000020000f80 RDI: 0000000000000004
[   42.349073][ T5030] RBP: 00007f7deee00780 R08: 0000000000000000 R09: 0000000000000000
[   42.357030][ T5030] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7deee0078c
[   42.365008][ T5030] R13: 00007ffea546a1cf R14: 00007f7deed25300 R15: 0000000000022000
[   42.372990][ T5030]  </TASK>
[   42.375990][ T5030] Modules linked in:
[   42.380973][ T5030] ---[ end trace 0000000000000000 ]---
[   42.386441][ T5030] RIP: 0010:__ext4_journal_stop+0x1b7/0x1f0
[   42.392371][ T5030] Code: bf c9 1a 00 31 ff 89 de 41 89 c4 e8 13 59 5e ff 85 db 44 0f 45 e3 e9 5e ff ff ff e8 d3 25 b1 ff e9 ae fe ff ff e8 d9 5c 5e ff <0f> 0b 4c 89 e7 e8 df 25 b1 ff e9 e5 fe ff ff 48 89 ef e8 d2 25 b1
[   42.412027][ T5030] RSP: 0018:ffffc90003aff960 EFLAGS: 00010293
[   42.418117][ T5030] RAX: 0000000000000000 RBX: 0000000000000012 RCX: 0000000000000000
[   42.426105][ T5030] RDX: ffff888028428000 RSI: ffffffff8225e747 RDI: 0000000000000007
[   42.434102][ T5030] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000fff
[   42.442105][ T5030] R10: 0000000000000000 R11: 0000000000000004 R12: ffff888078b8b500
[   42.450114][ T5030] R13: ffffffff8a62f0e0 R14: 000000000000032a R15: 0000000000000004
[   42.458123][ T5030] FS:  00007f7deed25700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   42.467056][ T5030] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   42.473681][ T5030] CR2: 00007f7deed26000 CR3: 000000001638e000 CR4: 0000000000350ef0
[   42.481685][ T5030] Kernel panic - not syncing: Fatal exception
[   42.487803][ T5030] Kernel Offset: disabled
[   42.492115][ T5030] Rebooting in 86400 seconds..