./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2367155829 <...> tv_nsec=50000000} [pid 10010] <... futex resumed>) = 0 [pid 10007] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10010] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10007] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10015] symlink("/dev/binderfs", "./binderfs" [pid 10010] <... write resumed>) = 16 [pid 10007] <... futex resumed>) = 0 [pid 10010] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10007] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10015] <... symlink resumed>) = 0 [pid 10014] <... clone3 resumed> => {parent_tid=[10019]}, 88) = 10019 [pid 10010] <... futex resumed>) = 0 [pid 10007] <... futex resumed>) = 0 [pid 10010] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10007] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10007] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10015] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10014] rt_sigprocmask(SIG_SETMASK, [], [pid 10007] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10015] <... futex resumed>) = 0 [pid 10007] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10019 attached [pid 10015] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10014] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10015] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10014] <... futex resumed>) = 0 [pid 10007] <... clone3 resumed> => {parent_tid=[10020]}, 88) = 10020 [pid 10015] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10014] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10007] rt_sigprocmask(SIG_SETMASK, [], [pid 10015] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10007] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10007] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10015] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10007] <... futex resumed>) = 0 [pid 10015] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10007] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10015] <... mprotect resumed>) = 0 [pid 10015] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 10020 attached [], 8) = 0 [pid 10015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10020] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10015] <... clone3 resumed> => {parent_tid=[10022]}, 88) = 10022 [pid 10020] rt_sigprocmask(SIG_SETMASK, [], [pid 10015] rt_sigprocmask(SIG_SETMASK, [], [pid 10020] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10015] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10020] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10015] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10019] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10015] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10019] <... set_robust_list resumed>) = 0 [pid 10020] <... write resumed>) = 16 ./strace-static-x86_64: Process 10022 attached [pid 10019] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10019] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10019] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10014] <... futex resumed>) = 0 [pid 10014] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10014] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10011] <... mount resumed>) = 0 [pid 10022] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10020] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10011] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10020] <... futex resumed>) = 1 [pid 10011] chdir("./file0" [pid 10007] <... futex resumed>) = 0 [pid 10011] <... chdir resumed>) = 0 [pid 10007] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10020] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10011] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10010] <... futex resumed>) = 0 [pid 10007] <... futex resumed>) = 1 [pid 10011] <... openat resumed>) = 4 [pid 10010] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10007] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10019] memfd_create("syzkaller", 0 [pid 10011] ioctl(4, LOOP_CLR_FD [pid 10010] <... mmap resumed>) = 0x20000000 [pid 10011] <... ioctl resumed>) = 0 [pid 10010] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10011] close(4 [pid 10010] <... futex resumed>) = 1 [pid 10007] <... futex resumed>) = 0 [pid 10011] <... close resumed>) = 0 [ 140.257864][T10010] loop4: detected capacity change from 0 to 2048 [ 140.282201][T10011] loop0: detected capacity change from 0 to 2048 [ 140.289836][T10013] loop3: detected capacity change from 0 to 2048 [pid 10007] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10022] <... set_robust_list resumed>) = 0 [pid 10019] <... memfd_create resumed>) = 3 [pid 10011] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10007] <... futex resumed>) = 0 [pid 10011] <... futex resumed>) = 1 [pid 10007] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10011] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10022] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10022] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10022] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10015] <... futex resumed>) = 0 [pid 10015] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10015] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10022] <... futex resumed>) = 1 [pid 10022] memfd_create("syzkaller", 0) = 3 [pid 10022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10009] <... futex resumed>) = 0 [pid 10009] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10011] <... futex resumed>) = 0 [pid 10009] <... futex resumed>) = 1 [pid 10011] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10009] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10011] <... openat resumed>) = 4 [pid 10011] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10009] <... futex resumed>) = 0 [pid 10011] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10009] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10011] <... write resumed>) = 16 [pid 10009] <... futex resumed>) = 0 [pid 10011] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10009] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10011] <... futex resumed>) = 0 [pid 10009] <... futex resumed>) = 0 [pid 10011] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10009] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10011] <... write resumed>) = 16 [pid 10011] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10009] <... futex resumed>) = 0 [pid 10011] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10009] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10009] <... futex resumed>) = 0 [pid 10011] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10009] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10011] <... mmap resumed>) = 0x20000000 [pid 10011] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10009] <... futex resumed>) = 0 [pid 10011] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10009] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10009] <... futex resumed>) = 0 [pid 10009] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10022] <... write resumed>) = 1048576 [pid 10019] <... write resumed>) = 1048576 [pid 10019] munmap(0x7fe453fca000, 138412032) = 0 [pid 10019] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10019] ioctl(4, LOOP_SET_FD, 3 [pid 10022] munmap(0x7fe453fca000, 138412032 [pid 10019] <... ioctl resumed>) = 0 [pid 10019] close(3) = 0 [pid 10019] close(4) = 0 [pid 10019] mkdir("./file0", 0777) = 0 [pid 10019] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10010] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10010] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10010] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10007] <... futex resumed>) = 0 [pid 10007] exit_group(0 [pid 10020] <... futex resumed>) = ? [pid 10007] <... exit_group resumed>) = ? [pid 10022] <... munmap resumed>) = 0 [pid 10020] +++ exited with 0 +++ [pid 10022] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10022] ioctl(4, LOOP_SET_FD, 3 [pid 10010] <... futex resumed>) = ? [ 140.333656][T10010] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 140.355466][T10011] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 140.361539][T10019] loop2: detected capacity change from 0 to 2048 [pid 10010] +++ exited with 0 +++ [pid 10007] +++ exited with 0 +++ [pid 10011] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10011] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10011] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10009] <... futex resumed>) = 0 [pid 10009] exit_group(0) = ? [pid 10011] <... futex resumed>) = ? [pid 10011] +++ exited with 0 +++ [pid 10009] +++ exited with 0 +++ [pid 10019] <... mount resumed>) = 0 [pid 10019] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10007, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10009, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 10019] chdir("./file0") = 0 [pid 10013] <... mount resumed>) = 0 [pid 10013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 295] <... restart_syscall resumed>) = 0 [pid 10013] <... openat resumed>) = 3 [pid 299] umount2("./383", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10013] chdir("./file0" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10013] <... chdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "./383", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10013] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 295] umount2("./387", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... openat resumed>) = 3 [pid 10013] <... openat resumed>) = 4 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(3, "", [pid 10013] ioctl(4, LOOP_CLR_FD [pid 295] openat(AT_FDCWD, "./387", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10013] <... ioctl resumed>) = 0 [pid 299] getdents64(3, [pid 295] <... openat resumed>) = 3 [pid 10013] close(4 [pid 10019] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10013] <... close resumed>) = 0 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] newfstatat(3, "", [pid 10013] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./383/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10013] <... futex resumed>) = 1 [pid 10012] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10013] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10012] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(AT_FDCWD, "./383/binderfs", [pid 295] getdents64(3, [pid 10013] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10012] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10012] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] unlink("./383/binderfs" [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10013] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10019] <... openat resumed>) = 4 [pid 299] <... unlink resumed>) = 0 [pid 295] umount2("./387/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10019] ioctl(4, LOOP_CLR_FD [pid 299] umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10019] <... ioctl resumed>) = 0 [pid 295] newfstatat(AT_FDCWD, "./387/binderfs", [pid 10019] close(4 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10019] <... close resumed>) = 0 [pid 10013] <... openat resumed>) = 4 [pid 295] unlink("./387/binderfs" [pid 10019] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10014] <... futex resumed>) = 0 [pid 10019] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10014] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10013] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... unlink resumed>) = 0 [pid 10014] <... futex resumed>) = 0 [pid 10013] <... futex resumed>) = 1 [pid 10012] <... futex resumed>) = 0 [pid 10014] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10013] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10012] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10019] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10012] <... futex resumed>) = 0 [pid 10019] <... openat resumed>) = 4 [pid 10013] <... write resumed>) = 16 [pid 10012] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10019] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10013] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10012] <... futex resumed>) = 0 [pid 10019] <... futex resumed>) = 1 [pid 10014] <... futex resumed>) = 0 [pid 10013] <... futex resumed>) = 0 [pid 10012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10019] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10014] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10013] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10019] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10022] <... ioctl resumed>) = 0 [pid 10019] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10014] <... futex resumed>) = 0 [pid 10012] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10022] close(3 [pid 10019] <... futex resumed>) = 0 [pid 10014] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10012] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10019] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10019] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10014] <... futex resumed>) = 0 [pid 10012] <... mprotect resumed>) = 0 [pid 10019] <... futex resumed>) = 0 [pid 10014] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10019] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10012] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10014] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10014] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10012] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10019] <... futex resumed>) = 0 [pid 10014] <... futex resumed>) = 1 [pid 10012] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10019] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10014] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10019] <... mmap resumed>) = 0x20000000 [pid 10012] <... clone3 resumed> => {parent_tid=[10027]}, 88) = 10027 [pid 10019] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10012] rt_sigprocmask(SIG_SETMASK, [], [pid 10019] <... futex resumed>) = 1 [pid 10014] <... futex resumed>) = 0 [pid 10012] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10014] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10012] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10014] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10012] <... futex resumed>) = 0 [pid 10022] <... close resumed>) = 0 [pid 10022] close(4 [pid 10012] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10027 attached [pid 10027] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10027] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10027] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10027] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10012] <... futex resumed>) = 0 [pid 10012] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10013] <... futex resumed>) = 0 [pid 10012] <... futex resumed>) = 1 [pid 10013] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10012] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10013] <... mmap resumed>) = 0x20000000 [pid 10013] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10012] <... futex resumed>) = 0 [pid 10013] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10012] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10013] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10012] <... futex resumed>) = 0 [pid 10019] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10019] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10019] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10019] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10012] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10014] <... futex resumed>) = 0 [pid 10014] exit_group(0) = ? [pid 10019] <... futex resumed>) = ? [ 140.384847][T10022] loop1: detected capacity change from 0 to 2048 [ 140.409026][T10019] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10019] +++ exited with 0 +++ [pid 10014] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10014, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./387", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./387", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./387/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./387/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./387/binderfs") = 0 [pid 297] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10013] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10013] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10013] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10012] <... futex resumed>) = 0 [pid 10012] exit_group(0 [pid 10027] <... futex resumed>) = ? [pid 10012] <... exit_group resumed>) = ? [pid 10027] +++ exited with 0 +++ [pid 10013] <... futex resumed>) = ? [pid 10013] +++ exited with 0 +++ [pid 10012] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10012, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./388", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./388", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./388/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./388/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./388/binderfs") = 0 [pid 298] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10022] <... close resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 10022] mkdir("./file0", 0777 [pid 299] umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10022] <... mkdir resumed>) = 0 [pid 10022] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 295] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./387/file0", [pid 299] newfstatat(AT_FDCWD, "./383/file0", [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./387/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] openat(AT_FDCWD, "./383/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... openat resumed>) = 4 [pid 295] newfstatat(4, "", [pid 299] <... openat resumed>) = 4 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] newfstatat(4, "", [pid 295] getdents64(4, [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, [pid 299] getdents64(4, [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4 [pid 299] close(4 [pid 295] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 295] rmdir("./387/file0" [pid 299] rmdir("./383/file0" [pid 295] <... rmdir resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 295] getdents64(3, [pid 299] getdents64(3, [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3 [pid 299] close(3 [pid 295] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 295] rmdir("./387" [pid 299] rmdir("./383" [pid 295] <... rmdir resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 299] mkdir("./384", 0777 [pid 295] mkdir("./388", 0777 [pid 299] <... mkdir resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 295] ioctl(3, LOOP_CLR_FD [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 295] close(3 [pid 299] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10029 [pid 297] <... umount2 resumed>) = 0 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10030 [pid 298] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./388/file0", [pid 297] newfstatat(AT_FDCWD, "./387/file0", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./388/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... openat resumed>) = 4 [pid 297] openat(AT_FDCWD, "./387/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] newfstatat(4, "", [pid 297] <... openat resumed>) = 4 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 297] newfstatat(4, "", [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] getdents64(4, [pid 298] close(4 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] <... close resumed>) = 0 [pid 297] getdents64(4, [pid 298] rmdir("./388/file0" [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 297] close(4./strace-static-x86_64: Process 10030 attached ./strace-static-x86_64: Process 10029 attached [pid 298] getdents64(3, [pid 297] <... close resumed>) = 0 [ 140.428961][T10013] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 297] rmdir("./387/file0" [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10030] set_robust_list(0x5555557b6760, 24 [pid 10029] set_robust_list(0x5555557b6760, 24 [pid 10022] <... mount resumed>) = 0 [pid 298] close(3 [pid 297] <... rmdir resumed>) = 0 [pid 10022] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] <... close resumed>) = 0 [pid 297] getdents64(3, [pid 10030] <... set_robust_list resumed>) = 0 [pid 10029] <... set_robust_list resumed>) = 0 [pid 10022] <... openat resumed>) = 3 [pid 298] rmdir("./388" [pid 10022] chdir("./file0" [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10030] chdir("./388" [pid 10029] chdir("./384" [pid 10022] <... chdir resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 297] close(3 [pid 10022] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] mkdir("./389", 0777 [pid 10022] <... openat resumed>) = 4 [pid 297] <... close resumed>) = 0 [pid 10030] <... chdir resumed>) = 0 [pid 10029] <... chdir resumed>) = 0 [pid 10022] ioctl(4, LOOP_CLR_FD [pid 298] <... mkdir resumed>) = 0 [pid 297] rmdir("./387" [pid 10030] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10029] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10022] <... ioctl resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10022] close(4 [pid 10030] <... prctl resumed>) = 0 [pid 10029] <... prctl resumed>) = 0 [pid 10022] <... close resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 297] <... rmdir resumed>) = 0 [pid 10030] setpgid(0, 0 [pid 10029] setpgid(0, 0 [pid 10022] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] mkdir("./388", 0777 [pid 298] ioctl(3, LOOP_CLR_FD [pid 10022] <... futex resumed>) = 1 [pid 10015] <... futex resumed>) = 0 [pid 10030] <... setpgid resumed>) = 0 [pid 10029] <... setpgid resumed>) = 0 [pid 10022] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10015] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... mkdir resumed>) = 0 [pid 10030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10022] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10015] <... futex resumed>) = 0 [pid 298] close(3 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10030] <... openat resumed>) = 3 [pid 10029] <... openat resumed>) = 3 [pid 10022] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10015] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... close resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 10030] write(3, "1000", 4 [pid 10029] write(3, "1000", 4 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] ioctl(3, LOOP_CLR_FD [pid 10030] <... write resumed>) = 4 [pid 10029] <... write resumed>) = 4 [pid 10022] <... openat resumed>) = 4 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10030] close(3 [pid 10029] close(3 [pid 10022] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10032 [pid 297] close(3 [pid 10030] <... close resumed>) = 0 [pid 10029] <... close resumed>) = 0 [pid 10022] <... futex resumed>) = 1 [pid 10015] <... futex resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 10030] symlink("/dev/binderfs", "./binderfs" [pid 10029] symlink("/dev/binderfs", "./binderfs" [pid 10022] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10015] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10030] <... symlink resumed>) = 0 [pid 10029] <... symlink resumed>) = 0 [pid 10022] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10015] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10032 attached [pid 10030] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10029] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10022] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10015] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10033 attached [pid 10032] set_robust_list(0x5555557b6760, 24 [pid 10030] <... futex resumed>) = 0 [pid 10029] <... futex resumed>) = 0 [pid 10022] <... write resumed>) = 16 [pid 10015] <... futex resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10033 [pid 10033] set_robust_list(0x5555557b6760, 24 [pid 10032] <... set_robust_list resumed>) = 0 [pid 10030] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10029] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10022] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10033] <... set_robust_list resumed>) = 0 [pid 10032] chdir("./389" [pid 10030] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10029] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10022] <... futex resumed>) = 0 [pid 10015] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10033] chdir("./388" [pid 10032] <... chdir resumed>) = 0 [pid 10030] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10029] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10022] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10015] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10033] <... chdir resumed>) = 0 [pid 10032] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10033] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10032] <... prctl resumed>) = 0 [pid 10030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10015] <... mprotect resumed>) = 0 [pid 10033] <... prctl resumed>) = 0 [pid 10032] setpgid(0, 0 [pid 10030] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10029] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10033] setpgid(0, 0 [pid 10032] <... setpgid resumed>) = 0 [pid 10030] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10029] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10015] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10033] <... setpgid resumed>) = 0 [pid 10032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10030] <... mprotect resumed>) = 0 [pid 10029] <... mprotect resumed>) = 0 [pid 10015] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10032] <... openat resumed>) = 3 [pid 10030] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10029] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10033] <... openat resumed>) = 3 [pid 10032] write(3, "1000", 4 [pid 10030] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10029] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10033] write(3, "1000", 4 [pid 10032] <... write resumed>) = 4 [pid 10030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10033] <... write resumed>) = 4 [pid 10032] close(3 [pid 10015] <... clone3 resumed> => {parent_tid=[10034]}, 88) = 10034 [pid 10033] close(3 [pid 10032] <... close resumed>) = 0 [pid 10030] <... clone3 resumed> => {parent_tid=[10035]}, 88) = 10035 [pid 10029] <... clone3 resumed> => {parent_tid=[10036]}, 88) = 10036 [pid 10015] rt_sigprocmask(SIG_SETMASK, [], [pid 10033] <... close resumed>) = 0 [pid 10032] symlink("/dev/binderfs", "./binderfs" [pid 10030] rt_sigprocmask(SIG_SETMASK, [], [pid 10029] rt_sigprocmask(SIG_SETMASK, [], [pid 10015] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10033] symlink("/dev/binderfs", "./binderfs" [pid 10032] <... symlink resumed>) = 0 [pid 10030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10033] <... symlink resumed>) = 0 [pid 10032] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10030] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10029] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10015] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10036 attached ./strace-static-x86_64: Process 10035 attached ./strace-static-x86_64: Process 10034 attached [pid 10033] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10032] <... futex resumed>) = 0 [pid 10030] <... futex resumed>) = 0 [pid 10029] <... futex resumed>) = 0 [pid 10015] <... futex resumed>) = 0 [pid 10033] <... futex resumed>) = 0 [pid 10032] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10030] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10029] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10015] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10033] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10032] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10033] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10032] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10033] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10032] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10033] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10032] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10033] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10032] <... mprotect resumed>) = 0 [pid 10033] <... mprotect resumed>) = 0 [pid 10032] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10033] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10032] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10033] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10034] set_robust_list(0x7fe45c3c99a0, 24./strace-static-x86_64: Process 10038 attached ./strace-static-x86_64: Process 10037 attached [pid 10036] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10035] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10032] <... clone3 resumed> => {parent_tid=[10037]}, 88) = 10037 [pid 10034] <... set_robust_list resumed>) = 0 [pid 10033] <... clone3 resumed> => {parent_tid=[10038]}, 88) = 10038 [pid 10032] rt_sigprocmask(SIG_SETMASK, [], [pid 10033] rt_sigprocmask(SIG_SETMASK, [], [pid 10032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10032] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10033] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10032] <... futex resumed>) = 0 [pid 10033] <... futex resumed>) = 0 [pid 10032] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10033] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10038] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10038] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10038] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10038] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10033] <... futex resumed>) = 0 [pid 10038] memfd_create("syzkaller", 0 [pid 10033] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10038] <... memfd_create resumed>) = 3 [pid 10034] rt_sigprocmask(SIG_SETMASK, [], [pid 10033] <... futex resumed>) = 0 [pid 10035] <... set_robust_list resumed>) = 0 [pid 10038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10037] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10036] <... set_robust_list resumed>) = 0 [pid 10033] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10038] <... mmap resumed>) = 0x7fe453fca000 [pid 10038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10037] <... set_robust_list resumed>) = 0 [pid 10036] rt_sigprocmask(SIG_SETMASK, [], [pid 10035] rt_sigprocmask(SIG_SETMASK, [], [pid 10034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10034] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10034] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10034] <... futex resumed>) = 1 [pid 10037] rt_sigprocmask(SIG_SETMASK, [], [pid 10015] <... futex resumed>) = 0 [pid 10036] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10035] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10034] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10015] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10036] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10035] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10022] <... futex resumed>) = 0 [pid 10015] <... futex resumed>) = 1 [pid 10022] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10036] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10035] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10015] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10022] <... mmap resumed>) = 0x20000000 [pid 10037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10036] <... futex resumed>) = 1 [pid 10035] <... futex resumed>) = 1 [pid 10030] <... futex resumed>) = 0 [pid 10029] <... futex resumed>) = 0 [pid 10022] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10036] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10035] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10030] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10029] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10022] <... futex resumed>) = 1 [pid 10015] <... futex resumed>) = 0 [pid 10036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10030] <... futex resumed>) = 0 [pid 10029] <... futex resumed>) = 0 [pid 10022] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10015] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10038] <... write resumed>) = 1048576 [pid 10037] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10036] memfd_create("syzkaller", 0 [pid 10035] memfd_create("syzkaller", 0 [pid 10030] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10029] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10022] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10015] <... futex resumed>) = 0 [pid 10035] <... memfd_create resumed>) = 3 [pid 10036] <... memfd_create resumed>) = 3 [pid 10038] munmap(0x7fe453fca000, 138412032) = 0 [pid 10037] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10037] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10032] <... futex resumed>) = 0 [pid 10032] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10032] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10037] <... futex resumed>) = 1 [pid 10037] memfd_create("syzkaller", 0) = 3 [pid 10037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10038] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10038] ioctl(4, LOOP_SET_FD, 3 [pid 10037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10015] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10036] <... mmap resumed>) = 0x7fe453fca000 [pid 10035] <... mmap resumed>) = 0x7fe453fca000 [pid 10038] <... ioctl resumed>) = 0 [pid 10038] close(3) = 0 [pid 10038] close(4) = 0 [pid 10038] mkdir("./file0", 0777) = 0 [pid 10038] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10037] <... write resumed>) = 1048576 [pid 10037] munmap(0x7fe453fca000, 138412032) = 0 [pid 10037] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10037] ioctl(4, LOOP_SET_FD, 3 [pid 10036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10022] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10022] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10022] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10015] <... futex resumed>) = 0 [pid 10015] exit_group(0 [pid 10034] <... futex resumed>) = ? [pid 10015] <... exit_group resumed>) = ? [pid 10034] +++ exited with 0 +++ [pid 10022] +++ exited with 0 +++ [pid 10037] <... ioctl resumed>) = 0 [pid 10037] close(3) = 0 [pid 10037] close(4 [pid 10015] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10015, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 296] umount2("./389", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./389/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./389/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./389/binderfs") = 0 [pid 296] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10035] <... write resumed>) = 1048576 [pid 10035] munmap(0x7fe453fca000, 138412032) = 0 [pid 10035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 140.535717][T10022] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 140.538183][T10038] loop2: detected capacity change from 0 to 2048 [ 140.567431][T10037] loop3: detected capacity change from 0 to 2048 [pid 10035] ioctl(4, LOOP_SET_FD, 3 [pid 10036] <... write resumed>) = 1048576 [pid 10036] munmap(0x7fe453fca000, 138412032) = 0 [pid 10036] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10036] ioctl(4, LOOP_SET_FD, 3 [pid 10035] <... ioctl resumed>) = 0 [pid 10035] close(3) = 0 [pid 10035] close(4 [pid 10038] <... mount resumed>) = 0 [pid 10038] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10038] chdir("./file0") = 0 [pid 10038] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10038] ioctl(4, LOOP_CLR_FD) = 0 [pid 10038] close(4) = 0 [pid 10038] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10038] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10033] <... futex resumed>) = 0 [pid 10033] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10038] <... futex resumed>) = 0 [pid 10033] <... futex resumed>) = 1 [pid 10038] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10033] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10038] <... openat resumed>) = 4 [pid 10038] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10036] <... ioctl resumed>) = 0 [pid 10033] <... futex resumed>) = 0 [pid 10038] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10033] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10038] <... write resumed>) = 16 [pid 10033] <... futex resumed>) = 0 [pid 10038] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10033] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10038] <... futex resumed>) = 0 [pid 10033] <... futex resumed>) = 0 [pid 10038] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10033] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10041]}, 88) = 10041 [pid 10033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10033] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10033] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10036] close(3) = 0 [pid 10036] close(4./strace-static-x86_64: Process 10041 attached [pid 10041] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10041] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10037] <... close resumed>) = 0 [pid 10037] mkdir("./file0", 0777 [pid 10041] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10037] <... mkdir resumed>) = 0 [pid 10033] <... futex resumed>) = 0 [pid 10037] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10033] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10038] <... futex resumed>) = 0 [pid 10033] <... futex resumed>) = 1 [pid 10038] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10033] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10038] <... mmap resumed>) = 0x20000000 [pid 10038] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10033] <... futex resumed>) = 0 [pid 10041] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10033] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10033] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10038] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10038] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10038] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10033] <... futex resumed>) = 0 [pid 10033] exit_group(0) = ? [pid 10041] <... futex resumed>) = ? [pid 10041] +++ exited with 0 +++ [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10038] <... futex resumed>) = ? [pid 296] newfstatat(AT_FDCWD, "./389/file0", [pid 10035] <... close resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10035] mkdir("./file0", 0777 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./389/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 10035] <... mkdir resumed>) = 0 [pid 296] newfstatat(4, "", [pid 10035] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10038] +++ exited with 0 +++ [pid 10033] +++ exited with 0 +++ [pid 296] getdents64(4, [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10033, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 296] close(4) = 0 [pid 296] rmdir("./389/file0") = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3 [pid 297] <... restart_syscall resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 296] rmdir("./389" [pid 297] umount2("./388", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./388", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] mkdir("./390", 0777 [pid 297] umount2("./388/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./388/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./388/binderfs") = 0 [pid 297] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD [pid 10036] <... close resumed>) = 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10036] mkdir("./file0", 0777 [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10036] <... mkdir resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10043 [pid 10036] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue"./strace-static-x86_64: Process 10043 attached [pid 10043] set_robust_list(0x5555557b6760, 24) = 0 [pid 10043] chdir("./390") = 0 [pid 10043] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10037] <... mount resumed>) = 0 [pid 10043] <... prctl resumed>) = 0 [pid 10037] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10037] chdir("./file0") = 0 [pid 10037] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10037] ioctl(4, LOOP_CLR_FD) = 0 [pid 10037] close(4) = 0 [pid 10037] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10032] <... futex resumed>) = 0 [pid 10037] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10032] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10032] <... futex resumed>) = 0 [pid 10037] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10032] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10043] setpgid(0, 0) = 0 [pid 10043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10037] <... openat resumed>) = 4 [pid 10037] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10032] <... futex resumed>) = 0 [pid 10037] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10032] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10032] <... futex resumed>) = 0 [pid 10037] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10032] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10037] <... write resumed>) = 16 [pid 10032] <... futex resumed>) = 0 [pid 10037] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10037] <... futex resumed>) = 0 [pid 10032] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10037] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10043] <... openat resumed>) = 3 [pid 10032] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10043] write(3, "1000", 4 [pid 10032] <... mprotect resumed>) = 0 [pid 10043] <... write resumed>) = 4 [pid 10032] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10045 attached => {parent_tid=[10045]}, 88) = 10045 [pid 10032] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10032] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10032] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10043] close(3) = 0 [pid 10043] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10043] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10045] set_robust_list(0x7fe45c3c99a0, 24 [pid 10043] <... futex resumed>) = 0 [pid 10043] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10043] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10045] <... set_robust_list resumed>) = 0 [pid 10043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10043] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10047]}, 88) = 10047 [pid 10043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10043] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10043] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10047 attached [pid 10045] rt_sigprocmask(SIG_SETMASK, [], [pid 10047] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10045] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10047] <... set_robust_list resumed>) = 0 [pid 10047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10047] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10047] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10047] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10045] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10043] <... futex resumed>) = 0 [pid 10036] <... mount resumed>) = 0 [pid 10045] <... write resumed>) = 16 [pid 10043] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10036] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10047] <... futex resumed>) = 0 [pid 10043] <... futex resumed>) = 1 [pid 10043] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10036] <... openat resumed>) = 3 [pid 10047] memfd_create("syzkaller", 0 [pid 10036] chdir("./file0") = 0 [pid 10036] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10047] <... memfd_create resumed>) = 3 [pid 10036] <... openat resumed>) = 4 [pid 10047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10036] ioctl(4, LOOP_CLR_FD) = 0 [pid 10047] <... mmap resumed>) = 0x7fe453fca000 [pid 10036] close(4) = 0 [pid 10045] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10036] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10029] <... futex resumed>) = 0 [pid 10036] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10029] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10029] <... futex resumed>) = 0 [pid 10036] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10029] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10045] <... futex resumed>) = 1 [pid 10045] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10032] <... futex resumed>) = 0 [pid 10032] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10037] <... futex resumed>) = 0 [pid 10037] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10032] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10036] <... openat resumed>) = 4 [pid 10037] <... mmap resumed>) = 0x20000000 [pid 10036] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10037] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10036] <... futex resumed>) = 1 [pid 10029] <... futex resumed>) = 0 [pid 10037] <... futex resumed>) = 1 [pid 10036] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10032] <... futex resumed>) = 0 [pid 10029] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10037] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10032] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10029] <... futex resumed>) = 0 [pid 10037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10036] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10032] <... futex resumed>) = 0 [pid 10029] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10032] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10029] <... futex resumed>) = 0 [ 140.586623][T10035] loop0: detected capacity change from 0 to 2048 [ 140.589055][T10036] loop4: detected capacity change from 0 to 2048 [ 140.603181][T10038] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10047] munmap(0x7fe453fca000, 138412032 [pid 10036] <... write resumed>) = 16 [pid 10036] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10036] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10029] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10049]}, 88) = 10049 [pid 10029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10029] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10029] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10049 attached [pid 10049] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10049] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10049] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10029] <... futex resumed>) = 0 [pid 10029] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10036] <... futex resumed>) = 0 [pid 10029] <... futex resumed>) = 1 [pid 10036] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10029] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10036] <... mmap resumed>) = 0x20000000 [pid 10036] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10029] <... futex resumed>) = 0 [pid 10029] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10037] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10029] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10049] <... futex resumed>) = 1 [pid 10049] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10047] <... munmap resumed>) = 0 [pid 10047] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10047] ioctl(4, LOOP_SET_FD, 3 [pid 10037] sendfile(-1, -1, [0] [pid 297] <... umount2 resumed>) = 0 [pid 10047] <... ioctl resumed>) = 0 [pid 10047] close(3) = 0 [pid 10047] close(4 [pid 10037] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10037] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10037] <... futex resumed>) = 1 [pid 10032] <... futex resumed>) = 0 [pid 10037] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10036] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10036] sendfile(-1, -1, [0] [pid 10032] exit_group(0 [pid 297] newfstatat(AT_FDCWD, "./388/file0", [pid 10045] <... futex resumed>) = ? [pid 10037] <... futex resumed>) = ? [pid 10036] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10032] <... exit_group resumed>) = ? [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10045] +++ exited with 0 +++ [pid 10037] +++ exited with 0 +++ [pid 10036] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10029] <... futex resumed>) = 0 [pid 10032] +++ exited with 0 +++ [pid 10029] exit_group(0 [pid 297] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10049] <... futex resumed>) = ? [pid 10029] <... exit_group resumed>) = ? [pid 10049] +++ exited with 0 +++ [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./388/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10032, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 297] <... openat resumed>) = 4 [pid 10036] <... futex resumed>) = ? [pid 297] newfstatat(4, "", [pid 298] umount2("./389", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] openat(AT_FDCWD, "./389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] getdents64(4, [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10036] +++ exited with 0 +++ [pid 10029] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10029, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] getdents64(4, [pid 298] umount2("./389/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] newfstatat(AT_FDCWD, "./389/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] close(4 [pid 298] unlink("./389/binderfs") = 0 [pid 297] <... close resumed>) = 0 [pid 298] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] rmdir("./388/file0") = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] umount2("./384", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] close(3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./384", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] <... close resumed>) = 0 [pid 299] newfstatat(3, "", [pid 297] rmdir("./388" [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] <... rmdir resumed>) = 0 [pid 297] mkdir("./389", 0777 [pid 299] umount2("./384/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./384/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./384/binderfs") = 0 [pid 297] <... mkdir resumed>) = 0 [pid 299] umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10052 ./strace-static-x86_64: Process 10052 attached [pid 10052] set_robust_list(0x5555557b6760, 24 [pid 10035] <... mount resumed>) = 0 [pid 10052] <... set_robust_list resumed>) = 0 [pid 10052] chdir("./389" [pid 10035] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10052] <... chdir resumed>) = 0 [pid 10052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10035] <... openat resumed>) = 3 [pid 10035] chdir("./file0") = 0 [pid 10052] setpgid(0, 0 [pid 10035] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10052] <... setpgid resumed>) = 0 [pid 10052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10035] <... openat resumed>) = 4 [pid 10035] ioctl(4, LOOP_CLR_FD [pid 10052] <... openat resumed>) = 3 [pid 10035] <... ioctl resumed>) = 0 [pid 10035] close(4) = 0 [pid 10035] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10052] write(3, "1000", 4) = 4 [pid 10052] close(3) = 0 [pid 10035] <... futex resumed>) = 1 [pid 10030] <... futex resumed>) = 0 [pid 10035] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10030] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10030] <... futex resumed>) = 0 [pid 10052] symlink("/dev/binderfs", "./binderfs" [pid 10035] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10030] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10052] <... symlink resumed>) = 0 [pid 10035] <... openat resumed>) = 4 [pid 10052] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10052] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10052] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10035] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10030] <... futex resumed>) = 0 [pid 10035] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10030] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10035] <... write resumed>) = 16 [pid 10030] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10035] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10030] <... futex resumed>) = 0 [pid 10035] <... futex resumed>) = 0 [pid 10030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10035] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10030] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10030] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10030] <... mprotect resumed>) = 0 [pid 10052] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10030] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10052] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10030] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10052] <... mprotect resumed>) = 0 [pid 10030] <... clone3 resumed> => {parent_tid=[10053]}, 88) = 10053 [pid 10030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10030] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10030] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 10054 attached => {parent_tid=[10054]}, 88) = 10054 [pid 10054] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10052] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10054] <... set_robust_list resumed>) = 0 [pid 10054] rt_sigprocmask(SIG_SETMASK, [], [pid 10052] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10054] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 10053 attached [pid 10053] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10053] rt_sigprocmask(SIG_SETMASK, [], [pid 10054] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10054] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10054] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10047] <... close resumed>) = 0 [pid 10047] mkdir("./file0", 0777) = 0 [pid 10047] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10053] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10053] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10030] <... futex resumed>) = 0 [pid 10030] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10035] <... futex resumed>) = 0 [pid 10030] <... futex resumed>) = 1 [pid 10035] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10030] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10054] <... futex resumed>) = 1 [pid 10053] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10052] <... futex resumed>) = 0 [pid 10035] <... mmap resumed>) = 0x20000000 [pid 10052] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10035] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10052] <... futex resumed>) = 0 [pid 10035] <... futex resumed>) = 1 [pid 10030] <... futex resumed>) = 0 [pid 10052] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10035] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10030] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10030] <... futex resumed>) = 0 [pid 10030] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10054] memfd_create("syzkaller", 0) = 3 [ 140.648378][T10037] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 140.667345][T10047] loop1: detected capacity change from 0 to 2048 [ 140.669242][T10036] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10054] munmap(0x7fe453fca000, 138412032) = 0 [pid 10054] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10054] ioctl(4, LOOP_SET_FD, 3 [pid 10035] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10035] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10035] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10030] <... futex resumed>) = 0 [pid 10030] exit_group(0 [pid 10053] <... futex resumed>) = ? [pid 10030] <... exit_group resumed>) = ? [pid 10053] +++ exited with 0 +++ [pid 10035] <... futex resumed>) = ? [pid 10035] +++ exited with 0 +++ [pid 10030] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10030, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 10054] <... ioctl resumed>) = 0 [pid 10054] close(3) = 0 [pid 10054] close(4 [pid 295] <... restart_syscall resumed>) = 0 [pid 295] umount2("./388", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./388", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./388/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./388/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./388/binderfs") = 0 [pid 295] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./384/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./384/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, [pid 298] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./389/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] getdents64(4, [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4 [pid 298] openat(AT_FDCWD, "./389/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... close resumed>) = 0 [pid 298] <... openat resumed>) = 4 [pid 299] rmdir("./384/file0") = 0 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] getdents64(3, [pid 298] close(4 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] <... close resumed>) = 0 [pid 299] close(3 [pid 298] rmdir("./389/file0" [pid 299] <... close resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 299] rmdir("./384" [pid 298] getdents64(3, [pid 299] <... rmdir resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] mkdir("./385", 0777 [pid 298] close(3 [pid 299] <... mkdir resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 298] rmdir("./389" [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... rmdir resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 298] mkdir("./390", 0777 [pid 10054] <... close resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 298] <... mkdir resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 299] close(3 [pid 298] <... openat resumed>) = 3 [pid 299] <... close resumed>) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 10054] mkdir("./file0", 0777 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10057 ./strace-static-x86_64: Process 10059 attached [pid 10054] <... mkdir resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10059 [pid 10054] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10059] set_robust_list(0x5555557b6760, 24./strace-static-x86_64: Process 10057 attached ) = 0 [pid 10047] <... mount resumed>) = 0 [pid 10047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10047] chdir("./file0") = 0 [pid 10047] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10047] ioctl(4, LOOP_CLR_FD) = 0 [pid 10047] close(4) = 0 [pid 10047] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10043] <... futex resumed>) = 0 [pid 10043] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10043] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10047] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10059] chdir("./385") = 0 [pid 10057] set_robust_list(0x5555557b6760, 24 [pid 10047] <... openat resumed>) = 4 [pid 10047] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10043] <... futex resumed>) = 0 [pid 10043] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10047] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10043] <... futex resumed>) = 0 [pid 10047] <... write resumed>) = 16 [pid 10043] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10047] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10043] <... futex resumed>) = 0 [pid 10047] <... futex resumed>) = 0 [pid 10043] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10047] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10043] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10043] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10043] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10043] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10060]}, 88) = 10060 [pid 10043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10043] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10043] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10060 attached [pid 10060] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10060] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10060] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10043] <... futex resumed>) = 0 [ 140.717367][T10035] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 140.730852][T10054] loop2: detected capacity change from 0 to 2048 [pid 10043] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10047] <... futex resumed>) = 0 [pid 10043] <... futex resumed>) = 1 [pid 10059] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10057] <... set_robust_list resumed>) = 0 [pid 10047] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10043] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10047] <... mmap resumed>) = 0x20000000 [pid 10047] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10043] <... futex resumed>) = 0 [pid 10060] <... futex resumed>) = 1 [pid 10059] <... prctl resumed>) = 0 [pid 10057] chdir("./390" [pid 10043] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... umount2 resumed>) = 0 [pid 10043] <... futex resumed>) = 0 [pid 10043] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10060] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10059] setpgid(0, 0 [pid 10057] <... chdir resumed>) = 0 [pid 295] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10059] <... setpgid resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] newfstatat(AT_FDCWD, "./388/file0", [pid 10057] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10059] <... openat resumed>) = 3 [pid 295] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10057] <... prctl resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10057] setpgid(0, 0 [pid 10059] write(3, "1000", 4 [pid 295] openat(AT_FDCWD, "./388/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 10059] <... write resumed>) = 4 [pid 10057] <... setpgid resumed>) = 0 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] getdents64(4, [pid 10059] close(3 [pid 10057] <... openat resumed>) = 3 [pid 10059] <... close resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10059] symlink("/dev/binderfs", "./binderfs" [pid 10057] write(3, "1000", 4 [pid 10059] <... symlink resumed>) = 0 [pid 295] getdents64(4, [pid 10057] <... write resumed>) = 4 [pid 10059] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10059] <... futex resumed>) = 0 [pid 10057] close(3 [pid 295] close(4 [pid 10057] <... close resumed>) = 0 [pid 10059] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 295] <... close resumed>) = 0 [pid 10059] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10057] symlink("/dev/binderfs", "./binderfs" [pid 295] rmdir("./388/file0" [pid 10047] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10057] <... symlink resumed>) = 0 [pid 10059] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 295] <... rmdir resumed>) = 0 [pid 10059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10057] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 295] getdents64(3, [pid 10057] <... futex resumed>) = 0 [pid 10059] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10057] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10059] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10057] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10047] sendfile(-1, -1, [0] [pid 295] close(3 [pid 10059] <... mprotect resumed>) = 0 [pid 10057] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] <... close resumed>) = 0 [pid 10057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 295] rmdir("./388" [pid 10057] <... mmap resumed>) = 0x7fe45c3ca000 ./strace-static-x86_64: Process 10061 attached [pid 10061] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10061] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10059] <... clone3 resumed> => {parent_tid=[10061]}, 88) = 10061 [pid 10057] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 295] <... rmdir resumed>) = 0 [pid 10059] rt_sigprocmask(SIG_SETMASK, [], [pid 10057] <... mprotect resumed>) = 0 [pid 10059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] mkdir("./389", 0777 [pid 10057] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10059] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... mkdir resumed>) = 0 [pid 10059] <... futex resumed>) = 1 [pid 10057] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10059] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10057] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 10062 attached [pid 10062] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10057] <... clone3 resumed> => {parent_tid=[10062]}, 88) = 10062 [pid 295] <... openat resumed>) = 3 [pid 10057] rt_sigprocmask(SIG_SETMASK, [], [pid 10062] <... set_robust_list resumed>) = 0 [pid 10062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10062] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] ioctl(3, LOOP_CLR_FD [pid 10057] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10057] <... futex resumed>) = 1 [pid 10057] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10063 ./strace-static-x86_64: Process 10063 attached [pid 10062] <... futex resumed>) = 0 [pid 10061] <... futex resumed>) = 0 [pid 10063] set_robust_list(0x5555557b6760, 24) = 0 [pid 10063] chdir("./389") = 0 [pid 10063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10063] setpgid(0, 0) = 0 [pid 10062] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10061] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10061] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10062] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10063] <... openat resumed>) = 3 [pid 10061] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10063] write(3, "1000", 4) = 4 [pid 10063] close(3) = 0 [pid 10063] symlink("/dev/binderfs", "./binderfs" [pid 10062] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10059] <... futex resumed>) = 0 [pid 10057] <... futex resumed>) = 0 [pid 10059] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10057] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10059] <... futex resumed>) = 0 [pid 10059] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10057] <... futex resumed>) = 0 [pid 10057] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10063] <... symlink resumed>) = 0 [pid 10063] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10063] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10063] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10063] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10064]}, 88) = 10064 [pid 10063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10063] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10062] <... futex resumed>) = 1 [pid 10061] <... futex resumed>) = 1 [pid 10063] <... futex resumed>) = 0 [pid 10063] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10061] memfd_create("syzkaller", 0) = 3 [pid 10062] memfd_create("syzkaller", 0 [pid 10061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10047] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10061] <... mmap resumed>) = 0x7fe453fca000 [pid 10047] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10043] <... futex resumed>) = 0 [pid 10043] exit_group(0 [pid 10047] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10060] <... futex resumed>) = ? [pid 10043] <... exit_group resumed>) = ? [pid 10060] +++ exited with 0 +++ [pid 10047] <... futex resumed>) = ? [pid 10062] <... memfd_create resumed>) = 3 [pid 10062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10047] +++ exited with 0 +++ [pid 10043] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10043, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./390", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./390/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./390/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./390/binderfs") = 0 [pid 296] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10064 attached [pid 10064] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10064] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10064] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10063] <... futex resumed>) = 0 [pid 10063] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10063] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10064] <... futex resumed>) = 1 [pid 10064] memfd_create("syzkaller", 0) = 3 [pid 10064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [ 140.782225][T10047] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10064] munmap(0x7fe453fca000, 138412032) = 0 [pid 10064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10064] ioctl(4, LOOP_SET_FD, 3 [pid 10062] <... write resumed>) = 1048576 [pid 10061] <... write resumed>) = 1048576 [pid 10061] munmap(0x7fe453fca000, 138412032) = 0 [pid 10062] munmap(0x7fe453fca000, 138412032) = 0 [pid 10061] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10062] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10064] <... ioctl resumed>) = 0 [pid 10061] ioctl(4, LOOP_SET_FD, 3 [pid 10054] <... mount resumed>) = 0 [pid 10064] close(3) = 0 [pid 10062] ioctl(4, LOOP_SET_FD, 3 [pid 10054] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10054] chdir("./file0") = 0 [pid 10054] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10054] ioctl(4, LOOP_CLR_FD) = 0 [pid 10054] close(4) = 0 [pid 10054] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10052] <... futex resumed>) = 0 [pid 10054] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10052] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 10052] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10064] close(4 [pid 10062] <... ioctl resumed>) = 0 [pid 10061] <... ioctl resumed>) = 0 [pid 10054] <... openat resumed>) = 4 [pid 10054] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10052] <... futex resumed>) = 0 [pid 10054] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10052] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10054] <... write resumed>) = 16 [pid 10052] <... futex resumed>) = 0 [pid 10054] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10052] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10054] <... futex resumed>) = 0 [pid 10052] <... futex resumed>) = 0 [pid 10054] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10052] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10064] <... close resumed>) = 0 [pid 10062] close(3 [pid 10061] close(3 [pid 10052] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10052] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 296] newfstatat(AT_FDCWD, "./390/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./390/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./390/file0" [pid 10052] <... clone3 resumed> => {parent_tid=[10067]}, 88) = 10067 [pid 296] <... rmdir resumed>) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./390") = 0 [pid 296] mkdir("./391", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 10062] <... close resumed>) = 0 [pid 296] close(3 [pid 10062] close(4 [pid 296] <... close resumed>) = 0 [pid 10064] mkdir("./file0", 0777 [pid 10062] <... close resumed>) = 0 [pid 10061] <... close resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10064] <... mkdir resumed>) = 0 [pid 10062] mkdir("./file0", 0777 [pid 10061] close(4 [pid 10052] rt_sigprocmask(SIG_SETMASK, [], [pid 10062] <... mkdir resumed>) = 0 [pid 10052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10064] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10062] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10052] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10068 [pid 10052] <... futex resumed>) = 0 [pid 10052] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10067 attached [pid 10067] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10067] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10067] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10052] <... futex resumed>) = 0 [pid 10067] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10052] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10054] <... futex resumed>) = 0 [pid 10052] <... futex resumed>) = 1 [pid 10054] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10052] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10054] <... mmap resumed>) = 0x20000000 [ 140.852088][T10064] loop0: detected capacity change from 0 to 2048 [ 140.867974][T10061] loop4: detected capacity change from 0 to 2048 [ 140.874556][T10062] loop3: detected capacity change from 0 to 2048 [pid 10054] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10052] <... futex resumed>) = 0 [pid 10054] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10052] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10052] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10068 attached [pid 10068] set_robust_list(0x5555557b6760, 24) = 0 [pid 10068] chdir("./391") = 0 [pid 10068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10068] setpgid(0, 0) = 0 [pid 10068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10068] write(3, "1000", 4) = 4 [pid 10068] close(3) = 0 [pid 10068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10068] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10068] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10068] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10068] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10068] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10069]}, 88) = 10069 [pid 10068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10068] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10068] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10069 attached [pid 10069] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10069] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10069] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10068] <... futex resumed>) = 0 [pid 10068] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10068] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10069] <... futex resumed>) = 1 [pid 10069] memfd_create("syzkaller", 0) = 3 [pid 10069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10052] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10061] <... close resumed>) = 0 [pid 10061] mkdir("./file0", 0777) = 0 [pid 10061] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10054] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10054] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10054] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10052] <... futex resumed>) = 0 [pid 10052] exit_group(0) = ? [pid 10067] <... futex resumed>) = ? [pid 10067] +++ exited with 0 +++ [pid 10054] +++ exited with 0 +++ [pid 10052] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10052, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./389", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./389/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./389/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./389/binderfs") = 0 [pid 297] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10069] <... write resumed>) = 1048576 [pid 10069] munmap(0x7fe453fca000, 138412032) = 0 [pid 10069] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10069] close(3) = 0 [pid 10069] close(4 [pid 10064] <... mount resumed>) = 0 [pid 10061] <... mount resumed>) = 0 [pid 10064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10064] chdir("./file0") = 0 [pid 10062] <... mount resumed>) = 0 [pid 10064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10064] ioctl(4, LOOP_CLR_FD) = 0 [pid 10064] close(4) = 0 [pid 10064] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10064] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10063] <... futex resumed>) = 0 [pid 10062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10061] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10063] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10063] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10062] <... openat resumed>) = 3 [pid 10064] <... futex resumed>) = 0 [pid 10061] <... openat resumed>) = 3 [pid 10062] chdir("./file0" [pid 10061] chdir("./file0" [pid 10064] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10062] <... chdir resumed>) = 0 [pid 10061] <... chdir resumed>) = 0 [pid 10062] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10064] <... openat resumed>) = 4 [pid 10061] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10062] <... openat resumed>) = 4 [pid 10061] ioctl(4, LOOP_CLR_FD [pid 10064] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10062] ioctl(4, LOOP_CLR_FD [pid 10064] <... futex resumed>) = 1 [pid 10063] <... futex resumed>) = 0 [pid 10061] <... ioctl resumed>) = 0 [pid 10063] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10062] <... ioctl resumed>) = 0 [pid 10061] close(4 [pid 10064] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10063] <... futex resumed>) = 0 [pid 10062] close(4 [pid 10061] <... close resumed>) = 0 [pid 10063] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10064] <... write resumed>) = 16 [pid 10063] <... futex resumed>) = 0 [pid 10063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10062] <... close resumed>) = 0 [pid 10061] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10064] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10063] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10062] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10061] <... futex resumed>) = 1 [pid 10059] <... futex resumed>) = 0 [pid 10064] <... futex resumed>) = 0 [pid 10063] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10062] <... futex resumed>) = 1 [pid 10061] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10059] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10057] <... futex resumed>) = 0 [pid 10064] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10063] <... mprotect resumed>) = 0 [pid 10062] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10057] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10059] <... futex resumed>) = 0 [pid 10063] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10057] <... futex resumed>) = 0 [pid 10063] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10059] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10062] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10061] <... openat resumed>) = 4 [pid 10057] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10076 attached [pid 10076] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10076] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10063] <... clone3 resumed> => {parent_tid=[10076]}, 88) = 10076 [pid 10063] rt_sigprocmask(SIG_SETMASK, [], [pid 10062] <... openat resumed>) = 4 [pid 10061] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10062] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10063] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10061] <... futex resumed>) = 1 [pid 10059] <... futex resumed>) = 0 [pid 10063] <... futex resumed>) = 0 [pid 10062] <... futex resumed>) = 1 [pid 10059] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10057] <... futex resumed>) = 0 [pid 10063] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10062] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10061] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10059] <... futex resumed>) = 0 [pid 10057] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10061] <... write resumed>) = 16 [pid 10062] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10059] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10061] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10057] <... futex resumed>) = 0 [pid 10062] <... write resumed>) = 16 [pid 10061] <... futex resumed>) = 0 [pid 10059] <... futex resumed>) = 0 [pid 10057] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10076] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10062] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10061] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10057] <... futex resumed>) = 0 [pid 10062] <... futex resumed>) = 0 [pid 10059] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10062] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10059] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10057] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10059] <... mprotect resumed>) = 0 [pid 10057] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10059] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10057] <... mprotect resumed>) = 0 [pid 10059] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10057] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10057] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10057] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10059] <... clone3 resumed> => {parent_tid=[10077]}, 88) = 10077 [pid 10076] <... write resumed>) = 16 [pid 10076] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10057] <... clone3 resumed> => {parent_tid=[10078]}, 88) = 10078 [pid 10059] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10057] rt_sigprocmask(SIG_SETMASK, [], [pid 10059] <... futex resumed>) = 0 [pid 10057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10059] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10057] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10063] <... futex resumed>) = 0 [pid 10057] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10063] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10076] <... futex resumed>) = 1 [pid 10064] <... futex resumed>) = 0 [pid 10063] <... futex resumed>) = 1 [pid 10064] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10063] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10078 attached ./strace-static-x86_64: Process 10077 attached [pid 10076] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10064] <... mmap resumed>) = 0x20000000 [pid 10078] set_robust_list(0x7fe45c3c99a0, 24 [pid 10064] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10063] <... futex resumed>) = 0 [pid 10064] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10063] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10063] <... futex resumed>) = 0 [pid 10078] <... set_robust_list resumed>) = 0 [pid 10078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10078] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10078] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10078] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10077] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10077] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10077] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 140.906342][T10054] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 140.935690][T10069] loop1: detected capacity change from 0 to 2048 [pid 10077] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10063] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10057] <... futex resumed>) = 0 [pid 10057] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10057] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10059] <... futex resumed>) = 0 [pid 10059] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10059] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10062] <... futex resumed>) = 0 [pid 10062] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10062] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10057] <... futex resumed>) = 0 [pid 10064] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10061] <... futex resumed>) = 0 [pid 10057] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10061] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10061] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10059] <... futex resumed>) = 0 [pid 10061] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10059] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10059] <... futex resumed>) = 0 [pid 10064] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10064] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10063] <... futex resumed>) = 0 [pid 10063] exit_group(0 [pid 10076] <... futex resumed>) = ? [pid 10063] <... exit_group resumed>) = ? [pid 10076] +++ exited with 0 +++ [pid 10064] <... futex resumed>) = ? [pid 10064] +++ exited with 0 +++ [pid 10063] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10063, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] <... umount2 resumed>) = 0 [pid 295] umount2("./389", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] newfstatat(AT_FDCWD, "./389/file0", [pid 295] <... openat resumed>) = 3 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] newfstatat(3, "", [pid 297] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] getdents64(3, [pid 297] openat(AT_FDCWD, "./389/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] <... openat resumed>) = 4 [pid 295] umount2("./389/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(4, "", [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] newfstatat(AT_FDCWD, "./389/binderfs", [pid 297] getdents64(4, [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] unlink("./389/binderfs" [pid 297] getdents64(4, [pid 295] <... unlink resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] close(4) = 0 [pid 297] rmdir("./389/file0") = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./389") = 0 [pid 297] mkdir("./390", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10079 [pid 10062] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10062] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10062] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10062] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10057] <... futex resumed>) = 1 [pid 10057] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 10057] exit_group(0 [pid 10078] <... futex resumed>) = ? [pid 10057] <... exit_group resumed>) = ? [pid 10078] +++ exited with 0 +++ [pid 10062] <... futex resumed>) = ? [pid 10059] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10062] +++ exited with 0 +++ [pid 10057] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10057, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 10079 attached ) = 0 [pid 298] umount2("./390", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./390/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./390/binderfs", [pid 10079] set_robust_list(0x5555557b6760, 24 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10079] <... set_robust_list resumed>) = 0 [pid 10061] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 298] unlink("./390/binderfs" [pid 10061] sendfile(-1, -1, [0] [pid 10079] chdir("./390" [pid 298] <... unlink resumed>) = 0 [pid 298] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10061] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10079] <... chdir resumed>) = 0 [pid 10061] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10059] <... futex resumed>) = 0 [pid 10059] exit_group(0 [pid 10077] <... futex resumed>) = ? [pid 10059] <... exit_group resumed>) = ? [pid 10077] +++ exited with 0 +++ [pid 10061] <... futex resumed>) = ? [pid 10061] +++ exited with 0 +++ [pid 10059] +++ exited with 0 +++ [pid 10069] <... close resumed>) = 0 [pid 10079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10079] setpgid(0, 0) = 0 [pid 10079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10079] write(3, "1000", 4 [pid 10069] mkdir("./file0", 0777 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10059, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 10069] <... mkdir resumed>) = 0 [pid 10079] <... write resumed>) = 4 [pid 10079] close(3) = 0 [pid 10079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10079] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10079] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10069] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 299] umount2("./385", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./385", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", [pid 10079] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, [pid 10079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./385/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./385/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10079] <... mmap resumed>) = 0x7fe45c3ca000 [pid 299] unlink("./385/binderfs" [pid 10079] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 299] <... unlink resumed>) = 0 [pid 299] umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10079] <... mprotect resumed>) = 0 [pid 10079] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10079] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10080]}, 88) = 10080 [pid 10079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10079] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10079] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10080 attached [pid 10080] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10080] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10080] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10079] <... futex resumed>) = 0 [pid 10079] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10079] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10080] <... futex resumed>) = 1 [pid 10080] memfd_create("syzkaller", 0) = 3 [pid 10080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10080] munmap(0x7fe453fca000, 138412032) = 0 [pid 10080] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 140.958346][T10064] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 140.961452][T10062] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 140.974666][T10061] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10080] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10080] close(3) = 0 [pid 10080] close(4 [pid 295] <... umount2 resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 299] umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./385/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./385/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./390/file0", [pid 295] newfstatat(AT_FDCWD, "./389/file0", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./390/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] openat(AT_FDCWD, "./389/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... openat resumed>) = 4 [pid 295] <... openat resumed>) = 4 [pid 298] newfstatat(4, "", [pid 295] newfstatat(4, "", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 295] getdents64(4, [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, [pid 295] getdents64(4, [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4 [pid 295] close(4 [pid 298] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 298] rmdir("./390/file0" [pid 295] rmdir("./389/file0" [pid 299] getdents64(4, [pid 298] <... rmdir resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(3, [pid 299] getdents64(4, [pid 295] getdents64(3, [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(4 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] <... close resumed>) = 0 [pid 295] close(3 [pid 299] rmdir("./385/file0" [pid 298] close(3 [pid 299] <... rmdir resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 299] getdents64(3, [pid 298] rmdir("./390" [pid 295] rmdir("./389" [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3 [pid 298] <... rmdir resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 298] mkdir("./391", 0777 [pid 295] <... rmdir resumed>) = 0 [pid 299] rmdir("./385" [pid 298] <... mkdir resumed>) = 0 [pid 295] mkdir("./390", 0777 [pid 299] <... rmdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 299] mkdir("./386", 0777 [pid 298] <... openat resumed>) = 3 [pid 295] <... mkdir resumed>) = 0 [pid 10080] <... close resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 10080] mkdir("./file0", 0777 [pid 299] ioctl(3, LOOP_CLR_FD [pid 298] ioctl(3, LOOP_CLR_FD [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10069] <... mount resumed>) = 0 [pid 299] close(3 [pid 10080] <... mkdir resumed>) = 0 [pid 10069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 299] <... close resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... openat resumed>) = 3 [pid 10080] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10069] <... openat resumed>) = 3 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] close(3 [pid 295] ioctl(3, LOOP_CLR_FD [pid 10069] chdir("./file0" [pid 298] <... close resumed>) = 0 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10069] <... chdir resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10083 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] close(3 [pid 10069] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 295] <... close resumed>) = 0 [pid 10069] <... openat resumed>) = 4 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10084 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10069] ioctl(4, LOOP_CLR_FD./strace-static-x86_64: Process 10084 attached [pid 10084] set_robust_list(0x5555557b6760, 24 [pid 10069] <... ioctl resumed>) = 0 [pid 10069] close(4 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10085 [pid 10069] <... close resumed>) = 0 [pid 10069] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10068] <... futex resumed>) = 0 [pid 10069] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10068] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10068] <... futex resumed>) = 0 [pid 10069] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10068] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10069] <... openat resumed>) = 4 [pid 10069] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10068] <... futex resumed>) = 0 [pid 10069] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10068] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10068] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10085 attached ./strace-static-x86_64: Process 10083 attached [pid 10084] <... set_robust_list resumed>) = 0 [pid 10069] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10068] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10085] set_robust_list(0x5555557b6760, 24 [pid 10084] chdir("./391" [pid 10083] set_robust_list(0x5555557b6760, 24 [pid 10069] <... write resumed>) = 16 [pid 10068] <... futex resumed>) = 0 [pid 10085] <... set_robust_list resumed>) = 0 [pid 10084] <... chdir resumed>) = 0 [pid 10083] <... set_robust_list resumed>) = 0 [pid 10069] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10085] chdir("./390" [pid 10084] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10083] chdir("./386" [pid 10069] <... futex resumed>) = 0 [pid 10068] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10085] <... chdir resumed>) = 0 [pid 10084] <... prctl resumed>) = 0 [pid 10083] <... chdir resumed>) = 0 [pid 10069] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10068] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10085] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10084] setpgid(0, 0 [pid 10083] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10068] <... mprotect resumed>) = 0 [pid 10085] <... prctl resumed>) = 0 [pid 10084] <... setpgid resumed>) = 0 [pid 10083] <... prctl resumed>) = 0 [pid 10068] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10085] setpgid(0, 0 [pid 10084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10083] setpgid(0, 0 [pid 10068] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10085] <... setpgid resumed>) = 0 [pid 10084] <... openat resumed>) = 3 [pid 10083] <... setpgid resumed>) = 0 [pid 10068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10084] write(3, "1000", 4 [pid 10083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10085] <... openat resumed>) = 3 [pid 10084] <... write resumed>) = 4 [pid 10083] <... openat resumed>) = 3 [pid 10068] <... clone3 resumed> => {parent_tid=[10086]}, 88) = 10086 [pid 10085] write(3, "1000", 4 [pid 10084] close(3 [pid 10083] write(3, "1000", 4 [pid 10068] rt_sigprocmask(SIG_SETMASK, [], [ 141.036785][T10080] loop2: detected capacity change from 0 to 2048 [pid 10085] <... write resumed>) = 4 [pid 10084] <... close resumed>) = 0 [pid 10083] <... write resumed>) = 4 [pid 10068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10085] close(3 [pid 10084] symlink("/dev/binderfs", "./binderfs" [pid 10083] close(3 [pid 10068] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10084] <... symlink resumed>) = 0 [pid 10068] <... futex resumed>) = 0 [pid 10084] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10068] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10084] <... futex resumed>) = 0 [pid 10084] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10085] <... close resumed>) = 0 [pid 10084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10083] <... close resumed>) = 0 [pid 10084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10084] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10085] symlink("/dev/binderfs", "./binderfs" [pid 10083] symlink("/dev/binderfs", "./binderfs" [pid 10084] <... clone3 resumed> => {parent_tid=[10087]}, 88) = 10087 [pid 10083] <... symlink resumed>) = 0 ./strace-static-x86_64: Process 10086 attached [pid 10085] <... symlink resumed>) = 0 [pid 10084] rt_sigprocmask(SIG_SETMASK, [], [pid 10083] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10086] set_robust_list(0x7fe45c3c99a0, 24 [pid 10085] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10083] <... futex resumed>) = 0 [pid 10086] <... set_robust_list resumed>) = 0 [pid 10085] <... futex resumed>) = 0 [pid 10084] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10083] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10086] rt_sigprocmask(SIG_SETMASK, [], [pid 10085] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10084] <... futex resumed>) = 0 [pid 10083] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10085] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10084] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10083] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10086] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10085] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10086] <... write resumed>) = 16 [pid 10085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10086] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10083] <... mmap resumed>) = 0x7fe45c3ca000 ./strace-static-x86_64: Process 10087 attached [pid 10085] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10083] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10087] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10085] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10083] <... mprotect resumed>) = 0 [pid 10087] <... set_robust_list resumed>) = 0 [pid 10086] <... futex resumed>) = 1 [pid 10085] <... mprotect resumed>) = 0 [pid 10083] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10068] <... futex resumed>) = 0 [pid 10087] rt_sigprocmask(SIG_SETMASK, [], [pid 10085] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10083] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10085] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 10088 attached [pid 10087] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10086] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10068] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10087] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10083] <... clone3 resumed> => {parent_tid=[10088]}, 88) = 10088 [pid 10087] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10085] <... clone3 resumed> => {parent_tid=[10089]}, 88) = 10089 [pid 10083] rt_sigprocmask(SIG_SETMASK, [], [pid 10069] <... futex resumed>) = 0 [pid 10068] <... futex resumed>) = 1 [pid 10087] <... futex resumed>) = 1 [pid 10085] rt_sigprocmask(SIG_SETMASK, [], [pid 10083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10087] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10084] <... futex resumed>) = 0 [pid 10083] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10069] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10085] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10083] <... futex resumed>) = 0 [pid 10068] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10085] <... futex resumed>) = 0 [pid 10083] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10085] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10088] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10088] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10084] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10088] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10084] <... futex resumed>) = 1 [pid 10083] <... futex resumed>) = 0 [pid 10069] <... mmap resumed>) = 0x20000000 [pid 10087] <... futex resumed>) = 0 [pid 10084] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10083] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10069] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10087] memfd_create("syzkaller", 0 [pid 10069] <... futex resumed>) = 1 [pid 10068] <... futex resumed>) = 0 [pid 10087] <... memfd_create resumed>) = 3 [pid 10083] <... futex resumed>) = 0 [pid 10069] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10068] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10068] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10089 attached [pid 10088] memfd_create("syzkaller", 0 [pid 10087] <... mmap resumed>) = 0x7fe453fca000 [pid 10083] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10089] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10088] <... memfd_create resumed>) = 3 [pid 10089] <... set_robust_list resumed>) = 0 [pid 10088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10089] rt_sigprocmask(SIG_SETMASK, [], [pid 10088] <... mmap resumed>) = 0x7fe453fca000 [pid 10089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10089] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10089] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10085] <... futex resumed>) = 0 [pid 10089] memfd_create("syzkaller", 0 [pid 10085] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10089] <... memfd_create resumed>) = 3 [pid 10085] <... futex resumed>) = 0 [pid 10089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10085] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10089] <... mmap resumed>) = 0x7fe453fca000 [pid 10068] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10069] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10080] <... mount resumed>) = 0 [pid 10080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10080] chdir("./file0") = 0 [pid 10080] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10080] ioctl(4, LOOP_CLR_FD) = 0 [pid 10080] close(4 [pid 10087] <... write resumed>) = 1048576 [pid 10080] <... close resumed>) = 0 [pid 10069] sendfile(-1, -1, [0] [pid 10080] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10079] <... futex resumed>) = 0 [pid 10080] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10079] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10079] <... futex resumed>) = 0 [pid 10080] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10079] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10080] <... openat resumed>) = 4 [pid 10087] munmap(0x7fe453fca000, 138412032 [pid 10080] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10088] <... write resumed>) = 1048576 [pid 10080] <... futex resumed>) = 1 [pid 10079] <... futex resumed>) = 0 [pid 10069] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10080] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10079] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10079] <... futex resumed>) = 0 [pid 10080] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10079] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10080] <... write resumed>) = 16 [pid 10079] <... futex resumed>) = 0 [pid 10080] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10080] <... futex resumed>) = 0 [pid 10079] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10080] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10079] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10079] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10079] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10087] <... munmap resumed>) = 0 [pid 10069] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10079] <... clone3 resumed> => {parent_tid=[10092]}, 88) = 10092 [pid 10079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10079] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10079] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10088] munmap(0x7fe453fca000, 138412032) = 0 [pid 10087] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10068] <... futex resumed>) = 0 [pid 10088] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10068] exit_group(0 [pid 10086] <... futex resumed>) = ? [pid 10068] <... exit_group resumed>) = ? [pid 10088] ioctl(4, LOOP_SET_FD, 3 [pid 10086] +++ exited with 0 +++ [ 141.115007][T10069] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set ./strace-static-x86_64: Process 10092 attached [pid 10089] <... write resumed>) = 1048576 [pid 10087] <... openat resumed>) = 4 [pid 10069] <... futex resumed>) = ? [pid 10087] ioctl(4, LOOP_SET_FD, 3 [pid 10069] +++ exited with 0 +++ [pid 10068] +++ exited with 0 +++ [pid 10092] set_robust_list(0x7fe45c3c99a0, 24 [pid 10087] <... ioctl resumed>) = 0 [pid 10092] <... set_robust_list resumed>) = 0 [pid 10087] close(3 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10068, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10092] rt_sigprocmask(SIG_SETMASK, [], [pid 10087] <... close resumed>) = 0 [pid 296] umount2("./391", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10087] close(4 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10092] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10089] munmap(0x7fe453fca000, 138412032 [pid 296] openat(AT_FDCWD, "./391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10092] <... write resumed>) = 16 [pid 10089] <... munmap resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 10092] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10089] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 296] newfstatat(3, "", [pid 10092] <... futex resumed>) = 1 [pid 10089] <... openat resumed>) = 4 [pid 10088] <... ioctl resumed>) = 0 [pid 10079] <... futex resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10092] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10089] ioctl(4, LOOP_SET_FD, 3 [pid 10079] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] getdents64(3, [pid 10088] close(3 [pid 10080] <... futex resumed>) = 0 [pid 10079] <... futex resumed>) = 1 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10088] <... close resumed>) = 0 [pid 10080] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10079] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10088] close(4 [pid 10080] <... mmap resumed>) = 0x20000000 [pid 10080] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10079] <... futex resumed>) = 0 [pid 10080] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10079] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10079] <... futex resumed>) = 0 [pid 10089] <... ioctl resumed>) = 0 [pid 296] umount2("./391/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10089] close(3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10089] <... close resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./391/binderfs", [pid 10089] close(4 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./391/binderfs") = 0 [pid 296] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10079] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10087] <... close resumed>) = 0 [pid 10087] mkdir("./file0", 0777) = 0 [pid 10087] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10080] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10080] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10080] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10079] <... futex resumed>) = 0 [pid 10080] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10079] exit_group(0 [pid 10092] <... futex resumed>) = ? [pid 10080] <... futex resumed>) = ? [pid 10079] <... exit_group resumed>) = ? [pid 10092] +++ exited with 0 +++ [pid 10080] +++ exited with 0 +++ [pid 10079] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10079, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 297] umount2("./390", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./390/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./390/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./390/binderfs") = 0 [pid 297] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10087] <... mount resumed>) = 0 [pid 10087] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10087] chdir("./file0") = 0 [pid 10087] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10089] <... close resumed>) = 0 [pid 10087] ioctl(4, LOOP_CLR_FD) = 0 [pid 10087] close(4) = 0 [pid 10087] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10084] <... futex resumed>) = 0 [pid 10087] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10084] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10089] mkdir("./file0", 0777 [pid 10084] <... futex resumed>) = 0 [pid 10087] <... openat resumed>) = 4 [pid 10084] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10087] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10084] <... futex resumed>) = 0 [pid 10087] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10084] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10089] <... mkdir resumed>) = 0 [pid 10087] <... write resumed>) = 16 [pid 10084] <... futex resumed>) = 0 [pid 10089] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10087] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10084] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10087] <... futex resumed>) = 0 [pid 10084] <... futex resumed>) = 0 [pid 10087] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10084] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10095 attached => {parent_tid=[10095]}, 88) = 10095 [pid 10095] set_robust_list(0x7fe45c3c99a0, 24 [pid 10084] rt_sigprocmask(SIG_SETMASK, [], [pid 10095] <... set_robust_list resumed>) = 0 [pid 10084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10084] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10084] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10095] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10095] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10084] <... futex resumed>) = 0 [pid 10095] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10084] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10087] <... futex resumed>) = 0 [pid 10084] <... futex resumed>) = 1 [pid 10087] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10084] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10087] <... mmap resumed>) = 0x20000000 [pid 10087] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10084] <... futex resumed>) = 0 [ 141.159582][T10088] loop4: detected capacity change from 0 to 2048 [ 141.165840][T10087] loop3: detected capacity change from 0 to 2048 [ 141.173734][T10089] loop0: detected capacity change from 0 to 2048 [ 141.176436][T10080] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10084] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10084] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10089] <... mount resumed>) = 0 [pid 10089] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10089] chdir("./file0") = 0 [pid 10089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10089] ioctl(4, LOOP_CLR_FD) = 0 [pid 10089] close(4) = 0 [pid 10089] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10085] <... futex resumed>) = 0 [pid 10085] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10085] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10089] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10087] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10087] sendfile(-1, -1, [0] [pid 10089] <... openat resumed>) = 4 [pid 10089] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10087] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10087] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10084] <... futex resumed>) = 0 [pid 10084] exit_group(0) = ? [pid 10087] <... futex resumed>) = ? [pid 10087] +++ exited with 0 +++ [pid 10089] <... futex resumed>) = 1 [pid 10085] <... futex resumed>) = 0 [pid 10095] <... futex resumed>) = ? [pid 10088] <... close resumed>) = 0 [pid 10085] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10089] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10085] <... futex resumed>) = 0 [pid 10089] <... write resumed>) = 16 [pid 10085] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10089] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10085] <... futex resumed>) = 0 [pid 10089] <... futex resumed>) = 0 [pid 10085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10089] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10085] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10085] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10098]}, 88) = 10098 [pid 10085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10085] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10085] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10098 attached [pid 10098] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 10098] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10098] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10085] <... futex resumed>) = 0 [pid 10085] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10089] <... futex resumed>) = 0 [pid 10085] <... futex resumed>) = 1 [pid 10089] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10085] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10089] <... mmap resumed>) = 0x20000000 [pid 10089] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10085] <... futex resumed>) = 0 [pid 10098] <... futex resumed>) = 1 [pid 10095] +++ exited with 0 +++ [pid 10088] mkdir("./file0", 0777 [pid 10085] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10084] +++ exited with 0 +++ [pid 297] <... umount2 resumed>) = 0 [pid 296] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10088] <... mkdir resumed>) = 0 [pid 10088] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10084, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 298] umount2("./391", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./391/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./391/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./391/binderfs") = 0 [pid 298] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./391/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./391/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", [pid 297] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] getdents64(4, [pid 297] newfstatat(AT_FDCWD, "./390/file0", [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] getdents64(4, [pid 297] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] close(4 [pid 297] openat(AT_FDCWD, "./390/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... close resumed>) = 0 [pid 297] <... openat resumed>) = 4 [pid 296] rmdir("./391/file0" [pid 297] newfstatat(4, "", [pid 296] <... rmdir resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, [pid 297] getdents64(4, [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] close(3 [pid 297] getdents64(4, [pid 296] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] rmdir("./391" [pid 297] close(4 [pid 296] <... rmdir resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 296] mkdir("./392", 0777 [pid 297] rmdir("./390/file0") = 0 [pid 296] <... mkdir resumed>) = 0 [pid 297] getdents64(3, [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] <... openat resumed>) = 3 [pid 297] close(3 [pid 296] ioctl(3, LOOP_CLR_FD [pid 297] <... close resumed>) = 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] rmdir("./390" [pid 296] close(3 [pid 297] <... rmdir resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 297] mkdir("./391", 0777 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10085] <... futex resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10099 [pid 10085] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10099 attached [pid 10099] set_robust_list(0x5555557b6760, 24 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10100 ./strace-static-x86_64: Process 10100 attached [pid 10099] <... set_robust_list resumed>) = 0 [pid 10089] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10100] set_robust_list(0x5555557b6760, 24 [pid 10098] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10100] <... set_robust_list resumed>) = 0 [pid 10099] chdir("./392" [pid 10089] sendfile(-1, -1, [0] [pid 10099] <... chdir resumed>) = 0 [pid 10089] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10099] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10089] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10100] chdir("./391" [pid 10099] <... prctl resumed>) = 0 [pid 10089] <... futex resumed>) = 1 [pid 10085] <... futex resumed>) = 0 [pid 10099] setpgid(0, 0 [pid 10089] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10085] exit_group(0 [pid 10100] <... chdir resumed>) = 0 [pid 10099] <... setpgid resumed>) = 0 [pid 10098] <... futex resumed>) = ? [pid 10089] <... futex resumed>) = ? [pid 10085] <... exit_group resumed>) = ? [pid 10100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10100] setpgid(0, 0 [pid 10099] <... openat resumed>) = 3 [pid 10089] +++ exited with 0 +++ [pid 10100] <... setpgid resumed>) = 0 [pid 10099] write(3, "1000", 4 [pid 10100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10099] <... write resumed>) = 4 [pid 10100] <... openat resumed>) = 3 [pid 10099] close(3 [pid 10098] +++ exited with 0 +++ [pid 10085] +++ exited with 0 +++ [pid 10100] write(3, "1000", 4 [pid 10099] <... close resumed>) = 0 [pid 10100] <... write resumed>) = 4 [pid 10099] symlink("/dev/binderfs", "./binderfs" [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10085, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10100] close(3 [pid 295] umount2("./390", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10100] <... close resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10100] symlink("/dev/binderfs", "./binderfs" [pid 295] openat(AT_FDCWD, "./390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10100] <... symlink resumed>) = 0 [pid 10099] <... symlink resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 10100] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10099] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] newfstatat(3, "", [pid 10099] <... futex resumed>) = 0 [pid 10100] <... futex resumed>) = 0 [pid 10099] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10100] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10099] <... rt_sigaction resumed>NULL, 8) = 0 [pid 295] getdents64(3, [pid 10100] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10099] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10100] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 295] umount2("./390/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10099] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10099] <... mprotect resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10099] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] newfstatat(AT_FDCWD, "./390/binderfs", [pid 10100] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10099] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10100] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10100] <... mprotect resumed>) = 0 [pid 295] unlink("./390/binderfs" [pid 10099] <... clone3 resumed> => {parent_tid=[10101]}, 88) = 10101 [pid 10099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 295] <... unlink resumed>) = 0 [pid 10099] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10100] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10099] <... futex resumed>) = 0 [pid 10100] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10099] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10100] <... clone3 resumed> => {parent_tid=[10102]}, 88) = 10102 [pid 10100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10100] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10100] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10101 attached [pid 10101] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10101] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 10102 attached [pid 10101] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10101] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10102] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10099] <... futex resumed>) = 0 [pid 10099] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10101] <... futex resumed>) = 0 [pid 10099] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10102] <... set_robust_list resumed>) = 0 [pid 10102] rt_sigprocmask(SIG_SETMASK, [], [pid 10101] memfd_create("syzkaller", 0 [pid 10102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10101] <... memfd_create resumed>) = 3 [pid 10102] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10102] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10101] <... mmap resumed>) = 0x7fe453fca000 [pid 10102] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10100] <... futex resumed>) = 0 [pid 10100] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10100] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10102] <... futex resumed>) = 1 [pid 10102] memfd_create("syzkaller", 0) = 3 [pid 10102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10101] munmap(0x7fe453fca000, 138412032) = 0 [pid 10101] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 141.212385][T10087] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 141.236055][T10089] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10101] ioctl(4, LOOP_SET_FD, 3 [pid 10102] <... write resumed>) = 1048576 [pid 10102] munmap(0x7fe453fca000, 138412032) = 0 [pid 10102] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10102] ioctl(4, LOOP_SET_FD, 3 [pid 10101] <... ioctl resumed>) = 0 [pid 10101] close(3) = 0 [pid 10101] close(4 [pid 10088] <... mount resumed>) = 0 [pid 10088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10088] chdir("./file0") = 0 [pid 10088] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10088] ioctl(4, LOOP_CLR_FD) = 0 [pid 10088] close(4) = 0 [pid 10088] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10102] <... ioctl resumed>) = 0 [pid 10088] <... futex resumed>) = 1 [pid 10083] <... futex resumed>) = 0 [pid 10102] close(3) = 0 [pid 10088] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10102] close(4 [pid 10083] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10083] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10088] <... openat resumed>) = 4 [pid 10088] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10083] <... futex resumed>) = 0 [pid 10088] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10083] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10088] <... write resumed>) = 16 [pid 10083] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10088] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10088] <... futex resumed>) = 0 [pid 10083] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10088] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10083] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10105 attached => {parent_tid=[10105]}, 88) = 10105 [pid 10105] set_robust_list(0x7fe45c3c99a0, 24 [pid 10083] rt_sigprocmask(SIG_SETMASK, [], [pid 10105] <... set_robust_list resumed>) = 0 [pid 10083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10105] rt_sigprocmask(SIG_SETMASK, [], [pid 10083] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10083] <... futex resumed>) = 0 [pid 10083] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10105] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10105] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10083] <... futex resumed>) = 0 [pid 10083] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10088] <... futex resumed>) = 0 [pid 10083] <... futex resumed>) = 1 [pid 10088] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10083] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10088] <... mmap resumed>) = 0x20000000 [pid 10105] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10088] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10083] <... futex resumed>) = 0 [pid 10083] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10083] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 10101] <... close resumed>) = 0 [pid 298] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./391/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./391/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./391/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./391") = 0 [pid 298] mkdir("./392", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10106 ./strace-static-x86_64: Process 10106 attached [pid 10106] set_robust_list(0x5555557b6760, 24) = 0 [pid 10106] chdir("./392" [pid 10101] mkdir("./file0", 0777 [pid 10106] <... chdir resumed>) = 0 [pid 10106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10088] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10088] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10088] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10101] <... mkdir resumed>) = 0 [pid 10088] <... futex resumed>) = 1 [pid 10088] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10083] <... futex resumed>) = 0 [pid 10101] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10106] setpgid(0, 0) = 0 [pid 10083] exit_group(0 [pid 10105] <... futex resumed>) = ? [pid 10083] <... exit_group resumed>) = ? [pid 10088] <... futex resumed>) = ? [pid 10106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10106] write(3, "1000", 4 [pid 10105] +++ exited with 0 +++ [pid 10106] <... write resumed>) = 4 [pid 10106] close(3) = 0 [pid 10106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10106] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10088] +++ exited with 0 +++ [pid 10083] +++ exited with 0 +++ [pid 10106] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10083, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 10106] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10106] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10106] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10102] <... close resumed>) = 0 [pid 10102] mkdir("./file0", 0777) = 0 [pid 10102] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 299] umount2("./386", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10106] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10106] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] openat(AT_FDCWD, "./386", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 299] <... openat resumed>) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10106] <... clone3 resumed> => {parent_tid=[10107]}, 88) = 10107 [pid 10106] rt_sigprocmask(SIG_SETMASK, [], [pid 299] getdents64(3, [pid 10106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10106] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10106] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10107 attached [pid 10107] set_robust_list(0x7fe45c3ea9a0, 24 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./386/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10107] <... set_robust_list resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10107] rt_sigprocmask(SIG_SETMASK, [], [pid 299] newfstatat(AT_FDCWD, "./386/binderfs", [pid 10107] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10107] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10107] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10106] <... futex resumed>) = 0 [pid 10106] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10106] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10107] <... futex resumed>) = 1 [pid 10107] memfd_create("syzkaller", 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./386/binderfs" [pid 10107] <... memfd_create resumed>) = 3 [pid 10107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 299] <... unlink resumed>) = 0 [pid 299] umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./390/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./390/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./390/file0") = 0 [pid 10102] <... mount resumed>) = 0 [pid 295] getdents64(3, [pid 10102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10102] <... openat resumed>) = 3 [pid 295] close(3) = 0 [pid 10102] chdir("./file0" [pid 295] rmdir("./390" [pid 10102] <... chdir resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 10102] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 295] mkdir("./391", 0777) = 0 [pid 10102] <... openat resumed>) = 4 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10101] <... mount resumed>) = 0 [pid 10102] ioctl(4, LOOP_CLR_FD [pid 10101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 295] <... openat resumed>) = 3 [pid 10101] <... openat resumed>) = 3 [pid 10102] <... ioctl resumed>) = 0 [pid 295] ioctl(3, LOOP_CLR_FD [pid 10101] chdir("./file0" [pid 10102] close(4 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10101] <... chdir resumed>) = 0 [pid 10102] <... close resumed>) = 0 [pid 10102] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10101] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 295] close(3 [pid 10101] <... openat resumed>) = 4 [pid 10102] <... futex resumed>) = 1 [pid 10101] ioctl(4, LOOP_CLR_FD [pid 10100] <... futex resumed>) = 0 [pid 10102] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10100] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... close resumed>) = 0 [pid 10102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10101] <... ioctl resumed>) = 0 [pid 10100] <... futex resumed>) = 0 [pid 10100] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10101] close(4 [pid 10102] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10101] <... close resumed>) = 0 [pid 10101] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10099] <... futex resumed>) = 0 [pid 10099] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10101] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10099] <... futex resumed>) = 0 [pid 10099] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10101] <... openat resumed>) = 4 [pid 10102] <... openat resumed>) = 4 [pid 10101] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10112 [pid 10101] <... futex resumed>) = 1 [pid 10099] <... futex resumed>) = 0 [pid 10102] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10101] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10099] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10102] <... futex resumed>) = 1 [pid 10100] <... futex resumed>) = 0 [pid 10099] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10101] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10100] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10102] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10099] <... futex resumed>) = 0 [pid 10100] <... futex resumed>) = 0 [pid 10101] <... write resumed>) = 16 [pid 10099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10100] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10102] <... write resumed>) = 16 [pid 10099] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10100] <... futex resumed>) = 0 [pid 10102] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10101] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10099] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10100] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10099] <... mprotect resumed>) = 0 [pid 10101] <... futex resumed>) = 0 [pid 10100] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10099] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10102] <... futex resumed>) = 0 [pid 10101] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10100] <... mprotect resumed>) = 0 [pid 10099] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10102] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10100] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10100] <... rt_sigprocmask resumed>[], 8) = 0 ./strace-static-x86_64: Process 10113 attached ./strace-static-x86_64: Process 10112 attached [pid 10107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10099] <... clone3 resumed> => {parent_tid=[10113]}, 88) = 10113 [pid 10100] <... clone3 resumed> => {parent_tid=[10114]}, 88) = 10114 [pid 10099] rt_sigprocmask(SIG_SETMASK, [], [pid 10100] rt_sigprocmask(SIG_SETMASK, [], [pid 10099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10100] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 10114 attached [pid 10113] set_robust_list(0x7fe45c3c99a0, 24 [pid 10112] set_robust_list(0x5555557b6760, 24 [pid 10100] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10099] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10114] set_robust_list(0x7fe45c3c99a0, 24 [pid 10113] <... set_robust_list resumed>) = 0 [pid 10112] <... set_robust_list resumed>) = 0 [pid 10100] <... futex resumed>) = 0 [pid 10099] <... futex resumed>) = 0 [pid 10099] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10100] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10114] <... set_robust_list resumed>) = 0 [pid 10113] rt_sigprocmask(SIG_SETMASK, [], [ 141.277206][T10101] loop1: detected capacity change from 0 to 2048 [ 141.281879][T10102] loop2: detected capacity change from 0 to 2048 [ 141.295390][T10088] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10112] chdir("./391") = 0 [pid 10114] rt_sigprocmask(SIG_SETMASK, [], [pid 10113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10107] <... write resumed>) = 1048576 [pid 299] <... umount2 resumed>) = 0 [pid 10112] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10113] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 299] umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10114] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10112] <... prctl resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10113] <... write resumed>) = 16 [pid 10114] <... write resumed>) = 16 [pid 10112] setpgid(0, 0 [pid 299] newfstatat(AT_FDCWD, "./386/file0", [pid 10114] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10113] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10114] <... futex resumed>) = 1 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10100] <... futex resumed>) = 0 [pid 10113] <... futex resumed>) = 1 [pid 10112] <... setpgid resumed>) = 0 [pid 10107] munmap(0x7fe453fca000, 138412032 [pid 10099] <... futex resumed>) = 0 [pid 10114] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10100] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10102] <... futex resumed>) = 0 [pid 10100] <... futex resumed>) = 1 [pid 10099] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10113] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10107] <... munmap resumed>) = 0 [pid 10102] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10101] <... futex resumed>) = 0 [pid 10100] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10099] <... futex resumed>) = 1 [pid 10112] <... openat resumed>) = 3 [pid 10107] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10102] <... mmap resumed>) = 0x20000000 [pid 10101] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10099] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] openat(AT_FDCWD, "./386/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10112] write(3, "1000", 4 [pid 10107] <... openat resumed>) = 4 [pid 10102] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10101] <... mmap resumed>) = 0x20000000 [pid 299] <... openat resumed>) = 4 [pid 10112] <... write resumed>) = 4 [pid 10107] ioctl(4, LOOP_SET_FD, 3 [pid 10102] <... futex resumed>) = 1 [pid 10101] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10100] <... futex resumed>) = 0 [pid 299] newfstatat(4, "", [pid 10112] close(3 [pid 10102] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10101] <... futex resumed>) = 1 [pid 10100] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10099] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10112] <... close resumed>) = 0 [pid 10102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10101] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10100] <... futex resumed>) = 0 [pid 10099] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] getdents64(4, [pid 10112] symlink("/dev/binderfs", "./binderfs" [pid 10101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10100] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10099] <... futex resumed>) = 0 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10112] <... symlink resumed>) = 0 [pid 10112] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10107] <... ioctl resumed>) = 0 [pid 10102] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10101] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10099] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] getdents64(4, [pid 10112] <... futex resumed>) = 0 [pid 10102] sendfile(-1, -1, [0] [pid 10101] sendfile(-1, -1, [0] [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10112] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10102] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10101] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 299] close(4 [pid 10112] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10102] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10101] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... close resumed>) = 0 [pid 10112] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10107] close(3 [pid 10102] <... futex resumed>) = 1 [pid 10101] <... futex resumed>) = 1 [pid 10100] <... futex resumed>) = 0 [pid 10099] <... futex resumed>) = 0 [pid 299] rmdir("./386/file0" [pid 10112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10107] <... close resumed>) = 0 [pid 10102] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10101] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10100] exit_group(0 [pid 10099] exit_group(0 [pid 299] <... rmdir resumed>) = 0 [pid 10114] <... futex resumed>) = ? [pid 10113] <... futex resumed>) = ? [pid 10112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10107] close(4 [pid 10102] <... futex resumed>) = ? [pid 10101] <... futex resumed>) = ? [pid 10100] <... exit_group resumed>) = ? [pid 10099] <... exit_group resumed>) = ? [pid 299] getdents64(3, [pid 10114] +++ exited with 0 +++ [pid 10113] +++ exited with 0 +++ [pid 10112] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10107] <... close resumed>) = 0 [pid 10102] +++ exited with 0 +++ [pid 10101] +++ exited with 0 +++ [pid 10100] +++ exited with 0 +++ [pid 10099] +++ exited with 0 +++ [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10112] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10107] mkdir("./file0", 0777 [pid 299] close(3 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10100, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 10112] <... mprotect resumed>) = 0 [pid 10107] <... mkdir resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10099, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 10112] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10107] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 299] rmdir("./386" [pid 296] umount2("./392", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10112] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 299] <... rmdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "./392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 10115 attached [pid 299] mkdir("./387", 0777 [pid 10115] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10112] <... clone3 resumed> => {parent_tid=[10115]}, 88) = 10115 [pid 296] <... openat resumed>) = 3 [pid 10112] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... mkdir resumed>) = 0 [pid 10115] <... set_robust_list resumed>) = 0 [pid 296] newfstatat(3, "", [pid 10115] rt_sigprocmask(SIG_SETMASK, [], [pid 10112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10112] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 3 [pid 297] umount2("./391", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] getdents64(3, [pid 10112] <... futex resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10112] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] openat(AT_FDCWD, "./391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] close(3 [pid 297] <... openat resumed>) = 3 [pid 296] umount2("./392/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... close resumed>) = 0 [pid 297] newfstatat(3, "", [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10116 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./391/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./391/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./391/binderfs") = 0 [pid 297] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 10116 attached [pid 10116] set_robust_list(0x5555557b6760, 24) = 0 [pid 10116] chdir("./387") = 0 [pid 10115] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 296] newfstatat(AT_FDCWD, "./392/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./392/binderfs") = 0 [pid 296] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10116] setpgid(0, 0) = 0 [pid 10116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10116] write(3, "1000", 4) = 4 [pid 10116] close(3) = 0 [pid 10116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10116] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10116] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10116] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10116] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10116] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10117]}, 88) = 10117 [pid 10116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10116] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10116] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10117 attached [pid 10115] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10117] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10117] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10115] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10112] <... futex resumed>) = 0 [pid 10112] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10115] memfd_create("syzkaller", 0 [pid 10112] <... futex resumed>) = 0 [pid 10115] <... memfd_create resumed>) = 3 [pid 10112] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10117] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10117] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10116] <... futex resumed>) = 0 [pid 10116] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10116] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10117] <... futex resumed>) = 1 [pid 10117] memfd_create("syzkaller", 0) = 3 [pid 10117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [ 141.368384][T10107] loop3: detected capacity change from 0 to 2048 [ 141.377501][T10102] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 141.393853][T10101] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10107] <... mount resumed>) = 0 [pid 10107] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10107] chdir("./file0") = 0 [pid 10107] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10107] ioctl(4, LOOP_CLR_FD) = 0 [pid 10107] close(4) = 0 [pid 10107] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10106] <... futex resumed>) = 0 [pid 10107] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10106] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10106] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10107] <... openat resumed>) = 4 [pid 10107] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10106] <... futex resumed>) = 0 [pid 10107] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10106] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10107] <... write resumed>) = 16 [pid 10106] <... futex resumed>) = 0 [pid 10107] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10106] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10107] <... futex resumed>) = 0 [pid 10106] <... futex resumed>) = 0 [pid 10107] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10106] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10106] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10120]}, 88) = 10120 [pid 10106] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10106] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10106] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10120 attached [pid 10115] <... write resumed>) = 1048576 [pid 10115] munmap(0x7fe453fca000, 138412032 [pid 10120] set_robust_list(0x7fe45c3c99a0, 24 [pid 10117] <... write resumed>) = 1048576 [pid 10120] <... set_robust_list resumed>) = 0 [pid 10117] munmap(0x7fe453fca000, 138412032 [pid 10115] <... munmap resumed>) = 0 [pid 10115] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10115] <... openat resumed>) = 4 [pid 10120] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10115] ioctl(4, LOOP_SET_FD, 3 [pid 10120] <... write resumed>) = 16 [pid 10117] <... munmap resumed>) = 0 [pid 10120] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10120] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10117] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10117] ioctl(4, LOOP_SET_FD, 3 [pid 10115] <... ioctl resumed>) = 0 [pid 10106] <... futex resumed>) = 0 [pid 10106] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10107] <... futex resumed>) = 0 [pid 10106] <... futex resumed>) = 1 [pid 10107] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10106] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10107] <... mmap resumed>) = 0x20000000 [pid 10107] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10106] <... futex resumed>) = 0 [pid 10117] <... ioctl resumed>) = 0 [pid 10115] close(3 [pid 10106] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10106] <... futex resumed>) = 0 [pid 10106] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] newfstatat(AT_FDCWD, "./391/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10117] close(3 [pid 10115] <... close resumed>) = 0 [pid 10107] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./392/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./392/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] openat(AT_FDCWD, "./391/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] getdents64(4, [pid 296] close(4) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] rmdir("./392/file0") = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./391/file0" [pid 10117] <... close resumed>) = 0 [pid 10115] close(4 [pid 297] <... rmdir resumed>) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./392") = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./391") = 0 [pid 296] mkdir("./393", 0777 [pid 297] mkdir("./392", 0777) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] close(3 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... close resumed>) = 0 [pid 297] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10122 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10121 ./strace-static-x86_64: Process 10122 attached [pid 10122] set_robust_list(0x5555557b6760, 24) = 0 [pid 10122] chdir("./392") = 0 [pid 10122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10122] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 10121 attached [pid 10122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10117] close(4 [pid 10115] <... close resumed>) = 0 [pid 10107] sendfile(-1, -1, [0] [pid 10122] <... openat resumed>) = 3 [pid 10115] mkdir("./file0", 0777 [pid 10121] set_robust_list(0x5555557b6760, 24 [pid 10122] write(3, "1000", 4) = 4 [pid 10121] <... set_robust_list resumed>) = 0 [pid 10107] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10107] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10106] <... futex resumed>) = 0 [pid 10122] close(3 [pid 10121] chdir("./393" [pid 10106] exit_group(0 [pid 10120] <... futex resumed>) = ? [pid 10106] <... exit_group resumed>) = ? [pid 10120] +++ exited with 0 +++ [pid 10115] <... mkdir resumed>) = 0 [pid 10115] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10107] +++ exited with 0 +++ [pid 10106] +++ exited with 0 +++ [pid 10122] <... close resumed>) = 0 [pid 10121] <... chdir resumed>) = 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10106, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 10121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10122] symlink("/dev/binderfs", "./binderfs" [pid 10121] setpgid(0, 0 [pid 10122] <... symlink resumed>) = 0 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 10121] <... setpgid resumed>) = 0 [pid 298] <... restart_syscall resumed>) = 0 [pid 10121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10122] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10121] <... openat resumed>) = 3 [pid 10121] write(3, "1000", 4) = 4 [pid 10121] close(3) = 0 [pid 10121] symlink("/dev/binderfs", "./binderfs" [pid 298] umount2("./392", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10122] <... futex resumed>) = 0 [pid 10121] <... symlink resumed>) = 0 [pid 10121] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10121] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 298] openat(AT_FDCWD, "./392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10121] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10121] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 298] <... openat resumed>) = 3 [pid 10121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] newfstatat(3, "", [pid 10121] <... mmap resumed>) = 0x7fe45c3ca000 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10121] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 298] getdents64(3, [pid 10121] <... mprotect resumed>) = 0 [pid 10121] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./392/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10121] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 298] newfstatat(AT_FDCWD, "./392/binderfs", [pid 10121] <... clone3 resumed> => {parent_tid=[10123]}, 88) = 10123 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./392/binderfs" [pid 10121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10121] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10121] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... unlink resumed>) = 0 [pid 298] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10123 attached [pid 10123] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10122] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10123] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10122] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10123] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10123] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10123] <... futex resumed>) = 1 [pid 10121] <... futex resumed>) = 0 [pid 10121] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10121] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10123] memfd_create("syzkaller", 0 [pid 10122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10123] <... memfd_create resumed>) = 3 [pid 10122] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10122] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 10124 attached [pid 10124] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10122] <... clone3 resumed> => {parent_tid=[10124]}, 88) = 10124 [pid 10122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10122] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10122] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10124] <... set_robust_list resumed>) = 0 [pid 10124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10124] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10124] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10122] <... futex resumed>) = 0 [pid 10122] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10122] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10124] memfd_create("syzkaller", 0) = 3 [pid 10124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10123] munmap(0x7fe453fca000, 138412032) = 0 [pid 10123] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 141.467574][T10115] loop0: detected capacity change from 0 to 2048 [ 141.469309][T10117] loop4: detected capacity change from 0 to 2048 [ 141.475011][T10107] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10123] ioctl(4, LOOP_SET_FD, 3 [pid 10124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10124] munmap(0x7fe453fca000, 138412032) = 0 [pid 10124] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10117] <... close resumed>) = 0 [pid 10124] <... openat resumed>) = 4 [pid 10124] ioctl(4, LOOP_SET_FD, 3 [pid 10123] <... ioctl resumed>) = 0 [pid 10117] mkdir("./file0", 0777 [pid 298] <... umount2 resumed>) = 0 [pid 10117] <... mkdir resumed>) = 0 [pid 10117] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./392/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./392/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./392/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./392") = 0 [pid 298] mkdir("./393", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10124] <... ioctl resumed>) = 0 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10125 [pid 10124] close(3./strace-static-x86_64: Process 10125 attached ) = 0 [pid 10123] close(3) = 0 [pid 10123] close(4 [pid 10125] set_robust_list(0x5555557b6760, 24 [pid 10124] close(4 [pid 10125] <... set_robust_list resumed>) = 0 [pid 10125] chdir("./393") = 0 [pid 10125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10125] setpgid(0, 0) = 0 [pid 10125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10125] write(3, "1000", 4) = 4 [pid 10125] close(3) = 0 [pid 10125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10125] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10125] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10125] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10125] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10126]}, 88) = 10126 [pid 10125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10125] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10125] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10126 attached [pid 10126] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10126] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10126] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10125] <... futex resumed>) = 0 [pid 10125] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10125] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10126] <... futex resumed>) = 1 [pid 10126] memfd_create("syzkaller", 0) = 3 [pid 10126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10115] <... mount resumed>) = 0 [pid 10115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10115] chdir("./file0") = 0 [pid 10115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10115] ioctl(4, LOOP_CLR_FD) = 0 [pid 10115] close(4) = 0 [pid 10115] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10112] <... futex resumed>) = 0 [pid 10112] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10112] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10115] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10115] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10112] <... futex resumed>) = 0 [pid 10112] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10112] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10115] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10112] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10115] <... write resumed>) = 16 [pid 10112] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10115] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10112] <... mprotect resumed>) = 0 [pid 10115] <... futex resumed>) = 0 [pid 10112] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10115] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10112] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10129 attached => {parent_tid=[10129]}, 88) = 10129 [pid 10112] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10112] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10112] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10129] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10129] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10129] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10112] <... futex resumed>) = 0 [pid 10112] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10115] <... futex resumed>) = 0 [pid 10112] <... futex resumed>) = 1 [pid 10115] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10112] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10115] <... mmap resumed>) = 0x20000000 [pid 10115] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10112] <... futex resumed>) = 0 [pid 10115] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10112] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10112] <... futex resumed>) = 0 [pid 10112] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10129] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10126] <... write resumed>) = 1048576 [ 141.539105][T10123] loop1: detected capacity change from 0 to 2048 [ 141.547119][T10124] loop2: detected capacity change from 0 to 2048 [pid 10126] munmap(0x7fe453fca000, 138412032 [pid 10115] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10115] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10126] <... munmap resumed>) = 0 [pid 10115] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10112] <... futex resumed>) = 0 [pid 10115] <... futex resumed>) = 1 [pid 10112] exit_group(0 [pid 10126] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10115] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10129] <... futex resumed>) = ? [pid 10112] <... exit_group resumed>) = ? [pid 10129] +++ exited with 0 +++ [pid 10115] <... futex resumed>) = ? [pid 10115] +++ exited with 0 +++ [pid 10112] +++ exited with 0 +++ [pid 10123] <... close resumed>) = 0 [pid 10123] mkdir("./file0", 0777) = 0 [pid 10123] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10126] <... openat resumed>) = 4 [pid 10126] ioctl(4, LOOP_SET_FD, 3 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10112, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] umount2("./391", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10124] <... close resumed>) = 0 [pid 295] getdents64(3, [pid 10124] mkdir("./file0", 0777 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10124] <... mkdir resumed>) = 0 [pid 295] umount2("./391/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10124] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./391/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./391/binderfs" [pid 10126] <... ioctl resumed>) = 0 [pid 295] <... unlink resumed>) = 0 [pid 10126] close(3 [pid 295] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10126] <... close resumed>) = 0 [pid 10126] close(4 [pid 10117] <... mount resumed>) = 0 [pid 10123] <... mount resumed>) = 0 [pid 10117] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10117] <... openat resumed>) = 3 [pid 10123] <... openat resumed>) = 3 [pid 10117] chdir("./file0" [pid 10123] chdir("./file0" [pid 10117] <... chdir resumed>) = 0 [pid 10123] <... chdir resumed>) = 0 [pid 10117] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10123] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10117] <... openat resumed>) = 4 [pid 10123] <... openat resumed>) = 4 [pid 10117] ioctl(4, LOOP_CLR_FD [pid 10123] ioctl(4, LOOP_CLR_FD [pid 10117] <... ioctl resumed>) = 0 [pid 10123] <... ioctl resumed>) = 0 [pid 10117] close(4 [pid 10123] close(4 [pid 10117] <... close resumed>) = 0 [pid 10123] <... close resumed>) = 0 [pid 10117] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10123] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10117] <... futex resumed>) = 1 [pid 10116] <... futex resumed>) = 0 [pid 10123] <... futex resumed>) = 1 [pid 10121] <... futex resumed>) = 0 [pid 10117] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10116] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10123] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10121] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10116] <... futex resumed>) = 0 [pid 10123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10121] <... futex resumed>) = 0 [pid 10117] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10116] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10123] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10121] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10117] <... openat resumed>) = 4 [pid 10117] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10116] <... futex resumed>) = 0 [pid 10117] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10116] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10123] <... openat resumed>) = 4 [pid 10117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10116] <... futex resumed>) = 0 [pid 10117] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10116] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10123] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10117] <... write resumed>) = 16 [pid 10116] <... futex resumed>) = 0 [pid 10117] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10117] <... futex resumed>) = 0 [pid 10116] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10117] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10116] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10116] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10124] <... mount resumed>) = 0 [pid 10123] <... futex resumed>) = 1 [pid 10121] <... futex resumed>) = 0 [pid 10124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10123] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10121] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10116] <... clone3 resumed> => {parent_tid=[10136]}, 88) = 10136 [pid 10124] <... openat resumed>) = 3 [pid 10123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10121] <... futex resumed>) = 0 [pid 10116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10116] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10124] chdir("./file0" [pid 10123] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10121] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10116] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10124] <... chdir resumed>) = 0 [pid 10123] <... write resumed>) = 16 [pid 10121] <... futex resumed>) = 0 [pid 10124] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10123] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10124] <... openat resumed>) = 4 [pid 10123] <... futex resumed>) = 0 [pid 10121] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10124] ioctl(4, LOOP_CLR_FD [pid 10123] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10121] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10124] <... ioctl resumed>) = 0 [pid 10121] <... mprotect resumed>) = 0 [pid 10124] close(4 [pid 10121] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10124] <... close resumed>) = 0 [pid 10121] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10124] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10124] <... futex resumed>) = 1 [pid 10122] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10136 attached [pid 10136] set_robust_list(0x7fe45c3c99a0, 24 [pid 10122] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10124] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10122] <... futex resumed>) = 0 [pid 10121] <... clone3 resumed> => {parent_tid=[10137]}, 88) = 10137 [pid 10136] <... set_robust_list resumed>) = 0 [pid 10136] rt_sigprocmask(SIG_SETMASK, [], [pid 10122] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10121] rt_sigprocmask(SIG_SETMASK, [], [pid 10136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10136] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10136] <... write resumed>) = 16 [pid 10136] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10121] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10124] <... openat resumed>) = 4 [pid 10116] <... futex resumed>) = 0 [pid 10121] <... futex resumed>) = 0 [pid 10124] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10116] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10121] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10124] <... futex resumed>) = 1 [pid 10122] <... futex resumed>) = 0 [pid 10117] <... futex resumed>) = 0 [pid 10116] <... futex resumed>) = 1 [pid 10124] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10122] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10117] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10116] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10122] <... futex resumed>) = 0 [pid 10117] <... mmap resumed>) = 0x20000000 [pid 10117] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10116] <... futex resumed>) = 0 [pid 10124] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10122] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10117] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10116] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10124] <... write resumed>) = 16 [pid 10122] <... futex resumed>) = 0 [pid 10117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10116] <... futex resumed>) = 0 [pid 10136] <... futex resumed>) = 1 [pid 10124] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10116] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10136] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 10137 attached [pid 10137] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10137] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10137] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10137] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10124] <... futex resumed>) = 0 [pid 10124] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10122] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10122] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10138]}, 88) = 10138 [pid 10122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10122] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10122] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10121] <... futex resumed>) = 0 [pid 10121] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10121] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10138 attached [pid 10138] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10138] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10138] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10138] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10122] <... futex resumed>) = 0 [pid 10122] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10124] <... futex resumed>) = 0 [pid 10122] <... futex resumed>) = 1 [pid 10124] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10122] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10124] <... mmap resumed>) = 0x20000000 [pid 10124] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10122] <... futex resumed>) = 0 [pid 10122] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10122] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10138] <... futex resumed>) = 1 [pid 10138] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10123] <... futex resumed>) = 0 [pid 10123] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10123] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10121] <... futex resumed>) = 0 [pid 10121] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 141.574943][T10115] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 141.598476][T10126] loop3: detected capacity change from 0 to 2048 [ 141.619778][T10117] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10121] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10126] <... close resumed>) = 0 [pid 10123] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10117] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 295] <... umount2 resumed>) = 0 [pid 10117] sendfile(-1, -1, [0] [pid 295] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10126] mkdir("./file0", 0777 [pid 10117] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10117] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] newfstatat(AT_FDCWD, "./391/file0", [pid 10117] <... futex resumed>) = 1 [pid 10116] <... futex resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10126] <... mkdir resumed>) = 0 [pid 10117] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10116] exit_group(0 [pid 295] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10117] <... futex resumed>) = ? [pid 10116] <... exit_group resumed>) = ? [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10136] <... futex resumed>) = ? [pid 10126] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10117] +++ exited with 0 +++ [pid 295] openat(AT_FDCWD, "./391/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10136] +++ exited with 0 +++ [pid 10116] +++ exited with 0 +++ [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10116, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] getdents64(4, [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./391/file0" [pid 299] <... restart_syscall resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] umount2("./387", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] close(3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... close resumed>) = 0 [pid 299] openat(AT_FDCWD, "./387", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] rmdir("./391" [pid 299] <... openat resumed>) = 3 [pid 295] <... rmdir resumed>) = 0 [pid 299] newfstatat(3, "", [pid 295] mkdir("./392", 0777 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 299] getdents64(3, [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] <... openat resumed>) = 3 [pid 299] umount2("./387/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] ioctl(3, LOOP_CLR_FD [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] newfstatat(AT_FDCWD, "./387/binderfs", [pid 295] close(3 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... close resumed>) = 0 [pid 10123] sendfile(-1, -1, [0] [pid 299] unlink("./387/binderfs" [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10139 attached [pid 10123] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10122] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10121] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 299] <... unlink resumed>) = 0 [pid 10139] set_robust_list(0x5555557b6760, 24) = 0 [pid 299] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10139 [pid 10139] chdir("./392") = 0 [pid 10139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10139] setpgid(0, 0) = 0 [pid 10139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10139] write(3, "1000", 4) = 4 [pid 10139] close(3) = 0 [pid 10139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10139] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10139] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10139] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10139] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10139] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10139] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10140]}, 88) = 10140 [pid 10139] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10139] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10139] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10140 attached [pid 10140] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10140] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10140] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10139] <... futex resumed>) = 0 [pid 10139] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10139] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10140] <... futex resumed>) = 1 [pid 10140] memfd_create("syzkaller", 0) = 3 [pid 10140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [ 141.626780][T10123] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 141.638295][T10124] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10123] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10121] exit_group(0 [pid 10137] <... futex resumed>) = ? [pid 10121] <... exit_group resumed>) = ? [pid 10137] +++ exited with 0 +++ [pid 10124] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10123] +++ exited with 0 +++ [pid 10121] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10121, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./393", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10124] sendfile(-1, -1, [0] [pid 296] umount2("./393/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./393/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./393/binderfs" [pid 10124] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 296] <... unlink resumed>) = 0 [pid 10124] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10124] <... futex resumed>) = 0 [pid 10122] exit_group(0 [pid 10138] <... futex resumed>) = ? [pid 10122] <... exit_group resumed>) = ? [pid 10138] +++ exited with 0 +++ [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./393/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./393/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./393/file0") = 0 [pid 10140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10124] +++ exited with 0 +++ [pid 10122] +++ exited with 0 +++ [pid 296] getdents64(3, [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10122, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 297] umount2("./392", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] rmdir("./393" [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./392/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... rmdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./392/binderfs", [pid 296] mkdir("./394", 0777 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./392/binderfs") = 0 [pid 296] <... mkdir resumed>) = 0 [pid 297] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10140] <... write resumed>) = 1048576 [pid 10140] munmap(0x7fe453fca000, 138412032) = 0 [pid 10140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10140] ioctl(4, LOOP_SET_FD, 3 [pid 10126] <... mount resumed>) = 0 [pid 10126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10126] chdir("./file0") = 0 [pid 10126] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 299] <... umount2 resumed>) = 0 [pid 10126] ioctl(4, LOOP_CLR_FD [pid 296] <... openat resumed>) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10143 [pid 10126] <... ioctl resumed>) = 0 [pid 10126] close(4) = 0 [pid 10126] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10125] <... futex resumed>) = 0 [pid 10126] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 10143 attached [pid 10143] set_robust_list(0x5555557b6760, 24) = 0 [pid 10125] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10143] chdir("./394") = 0 [pid 10143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10143] setpgid(0, 0) = 0 [pid 10143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10143] write(3, "1000", 4) = 4 [pid 10143] close(3) = 0 [pid 10143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10143] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10143] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10143] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10126] <... futex resumed>) = 0 [pid 10125] <... futex resumed>) = 1 [pid 10143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10143] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10144]}, 88) = 10144 [pid 10143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10143] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10143] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10126] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10125] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10144 attached [pid 10144] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10144] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10144] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10143] <... futex resumed>) = 0 [pid 10143] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10143] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10144] <... futex resumed>) = 1 [pid 297] <... umount2 resumed>) = 0 [pid 10144] memfd_create("syzkaller", 0 [pid 10126] <... openat resumed>) = 4 [pid 10126] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10125] <... futex resumed>) = 0 [pid 10126] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10125] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10126] <... write resumed>) = 16 [pid 10125] <... futex resumed>) = 0 [pid 10126] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10125] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10144] <... memfd_create resumed>) = 3 [pid 10144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10126] <... futex resumed>) = 0 [pid 10125] <... futex resumed>) = 0 [pid 10125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10125] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10125] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10126] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10125] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 297] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./387/file0", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10125] <... clone3 resumed> => {parent_tid=[10145]}, 88) = 10145 [pid 10140] <... ioctl resumed>) = 0 [pid 10125] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] newfstatat(AT_FDCWD, "./392/file0", [pid 10140] close(3 [pid 10125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10140] <... close resumed>) = 0 [pid 10125] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10125] <... futex resumed>) = 0 [pid 299] openat(AT_FDCWD, "./387/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10125] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... openat resumed>) = 4 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./392/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... openat resumed>) = 4 [pid 299] getdents64(4, [pid 297] newfstatat(4, "", [pid 10140] close(4 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, [pid 297] getdents64(4, [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4 [pid 297] close(4 [pid 299] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 299] rmdir("./387/file0" [pid 297] rmdir("./392/file0" [pid 299] <... rmdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 299] getdents64(3, [pid 297] getdents64(3, [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] <... close resumed>) = 0 [pid 297] close(3 [pid 299] rmdir("./387" [pid 297] <... close resumed>) = 0 [pid 297] rmdir("./392") = 0 [pid 299] <... rmdir resumed>) = 0 [pid 297] mkdir("./393", 0777 [pid 299] mkdir("./388", 0777) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 10145 attached [pid 299] <... openat resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] ioctl(3, LOOP_CLR_FD [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 297] close(3 [pid 299] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10147 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10148 [pid 10145] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10145] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10145] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10125] <... futex resumed>) = 0 [pid 10145] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10125] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10126] <... futex resumed>) = 0 [pid 10125] <... futex resumed>) = 1 [pid 10126] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10125] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10126] <... mmap resumed>) = 0x20000000 [pid 10126] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10125] <... futex resumed>) = 0 [pid 10126] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10125] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 141.717735][T10140] loop0: detected capacity change from 0 to 2048 [pid 10125] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10148 attached ./strace-static-x86_64: Process 10147 attached [pid 10144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10147] set_robust_list(0x5555557b6760, 24) = 0 [pid 10147] chdir("./388") = 0 [pid 10147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10147] setpgid(0, 0) = 0 [pid 10147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10144] <... write resumed>) = 1048576 [pid 10147] write(3, "1000", 4) = 4 [pid 10147] close(3) = 0 [pid 10147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10148] set_robust_list(0x5555557b6760, 24 [pid 10147] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10148] <... set_robust_list resumed>) = 0 [pid 10147] <... futex resumed>) = 0 [pid 10148] chdir("./393" [pid 10147] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10148] <... chdir resumed>) = 0 [pid 10147] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10148] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10147] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10148] <... prctl resumed>) = 0 [pid 10144] munmap(0x7fe453fca000, 138412032 [pid 10126] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10125] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10148] setpgid(0, 0 [pid 10147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10144] <... munmap resumed>) = 0 [pid 10126] sendfile(-1, -1, [0] [pid 10147] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10148] <... setpgid resumed>) = 0 [pid 10148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10147] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10126] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10148] <... openat resumed>) = 3 [pid 10147] <... mprotect resumed>) = 0 [pid 10144] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10126] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10148] write(3, "1000", 4) = 4 [pid 10147] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10148] close(3 [pid 10147] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10148] <... close resumed>) = 0 [pid 10147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10148] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10147] <... clone3 resumed> => {parent_tid=[10149]}, 88) = 10149 [pid 10144] <... openat resumed>) = 4 [pid 10126] <... futex resumed>) = 1 [pid 10125] <... futex resumed>) = 0 [pid 10148] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10147] rt_sigprocmask(SIG_SETMASK, [], [pid 10125] exit_group(0 [pid 10148] <... futex resumed>) = 0 [pid 10125] <... exit_group resumed>) = ? [pid 10147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10145] <... futex resumed>) = ? [pid 10148] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10145] +++ exited with 0 +++ [pid 10148] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10147] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10148] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10147] <... futex resumed>) = 0 [pid 10148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10147] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10148] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10144] ioctl(4, LOOP_SET_FD, 3 [pid 10148] <... mprotect resumed>) = 0 [pid 10148] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10148] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10150]}, 88) = 10150 [pid 10148] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10148] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10148] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10149 attached [pid 10149] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10149] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10149] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10149] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 10150 attached [pid 10150] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10150] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10150] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10148] <... futex resumed>) = 0 [pid 10148] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10148] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10150] <... futex resumed>) = 1 [pid 10150] memfd_create("syzkaller", 0) = 3 [pid 10150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10140] <... close resumed>) = 0 [pid 10147] <... futex resumed>) = 0 [pid 10140] mkdir("./file0", 0777 [pid 10147] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10140] <... mkdir resumed>) = 0 [pid 10149] <... futex resumed>) = 0 [pid 10147] <... futex resumed>) = 1 [pid 10140] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10149] memfd_create("syzkaller", 0) = 3 [pid 10149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10147] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10149] <... mmap resumed>) = 0x7fe453fca000 [pid 10150] <... write resumed>) = 1048576 [pid 10150] munmap(0x7fe453fca000, 138412032) = 0 [pid 10150] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10150] ioctl(4, LOOP_SET_FD, 3 [pid 10149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10144] <... ioctl resumed>) = 0 [pid 10126] +++ exited with 0 +++ [pid 10125] +++ exited with 0 +++ [pid 10150] <... ioctl resumed>) = 0 [pid 10150] close(3) = 0 [pid 10150] close(4 [pid 10144] close(3 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10125, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] umount2("./393", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./393/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./393/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./393/binderfs") = 0 [pid 298] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10149] <... write resumed>) = 1048576 [pid 10144] <... close resumed>) = 0 [pid 10149] munmap(0x7fe453fca000, 138412032 [pid 10144] close(4 [pid 10149] <... munmap resumed>) = 0 [pid 10149] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 141.764986][T10126] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 141.786716][T10144] loop1: detected capacity change from 0 to 2048 [ 141.799677][T10150] loop2: detected capacity change from 0 to 2048 [pid 10149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10149] close(3) = 0 [pid 10149] close(4 [pid 10150] <... close resumed>) = 0 [pid 10149] <... close resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 10150] mkdir("./file0", 0777 [pid 10149] mkdir("./file0", 0777 [pid 298] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10149] <... mkdir resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10149] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] newfstatat(AT_FDCWD, "./393/file0", [pid 10150] <... mkdir resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10150] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./393/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", [pid 10144] <... close resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10144] mkdir("./file0", 0777) = 0 [pid 10144] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./393/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./393") = 0 [pid 298] mkdir("./394", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10140] <... mount resumed>) = 0 [pid 10140] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] <... openat resumed>) = 3 [pid 10140] <... openat resumed>) = 3 [pid 10140] chdir("./file0" [pid 298] ioctl(3, LOOP_CLR_FD [pid 10140] <... chdir resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 298] close(3 [pid 10140] ioctl(4, LOOP_CLR_FD [pid 298] <... close resumed>) = 0 [pid 10140] <... ioctl resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10140] close(4) = 0 [pid 10140] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10155 attached [pid 10155] set_robust_list(0x5555557b6760, 24 [pid 10144] <... mount resumed>) = 0 [pid 10140] <... futex resumed>) = 1 [pid 10139] <... futex resumed>) = 0 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10155 [pid 10140] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10139] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10144] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10139] <... futex resumed>) = 0 [pid 10139] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10144] <... openat resumed>) = 3 [pid 10140] <... openat resumed>) = 4 [pid 10144] chdir("./file0" [pid 10140] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10144] <... chdir resumed>) = 0 [pid 10140] <... futex resumed>) = 1 [pid 10139] <... futex resumed>) = 0 [pid 10144] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10140] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10139] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10144] <... openat resumed>) = 4 [pid 10140] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10139] <... futex resumed>) = 0 [pid 10144] ioctl(4, LOOP_CLR_FD) = 0 [pid 10140] <... write resumed>) = 16 [ 141.812834][T10149] loop4: detected capacity change from 0 to 2048 [pid 10139] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10144] close(4 [pid 10140] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10139] <... futex resumed>) = 0 [pid 10155] <... set_robust_list resumed>) = 0 [pid 10144] <... close resumed>) = 0 [pid 10139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10144] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10140] <... futex resumed>) = 0 [pid 10144] <... futex resumed>) = 1 [pid 10143] <... futex resumed>) = 0 [pid 10140] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10139] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10144] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10143] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10139] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10143] <... futex resumed>) = 0 [pid 10139] <... mprotect resumed>) = 0 [pid 10155] chdir("./394" [pid 10144] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10143] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10139] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10155] <... chdir resumed>) = 0 [pid 10155] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10139] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10155] <... prctl resumed>) = 0 [pid 10139] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10155] setpgid(0, 0) = 0 [pid 10155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10144] <... openat resumed>) = 4 [pid 10155] <... openat resumed>) = 3 [pid 10144] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10139] <... clone3 resumed> => {parent_tid=[10156]}, 88) = 10156 [pid 10155] write(3, "1000", 4 [pid 10144] <... futex resumed>) = 1 [pid 10143] <... futex resumed>) = 0 [pid 10139] rt_sigprocmask(SIG_SETMASK, [], [pid 10155] <... write resumed>) = 4 [pid 10144] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10143] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10155] close(3 [pid 10144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10143] <... futex resumed>) = 0 [pid 10139] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10155] <... close resumed>) = 0 [pid 10144] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10143] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10139] <... futex resumed>) = 0 [pid 10155] symlink("/dev/binderfs", "./binderfs" [pid 10144] <... write resumed>) = 16 [pid 10143] <... futex resumed>) = 0 [pid 10139] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10144] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10144] <... futex resumed>) = 0 [pid 10143] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10144] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10143] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10155] <... symlink resumed>) = 0 [pid 10143] <... mprotect resumed>) = 0 [pid 10143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10155] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10157 attached [pid 10155] <... futex resumed>) = 0 [pid 10143] <... clone3 resumed> => {parent_tid=[10157]}, 88) = 10157 [pid 10155] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10157] set_robust_list(0x7fe45c3c99a0, 24 [pid 10143] rt_sigprocmask(SIG_SETMASK, [], [pid 10155] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10157] <... set_robust_list resumed>) = 0 [pid 10155] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10143] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10156 attached [pid 10155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10143] <... futex resumed>) = 0 [pid 10156] set_robust_list(0x7fe45c3c99a0, 24 [pid 10155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10143] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10156] <... set_robust_list resumed>) = 0 [pid 10155] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10156] rt_sigprocmask(SIG_SETMASK, [], [pid 10155] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10155] <... mprotect resumed>) = 0 [pid 10157] rt_sigprocmask(SIG_SETMASK, [], [pid 10156] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10155] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10156] <... write resumed>) = 16 [pid 10155] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10156] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10155] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 10158 attached [pid 10157] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10156] <... futex resumed>) = 1 [pid 10139] <... futex resumed>) = 0 [pid 10156] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10155] <... clone3 resumed> => {parent_tid=[10158]}, 88) = 10158 [pid 10139] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10155] rt_sigprocmask(SIG_SETMASK, [], [pid 10140] <... futex resumed>) = 0 [pid 10139] <... futex resumed>) = 1 [pid 10155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10140] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10139] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10155] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10140] <... mmap resumed>) = 0x20000000 [pid 10155] <... futex resumed>) = 0 [pid 10140] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10155] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10140] <... futex resumed>) = 1 [pid 10139] <... futex resumed>) = 0 [pid 10140] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 10139] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10158] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10139] <... futex resumed>) = 0 [pid 10158] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10158] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10155] <... futex resumed>) = 0 [pid 10158] memfd_create("syzkaller", 0 [pid 10155] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10158] <... memfd_create resumed>) = 3 [pid 10155] <... futex resumed>) = 0 [pid 10158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10155] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10158] <... mmap resumed>) = 0x7fe453fca000 [pid 10158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10158] munmap(0x7fe453fca000, 138412032) = 0 [pid 10158] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10158] ioctl(4, LOOP_SET_FD, 3 [pid 10157] <... write resumed>) = 16 [pid 10140] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10139] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10157] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10140] sendfile(-1, -1, [0] [pid 10157] <... futex resumed>) = 1 [pid 10143] <... futex resumed>) = 0 [pid 10157] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10143] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10140] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10144] <... futex resumed>) = 0 [pid 10143] <... futex resumed>) = 1 [pid 10158] <... ioctl resumed>) = 0 [pid 10144] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10143] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10140] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10158] close(3) = 0 [pid 10158] close(4 [pid 10139] <... futex resumed>) = 0 [pid 10144] <... mmap resumed>) = 0x20000000 [pid 10139] exit_group(0 [pid 10156] <... futex resumed>) = ? [pid 10139] <... exit_group resumed>) = ? [pid 10156] +++ exited with 0 +++ [pid 10144] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10144] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10143] <... futex resumed>) = 0 [pid 10143] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10143] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10140] <... futex resumed>) = ? [pid 10144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10140] +++ exited with 0 +++ [pid 10139] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10139, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./392", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./392/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./392/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./392/binderfs") = 0 [pid 295] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10144] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10144] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10150] <... mount resumed>) = 0 [pid 10150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10150] chdir("./file0") = 0 [pid 10144] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10150] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10150] ioctl(4, LOOP_CLR_FD [pid 10144] <... futex resumed>) = 1 [pid 10143] <... futex resumed>) = 0 [pid 10150] <... ioctl resumed>) = 0 [pid 10144] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10143] exit_group(0) = ? [pid 10157] <... futex resumed>) = ? [pid 10150] close(4 [pid 10144] <... futex resumed>) = ? [pid 10157] +++ exited with 0 +++ [pid 10150] <... close resumed>) = 0 [pid 10150] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10150] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10148] <... futex resumed>) = 0 [pid 10148] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10150] <... futex resumed>) = 0 [pid 10148] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10150] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10144] +++ exited with 0 +++ [pid 10143] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10143, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 10150] <... openat resumed>) = 4 [pid 10150] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10148] <... futex resumed>) = 0 [pid 10150] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10148] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10150] <... write resumed>) = 16 [pid 10148] <... futex resumed>) = 0 [pid 296] <... restart_syscall resumed>) = 0 [pid 10150] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10148] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10150] <... futex resumed>) = 0 [pid 10148] <... futex resumed>) = 0 [pid 10150] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10148] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 296] umount2("./394", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10148] <... mprotect resumed>) = 0 [pid 10148] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10148] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10148] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 296] openat(AT_FDCWD, "./394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10148] <... clone3 resumed> => {parent_tid=[10161]}, 88) = 10161 [pid 10148] rt_sigprocmask(SIG_SETMASK, [], [pid 296] <... openat resumed>) = 3 [pid 10148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] newfstatat(3, "", [pid 10148] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10148] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10161 attached [pid 296] getdents64(3, [pid 10161] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10161] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10161] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10148] <... futex resumed>) = 0 [pid 10148] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10150] <... futex resumed>) = 0 [pid 10148] <... futex resumed>) = 1 [pid 10161] <... futex resumed>) = 1 [pid 10150] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10148] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] umount2("./394/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10161] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10150] <... mmap resumed>) = 0x20000000 [pid 10150] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10148] <... futex resumed>) = 0 [pid 10150] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10148] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10148] <... futex resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./394/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 141.865387][T10140] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 141.879087][T10158] loop3: detected capacity change from 0 to 2048 [ 141.890798][T10144] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 296] unlink("./394/binderfs") = 0 [pid 296] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10148] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10150] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10150] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10150] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10148] <... futex resumed>) = 0 [pid 10158] <... close resumed>) = 0 [pid 10150] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10148] exit_group(0 [pid 10158] mkdir("./file0", 0777 [pid 10161] <... futex resumed>) = ? [pid 10150] <... futex resumed>) = ? [pid 10148] <... exit_group resumed>) = ? [pid 10161] +++ exited with 0 +++ [pid 10158] <... mkdir resumed>) = 0 [pid 10158] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10150] +++ exited with 0 +++ [pid 10148] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10148, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./393", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./393/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./393/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./393/binderfs") = 0 [pid 297] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 296] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./394/file0", [pid 295] newfstatat(AT_FDCWD, "./392/file0", [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10149] <... mount resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10158] <... mount resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10158] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10149] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 296] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] openat(AT_FDCWD, "./392/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10158] <... openat resumed>) = 3 [pid 10149] <... openat resumed>) = 3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... openat resumed>) = 4 [pid 10158] chdir("./file0" [pid 10149] chdir("./file0" [pid 10158] <... chdir resumed>) = 0 [pid 10149] <... chdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "./394/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] newfstatat(4, "", [pid 10158] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10149] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] <... openat resumed>) = 4 [pid 10158] <... openat resumed>) = 4 [pid 10149] <... openat resumed>) = 4 [pid 296] newfstatat(4, "", [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10158] ioctl(4, LOOP_CLR_FD [pid 10149] ioctl(4, LOOP_CLR_FD [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10158] <... ioctl resumed>) = 0 [pid 10149] <... ioctl resumed>) = 0 [pid 295] getdents64(4, [pid 296] getdents64(4, [pid 10158] close(4) = 0 [pid 10149] close(4 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10158] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10149] <... close resumed>) = 0 [pid 296] getdents64(4, [pid 10149] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] getdents64(4, [pid 10158] <... futex resumed>) = 1 [pid 10155] <... futex resumed>) = 0 [pid 10149] <... futex resumed>) = 1 [pid 10147] <... futex resumed>) = 0 [pid 296] close(4 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10158] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10155] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10149] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10147] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... close resumed>) = 0 [pid 295] close(4 [pid 10158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10155] <... futex resumed>) = 0 [pid 10149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10147] <... futex resumed>) = 0 [pid 296] rmdir("./394/file0" [pid 10158] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10155] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10149] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10147] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... close resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 295] rmdir("./392/file0") = 0 [pid 10158] <... openat resumed>) = 4 [pid 296] getdents64(3, [pid 295] getdents64(3, [pid 10158] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10149] <... openat resumed>) = 4 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10158] <... futex resumed>) = 1 [pid 10155] <... futex resumed>) = 0 [pid 10149] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] close(3 [pid 295] close(3 [pid 10158] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10155] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10149] <... futex resumed>) = 1 [pid 10147] <... futex resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 10158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10155] <... futex resumed>) = 0 [pid 10149] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10147] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] rmdir("./394" [pid 295] <... close resumed>) = 0 [pid 10158] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10155] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10147] <... futex resumed>) = 0 [pid 10158] <... write resumed>) = 16 [pid 10155] <... futex resumed>) = 0 [pid 10147] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10149] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 296] <... rmdir resumed>) = 0 [pid 295] rmdir("./392" [pid 10158] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10149] <... write resumed>) = 16 [pid 10147] <... futex resumed>) = 0 [pid 296] mkdir("./395", 0777 [pid 10158] <... futex resumed>) = 0 [pid 10155] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10158] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10155] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10147] <... mmap resumed>) = 0x7fe45c3a9000 [pid 295] <... rmdir resumed>) = 0 [pid 10155] <... mprotect resumed>) = 0 [pid 10147] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10155] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10147] <... mprotect resumed>) = 0 [pid 10155] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10149] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10147] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] <... mkdir resumed>) = 0 [pid 295] mkdir("./393", 0777 [pid 10155] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10149] <... futex resumed>) = 0 [pid 10147] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10155] <... clone3 resumed> => {parent_tid=[10167]}, 88) = 10167 [pid 10149] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] <... openat resumed>) = 3 [pid 295] <... mkdir resumed>) = 0 [pid 10155] rt_sigprocmask(SIG_SETMASK, [], [pid 10147] <... clone3 resumed> => {parent_tid=[10168]}, 88) = 10168 [pid 296] ioctl(3, LOOP_CLR_FD [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10147] rt_sigprocmask(SIG_SETMASK, [], [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10155] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] close(3 [pid 295] <... openat resumed>) = 3 [pid 10155] <... futex resumed>) = 0 [pid 10147] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10155] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10147] <... futex resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 295] ioctl(3, LOOP_CLR_FD [pid 10147] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 10167 attached [pid 10167] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10167] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10167] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 295] close(3 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10169 [pid 295] <... close resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10167] <... write resumed>) = 16 [pid 10167] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10155] <... futex resumed>) = 0 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10170 [pid 10155] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10158] <... futex resumed>) = 0 [pid 10155] <... futex resumed>) = 1 [pid 10158] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10155] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10158] <... mmap resumed>) = 0x20000000 [pid 10158] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10155] <... futex resumed>) = 0 [pid 10158] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10155] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10155] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10168 attached [pid 10155] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10167] <... futex resumed>) = 1 [pid 10167] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 10169 attached [pid 10169] set_robust_list(0x5555557b6760, 24./strace-static-x86_64: Process 10170 attached [ 141.916723][T10150] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10170] set_robust_list(0x5555557b6760, 24 [pid 10169] <... set_robust_list resumed>) = 0 [pid 10168] set_robust_list(0x7fe45c3c99a0, 24 [pid 297] <... umount2 resumed>) = 0 [pid 10170] <... set_robust_list resumed>) = 0 [pid 10169] chdir("./395" [pid 10168] <... set_robust_list resumed>) = 0 [pid 297] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10170] chdir("./393" [pid 10169] <... chdir resumed>) = 0 [pid 10168] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10170] <... chdir resumed>) = 0 [pid 10169] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] newfstatat(AT_FDCWD, "./393/file0", [pid 10170] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10169] <... prctl resumed>) = 0 [pid 10168] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10170] <... prctl resumed>) = 0 [pid 10169] setpgid(0, 0 [pid 10168] <... write resumed>) = 16 [pid 297] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10170] setpgid(0, 0 [pid 10169] <... setpgid resumed>) = 0 [pid 10168] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10170] <... setpgid resumed>) = 0 [pid 10169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10168] <... futex resumed>) = 1 [pid 10147] <... futex resumed>) = 0 [pid 297] openat(AT_FDCWD, "./393/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10169] <... openat resumed>) = 3 [pid 10168] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10147] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... openat resumed>) = 4 [pid 10170] <... openat resumed>) = 3 [pid 10169] write(3, "1000", 4 [pid 10149] <... futex resumed>) = 0 [pid 10147] <... futex resumed>) = 1 [pid 297] newfstatat(4, "", [pid 10170] write(3, "1000", 4 [pid 10169] <... write resumed>) = 4 [pid 10149] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10147] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10170] <... write resumed>) = 4 [pid 10169] close(3 [pid 10149] <... mmap resumed>) = 0x20000000 [pid 297] getdents64(4, [pid 10170] close(3 [pid 10169] <... close resumed>) = 0 [pid 10149] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10170] <... close resumed>) = 0 [pid 10169] symlink("/dev/binderfs", "./binderfs" [pid 10149] <... futex resumed>) = 1 [pid 10147] <... futex resumed>) = 0 [pid 297] getdents64(4, [pid 10170] symlink("/dev/binderfs", "./binderfs" [pid 10169] <... symlink resumed>) = 0 [pid 10149] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10147] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10170] <... symlink resumed>) = 0 [pid 10169] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10147] <... futex resumed>) = 0 [pid 297] close(4 [pid 10170] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10169] <... futex resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 10170] <... futex resumed>) = 0 [pid 10169] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 297] rmdir("./393/file0" [pid 10170] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10169] <... rt_sigaction resumed>NULL, 8) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 10170] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10169] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 297] getdents64(3, [pid 10170] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] close(3 [pid 10170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10169] <... mmap resumed>) = 0x7fe45c3ca000 [pid 297] <... close resumed>) = 0 [pid 10170] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10169] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 297] rmdir("./393" [pid 10170] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10169] <... mprotect resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 10170] <... mprotect resumed>) = 0 [pid 10169] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] mkdir("./394", 0777 [pid 10170] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10169] <... rt_sigprocmask resumed>[], 8) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 10170] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 297] <... openat resumed>) = 3 [pid 10169] <... clone3 resumed> => {parent_tid=[10171]}, 88) = 10171 [pid 297] ioctl(3, LOOP_CLR_FD [pid 10170] <... clone3 resumed> => {parent_tid=[10172]}, 88) = 10172 [pid 10169] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10170] rt_sigprocmask(SIG_SETMASK, [], [pid 10169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] close(3 [pid 10170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10169] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... close resumed>) = 0 [pid 10170] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10169] <... futex resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10170] <... futex resumed>) = 0 [pid 10169] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10170] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10173 [pid 10147] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10158] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- ./strace-static-x86_64: Process 10173 attached ./strace-static-x86_64: Process 10172 attached ./strace-static-x86_64: Process 10171 attached [pid 10158] sendfile(-1, -1, [0] [pid 10155] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10173] set_robust_list(0x5555557b6760, 24 [pid 10172] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10171] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10149] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10173] <... set_robust_list resumed>) = 0 [pid 10172] <... set_robust_list resumed>) = 0 [pid 10171] <... set_robust_list resumed>) = 0 [pid 10158] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10173] chdir("./394" [pid 10172] rt_sigprocmask(SIG_SETMASK, [], [pid 10171] rt_sigprocmask(SIG_SETMASK, [], [pid 10158] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10149] sendfile(-1, -1, [0] [pid 10173] <... chdir resumed>) = 0 [pid 10172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10158] <... futex resumed>) = 0 [pid 10173] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10172] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10171] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10158] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10173] <... prctl resumed>) = 0 [pid 10172] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10171] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10149] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10173] setpgid(0, 0 [pid 10172] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10171] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10173] <... setpgid resumed>) = 0 [pid 10172] <... futex resumed>) = 1 [pid 10170] <... futex resumed>) = 0 [pid 10149] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10171] <... futex resumed>) = 1 [pid 10169] <... futex resumed>) = 0 [pid 10173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10172] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10171] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10170] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10169] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10149] <... futex resumed>) = 1 [pid 10147] <... futex resumed>) = 0 [pid 10173] <... openat resumed>) = 3 [pid 10172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10170] <... futex resumed>) = 0 [pid 10169] <... futex resumed>) = 0 [pid 10155] exit_group(0 [pid 10149] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10147] exit_group(0 [pid 10173] write(3, "1000", 4 [pid 10172] memfd_create("syzkaller", 0 [pid 10171] memfd_create("syzkaller", 0 [pid 10170] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10169] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10168] <... futex resumed>) = ? [pid 10167] <... futex resumed>) = ? [pid 10158] <... futex resumed>) = ? [pid 10155] <... exit_group resumed>) = ? [pid 10149] <... futex resumed>) = ? [pid 10147] <... exit_group resumed>) = ? [pid 10173] <... write resumed>) = 4 [pid 10172] <... memfd_create resumed>) = 3 [pid 10171] <... memfd_create resumed>) = 3 [pid 10168] +++ exited with 0 +++ [pid 10167] +++ exited with 0 +++ [pid 10158] +++ exited with 0 +++ [pid 10155] +++ exited with 0 +++ [pid 10173] close(3 [pid 10172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10155, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 10173] <... close resumed>) = 0 [pid 10172] <... mmap resumed>) = 0x7fe453fca000 [pid 10171] <... mmap resumed>) = 0x7fe453fca000 [pid 10149] +++ exited with 0 +++ [pid 10147] +++ exited with 0 +++ [pid 10173] symlink("/dev/binderfs", "./binderfs" [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10147, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 298] umount2("./394", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... restart_syscall resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] umount2("./388", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] newfstatat(3, "", [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] openat(AT_FDCWD, "./388", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] getdents64(3, [pid 299] <... openat resumed>) = 3 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] newfstatat(3, "", [pid 298] umount2("./394/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] getdents64(3, [pid 298] newfstatat(AT_FDCWD, "./394/binderfs", [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 299] umount2("./388/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] unlink("./394/binderfs" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... unlink resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./388/binderfs", [pid 298] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10173] <... symlink resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10173] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] unlink("./388/binderfs" [pid 10173] <... futex resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 299] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10173] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10173] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10171] <... write resumed>) = 1048576 [pid 10173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10173] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10171] munmap(0x7fe453fca000, 138412032 [pid 10173] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10173] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10174]}, 88) = 10174 [pid 10173] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10172] <... write resumed>) = 1048576 [pid 10173] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10172] munmap(0x7fe453fca000, 138412032 [pid 10173] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10172] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 10174 attached [pid 10172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10171] <... munmap resumed>) = 0 [pid 10171] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10172] ioctl(4, LOOP_SET_FD, 3 [pid 10174] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10171] <... openat resumed>) = 4 [ 141.968119][T10158] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 141.996419][T10149] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10171] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10171] close(3) = 0 [pid 10171] close(4 [pid 10174] <... set_robust_list resumed>) = 0 [pid 10174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10174] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10174] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10174] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10173] <... futex resumed>) = 0 [pid 10173] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10173] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10174] <... futex resumed>) = 0 [pid 10174] memfd_create("syzkaller", 0) = 3 [pid 10174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 298] <... umount2 resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 10174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 299] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./388/file0", [pid 298] newfstatat(AT_FDCWD, "./394/file0", [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./388/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] openat(AT_FDCWD, "./394/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... openat resumed>) = 4 [pid 298] <... openat resumed>) = 4 [pid 299] newfstatat(4, "", [pid 298] newfstatat(4, "", [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] close(4 [pid 298] getdents64(4, [pid 299] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] rmdir("./388/file0" [pid 298] close(4 [pid 299] <... rmdir resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 299] getdents64(3, [pid 298] rmdir("./394/file0" [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 299] close(3 [pid 298] getdents64(3, [pid 299] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] rmdir("./388" [pid 298] close(3 [pid 299] <... rmdir resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 299] mkdir("./389", 0777 [pid 298] rmdir("./394" [pid 299] <... mkdir resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] mkdir("./395", 0777 [pid 299] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 298] <... mkdir resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 299] close(3) = 0 [pid 298] <... openat resumed>) = 3 [pid 10172] <... ioctl resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 10172] close(3 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10175 [pid 298] close(3 [pid 10172] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 10172] close(4 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10175 attached , child_tidptr=0x5555557b6750) = 10176 [pid 10175] set_robust_list(0x5555557b6760, 24) = 0 [pid 10175] chdir("./389") = 0 [pid 10175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10174] <... write resumed>) = 1048576 ./strace-static-x86_64: Process 10176 attached [pid 10175] setpgid(0, 0 [pid 10174] munmap(0x7fe453fca000, 138412032 [pid 10176] set_robust_list(0x5555557b6760, 24 [pid 10175] <... setpgid resumed>) = 0 [pid 10176] <... set_robust_list resumed>) = 0 [pid 10174] <... munmap resumed>) = 0 [pid 10176] chdir("./395" [pid 10174] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10174] ioctl(4, LOOP_SET_FD, 3 [pid 10176] <... chdir resumed>) = 0 [pid 10176] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10176] <... prctl resumed>) = 0 [pid 10176] setpgid(0, 0) = 0 [pid 10176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10175] <... openat resumed>) = 3 [pid 10176] <... openat resumed>) = 3 [pid 10175] write(3, "1000", 4) = 4 [pid 10175] close(3 [pid 10176] write(3, "1000", 4) = 4 [pid 10176] close(3 [pid 10175] <... close resumed>) = 0 [pid 10176] <... close resumed>) = 0 [pid 10175] symlink("/dev/binderfs", "./binderfs" [pid 10176] symlink("/dev/binderfs", "./binderfs" [pid 10175] <... symlink resumed>) = 0 [pid 10175] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10174] <... ioctl resumed>) = 0 [pid 10176] <... symlink resumed>) = 0 [pid 10176] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10175] <... futex resumed>) = 0 [pid 10174] close(3 [pid 10176] <... futex resumed>) = 0 [pid 10176] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10176] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10176] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10176] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10175] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10174] <... close resumed>) = 0 [pid 10176] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10174] close(4 [pid 10176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10175] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10171] <... close resumed>) = 0 [pid 10171] mkdir("./file0", 0777 [pid 10176] <... clone3 resumed> => {parent_tid=[10177]}, 88) = 10177 [pid 10176] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10176] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10176] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10171] <... mkdir resumed>) = 0 [pid 10171] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue"./strace-static-x86_64: Process 10177 attached [pid 10177] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10177] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10177] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10176] <... futex resumed>) = 0 [pid 10176] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10176] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10177] <... futex resumed>) = 1 [pid 10175] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10177] memfd_create("syzkaller", 0 [pid 10175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10175] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10175] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10177] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 10178 attached [pid 10178] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10178] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10175] <... clone3 resumed> => {parent_tid=[10178]}, 88) = 10178 [pid 10175] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10175] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10178] <... futex resumed>) = 0 [pid 10178] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10178] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10178] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10175] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 10175] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10178] <... futex resumed>) = 0 [pid 10178] memfd_create("syzkaller", 0) = 3 [pid 10177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10175] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10174] <... close resumed>) = 0 [pid 10172] <... close resumed>) = 0 [pid 10174] mkdir("./file0", 0777 [pid 10172] mkdir("./file0", 0777 [pid 10174] <... mkdir resumed>) = 0 [pid 10172] <... mkdir resumed>) = 0 [pid 10174] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10172] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10177] <... write resumed>) = 1048576 [pid 10177] munmap(0x7fe453fca000, 138412032) = 0 [pid 10177] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 142.049240][T10171] loop1: detected capacity change from 0 to 2048 [ 142.049735][T10172] loop0: detected capacity change from 0 to 2048 [ 142.082503][T10174] loop2: detected capacity change from 0 to 2048 [pid 10177] ioctl(4, LOOP_SET_FD, 3 [pid 10178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10177] <... ioctl resumed>) = 0 [pid 10177] close(3) = 0 [pid 10177] close(4 [pid 10178] <... write resumed>) = 1048576 [pid 10178] munmap(0x7fe453fca000, 138412032) = 0 [pid 10178] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10178] ioctl(4, LOOP_SET_FD, 3 [pid 10174] <... mount resumed>) = 0 [pid 10174] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10174] chdir("./file0") = 0 [pid 10174] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10174] ioctl(4, LOOP_CLR_FD) = 0 [pid 10174] close(4) = 0 [pid 10174] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10173] <... futex resumed>) = 0 [pid 10173] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10173] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10174] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10174] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10173] <... futex resumed>) = 0 [pid 10178] <... ioctl resumed>) = 0 [pid 10173] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10178] close(3 [pid 10174] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10173] <... futex resumed>) = 0 [pid 10174] <... write resumed>) = 16 [pid 10173] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10174] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10173] <... futex resumed>) = 0 [pid 10174] <... futex resumed>) = 0 [pid 10173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10178] <... close resumed>) = 0 [pid 10174] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10173] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10172] <... mount resumed>) = 0 [pid 10173] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10172] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10178] close(4 [pid 10173] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10172] <... openat resumed>) = 3 [pid 10173] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10173] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10172] chdir("./file0" [pid 10173] <... clone3 resumed> => {parent_tid=[10183]}, 88) = 10183 [pid 10172] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 10183 attached [pid 10173] rt_sigprocmask(SIG_SETMASK, [], [pid 10172] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10173] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10172] <... openat resumed>) = 4 [pid 10183] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10173] <... futex resumed>) = 0 [pid 10172] ioctl(4, LOOP_CLR_FD [pid 10173] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10183] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10172] <... ioctl resumed>) = 0 [pid 10183] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10173] <... futex resumed>) = 0 [pid 10173] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10174] <... futex resumed>) = 0 [pid 10173] <... futex resumed>) = 1 [pid 10174] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10173] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10174] <... mmap resumed>) = 0x20000000 [pid 10172] close(4 [pid 10174] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10173] <... futex resumed>) = 0 [pid 10172] <... close resumed>) = 0 [pid 10183] <... futex resumed>) = 1 [pid 10174] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10173] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10172] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10173] <... futex resumed>) = 0 [pid 10172] <... futex resumed>) = 1 [pid 10170] <... futex resumed>) = 0 [pid 10183] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10173] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10172] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10170] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10172] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10170] <... futex resumed>) = 0 [pid 10172] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10172] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10170] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10174] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10174] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10174] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10173] <... futex resumed>) = 0 [pid 10173] exit_group(0) = ? [pid 10170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10170] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10183] <... futex resumed>) = ? [pid 10172] <... futex resumed>) = 0 [pid 10170] <... futex resumed>) = 1 [pid 10172] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10183] +++ exited with 0 +++ [pid 10172] <... write resumed>) = 16 [pid 10170] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10172] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10170] <... futex resumed>) = 0 [pid 10174] <... futex resumed>) = ? [pid 10172] <... futex resumed>) = 0 [pid 10172] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10174] +++ exited with 0 +++ [pid 10173] +++ exited with 0 +++ [pid 10170] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10177] <... close resumed>) = 0 [pid 10177] mkdir("./file0", 0777) = 0 [pid 10177] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10170] <... mprotect resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10173, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 10170] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 297] umount2("./394", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10170] <... clone3 resumed> => {parent_tid=[10184]}, 88) = 10184 [pid 297] openat(AT_FDCWD, "./394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10170] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... openat resumed>) = 3 [pid 10170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] newfstatat(3, "", [pid 10170] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10170] <... futex resumed>) = 0 [pid 297] getdents64(3, [pid 10170] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./394/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./394/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10171] <... mount resumed>) = 0 [pid 297] unlink("./394/binderfs"./strace-static-x86_64: Process 10184 attached [pid 10178] <... close resumed>) = 0 [pid 10171] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10178] mkdir("./file0", 0777 [pid 297] <... unlink resumed>) = 0 [pid 10171] <... openat resumed>) = 3 [pid 297] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10184] set_robust_list(0x7fe45c3c99a0, 24 [pid 10178] <... mkdir resumed>) = 0 [pid 10171] chdir("./file0" [pid 10184] <... set_robust_list resumed>) = 0 [pid 10178] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10171] <... chdir resumed>) = 0 [pid 10184] rt_sigprocmask(SIG_SETMASK, [], [pid 10171] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10171] <... openat resumed>) = 4 [pid 10184] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10171] ioctl(4, LOOP_CLR_FD [pid 10184] <... write resumed>) = 16 [pid 10171] <... ioctl resumed>) = 0 [pid 10184] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10171] close(4 [pid 10184] <... futex resumed>) = 1 [pid 10170] <... futex resumed>) = 0 [pid 10184] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10171] <... close resumed>) = 0 [pid 10170] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10172] <... futex resumed>) = 0 [pid 10171] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10170] <... futex resumed>) = 1 [pid 10172] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10171] <... futex resumed>) = 1 [pid 10170] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10169] <... futex resumed>) = 0 [pid 10172] <... mmap resumed>) = 0x20000000 [pid 10171] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10169] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10172] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10169] <... futex resumed>) = 0 [pid 10172] <... futex resumed>) = 1 [pid 10171] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10170] <... futex resumed>) = 0 [pid 10169] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10172] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10170] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 142.117663][T10177] loop3: detected capacity change from 0 to 2048 [ 142.126957][T10178] loop4: detected capacity change from 0 to 2048 [ 142.139921][T10174] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10171] <... openat resumed>) = 4 [pid 10170] <... futex resumed>) = 0 [pid 10172] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10171] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10170] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10172] sendfile(-1, -1, [0] [pid 10171] <... futex resumed>) = 1 [pid 10169] <... futex resumed>) = 0 [pid 10172] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10171] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10169] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10169] <... futex resumed>) = 0 [pid 10172] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10171] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10169] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10171] <... write resumed>) = 16 [pid 10169] <... futex resumed>) = 0 [pid 10171] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10171] <... futex resumed>) = 0 [pid 10169] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10171] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10169] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10169] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10187]}, 88) = 10187 [pid 10172] <... futex resumed>) = 1 [pid 10170] <... futex resumed>) = 0 [pid 10169] rt_sigprocmask(SIG_SETMASK, [], [pid 10172] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10170] exit_group(0 [pid 10169] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 10187 attached [pid 10184] <... futex resumed>) = ? [pid 10172] <... futex resumed>) = ? [pid 10170] <... exit_group resumed>) = ? [pid 10169] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10169] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10172] +++ exited with 0 +++ [pid 10187] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10187] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10184] +++ exited with 0 +++ [pid 10170] +++ exited with 0 +++ [pid 10187] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10170, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 10187] <... write resumed>) = 16 [pid 295] <... restart_syscall resumed>) = 0 [pid 10187] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10169] <... futex resumed>) = 0 [pid 295] umount2("./393", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10187] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10169] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10171] <... futex resumed>) = 0 [pid 10169] <... futex resumed>) = 1 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10171] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10169] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10171] <... mmap resumed>) = 0x20000000 [pid 295] openat(AT_FDCWD, "./393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10171] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10169] <... futex resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 10171] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10169] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] newfstatat(3, "", [pid 10171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10169] <... futex resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10169] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./393/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./393/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./393/binderfs") = 0 [pid 295] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10177] <... mount resumed>) = 0 [pid 10177] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10177] chdir("./file0") = 0 [pid 10177] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10177] ioctl(4, LOOP_CLR_FD) = 0 [pid 10177] close(4) = 0 [pid 10177] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10176] <... futex resumed>) = 0 [pid 10177] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10176] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10176] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10177] <... openat resumed>) = 4 [pid 10177] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10176] <... futex resumed>) = 0 [pid 10177] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10176] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10177] <... write resumed>) = 16 [pid 10176] <... futex resumed>) = 0 [pid 10177] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10176] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10177] <... futex resumed>) = 0 [pid 10176] <... futex resumed>) = 0 [pid 10177] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10176] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10176] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10190]}, 88) = 10190 [pid 10176] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10176] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10176] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10190 attached [pid 10190] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10190] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10190] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10190] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10176] <... futex resumed>) = 0 [pid 10176] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10177] <... futex resumed>) = 0 [pid 10176] <... futex resumed>) = 1 [pid 10177] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10176] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10177] <... mmap resumed>) = 0x20000000 [pid 10177] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10176] <... futex resumed>) = 0 [ 142.170776][T10172] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 142.192027][T10171] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 142.206305][T10177] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10176] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = 0 [pid 10177] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10190] <... futex resumed>) = 1 [pid 10176] <... futex resumed>) = 0 [pid 10176] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10171] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10171] sendfile(-1, -1, [0] [pid 297] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10171] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./394/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./394/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10190] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] <... openat resumed>) = 4 [pid 297] newfstatat(4, "", [pid 10177] sendfile(-1, -1, [0] [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10177] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10177] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10171] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] close(4) = 0 [pid 297] rmdir("./394/file0") = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./394") = 0 [pid 297] mkdir("./395", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10191 [pid 10176] <... futex resumed>) = 0 [pid 10176] exit_group(0) = ? [pid 10190] <... futex resumed>) = ? [pid 10190] +++ exited with 0 +++ [pid 10177] <... futex resumed>) = ? ./strace-static-x86_64: Process 10191 attached [pid 10177] +++ exited with 0 +++ [pid 10176] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10176, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 10191] set_robust_list(0x5555557b6760, 24) = 0 [pid 298] umount2("./395", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10191] chdir("./395" [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10191] <... chdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "./395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10191] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] <... openat resumed>) = 3 [pid 10191] <... prctl resumed>) = 0 [pid 10171] <... futex resumed>) = 1 [pid 10169] <... futex resumed>) = 0 [pid 298] newfstatat(3, "", [pid 10169] exit_group(0 [pid 10191] setpgid(0, 0 [pid 10171] ????( [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10191] <... setpgid resumed>) = 0 [pid 10187] <... futex resumed>) = ? [pid 10171] <... ???? resumed>) = ? [pid 10169] <... exit_group resumed>) = ? [pid 298] getdents64(3, [pid 10187] +++ exited with 0 +++ [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] umount2("./395/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10191] <... openat resumed>) = 3 [pid 298] newfstatat(AT_FDCWD, "./395/binderfs", [pid 10191] write(3, "1000", 4 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10191] <... write resumed>) = 4 [pid 298] unlink("./395/binderfs" [pid 10171] +++ exited with 0 +++ [pid 10169] +++ exited with 0 +++ [pid 298] <... unlink resumed>) = 0 [pid 10191] close(3 [pid 298] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10191] <... close resumed>) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10169, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 10191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10191] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./395", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10191] <... futex resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10191] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 296] openat(AT_FDCWD, "./395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10191] <... rt_sigaction resumed>NULL, 8) = 0 [pid 296] <... openat resumed>) = 3 [pid 10191] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 296] newfstatat(3, "", [pid 10191] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] getdents64(3, [pid 10191] <... mmap resumed>) = 0x7fe45c3ca000 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10191] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 296] umount2("./395/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10191] <... mprotect resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10191] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] newfstatat(AT_FDCWD, "./395/binderfs", [pid 10191] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10191] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 296] unlink("./395/binderfs") = 0 [pid 10191] <... clone3 resumed> => {parent_tid=[10194]}, 88) = 10194 [pid 296] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10191] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10191] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10194 attached [pid 10194] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10194] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10194] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10191] <... futex resumed>) = 0 [pid 10191] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10191] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10194] <... futex resumed>) = 1 [pid 10194] memfd_create("syzkaller", 0) = 3 [pid 10194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10178] <... mount resumed>) = 0 [pid 10178] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10178] chdir("./file0") = 0 [pid 10178] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10178] ioctl(4, LOOP_CLR_FD) = 0 [pid 10178] close(4) = 0 [pid 10178] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10175] <... futex resumed>) = 0 [pid 10175] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10175] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10178] <... futex resumed>) = 1 [pid 10178] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10178] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10175] <... futex resumed>) = 0 [pid 10178] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10175] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10175] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10178] <... write resumed>) = 16 [pid 10175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10178] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10175] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10178] <... futex resumed>) = 0 [pid 10178] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10175] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10195]}, 88) = 10195 [pid 10175] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10175] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10175] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10195 attached [pid 10195] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10195] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10195] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10195] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10175] <... futex resumed>) = 0 [pid 10175] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10178] <... futex resumed>) = 0 [pid 10175] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10178] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10194] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10178] <... mmap resumed>) = 0x20000000 [pid 10178] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10175] <... futex resumed>) = 0 [pid 10178] <... futex resumed>) = 1 [pid 10175] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10175] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10195] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10194] <... write resumed>) = 1048576 [pid 10194] munmap(0x7fe453fca000, 138412032) = 0 [pid 10194] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10194] ioctl(4, LOOP_SET_FD, 3 [pid 10178] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10178] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10178] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10175] <... futex resumed>) = 0 [pid 10175] exit_group(0 [pid 10195] <... futex resumed>) = ? [pid 10175] <... exit_group resumed>) = ? [pid 10195] +++ exited with 0 +++ [pid 10178] <... futex resumed>) = ? [pid 10178] +++ exited with 0 +++ [pid 10175] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10175, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] umount2("./389", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./389/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./389/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./389/binderfs") = 0 [pid 299] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10194] <... ioctl resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./393/file0", [pid 10194] close(3 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10194] <... close resumed>) = 0 [pid 295] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10194] close(4 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./393/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./393/file0") = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./393") = 0 [pid 295] mkdir("./394", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10196 ./strace-static-x86_64: Process 10196 attached [pid 10196] set_robust_list(0x5555557b6760, 24) = 0 [pid 10196] chdir("./394") = 0 [pid 298] <... umount2 resumed>) = 0 [pid 10196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10196] setpgid(0, 0) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 298] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10196] <... openat resumed>) = 3 [pid 10196] write(3, "1000", 4) = 4 [pid 10196] close(3) = 0 [pid 10196] symlink("/dev/binderfs", "./binderfs" [pid 298] newfstatat(AT_FDCWD, "./395/file0", [pid 296] newfstatat(AT_FDCWD, "./395/file0", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./395/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10196] <... symlink resumed>) = 0 [pid 10196] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10196] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10196] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10196] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 298] openat(AT_FDCWD, "./395/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... openat resumed>) = 4 [pid 298] <... openat resumed>) = 4 [pid 296] newfstatat(4, "", [pid 10196] <... mprotect resumed>) = 0 [pid 298] newfstatat(4, "", [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, [pid 10196] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] getdents64(4, [pid 10196] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10196] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, [pid 10196] <... clone3 resumed> => {parent_tid=[10197]}, 88) = 10197 [pid 298] getdents64(4, [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10196] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] close(4 [pid 296] close(4 [pid 10196] <... futex resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 10196] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] rmdir("./395/file0" [pid 296] rmdir("./395/file0"./strace-static-x86_64: Process 10197 attached [pid 298] <... rmdir resumed>) = 0 [pid 298] getdents64(3, [pid 296] <... rmdir resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./395") = 0 [pid 298] mkdir("./396", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10194] <... close resumed>) = 0 [pid 10197] set_robust_list(0x7fe45c3ea9a0, 24 [pid 299] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] getdents64(3, [pid 10194] mkdir("./file0", 0777 [pid 10197] <... set_robust_list resumed>) = 0 [pid 10194] <... mkdir resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10197] rt_sigprocmask(SIG_SETMASK, [], [pid 10194] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 299] newfstatat(AT_FDCWD, "./389/file0", [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10198 [pid 296] close(3 [pid 10197] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] <... close resumed>) = 0 [pid 10197] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] rmdir("./395" [pid 10197] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 299] umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10198 attached ) = -1 EINVAL (Invalid argument) [pid 296] <... rmdir resumed>) = 0 [pid 10197] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] openat(AT_FDCWD, "./389/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10198] set_robust_list(0x5555557b6760, 24 [pid 10197] <... futex resumed>) = 1 [pid 10196] <... futex resumed>) = 0 [pid 296] mkdir("./396", 0777 [pid 10198] <... set_robust_list resumed>) = 0 [pid 10197] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10196] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 4 [pid 10198] chdir("./396" [pid 10197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10196] <... futex resumed>) = 0 [pid 299] newfstatat(4, "", [pid 296] <... mkdir resumed>) = 0 [pid 10198] <... chdir resumed>) = 0 [pid 10196] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10198] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10197] memfd_create("syzkaller", 0 [pid 299] getdents64(4, [pid 296] <... openat resumed>) = 3 [pid 10198] <... prctl resumed>) = 0 [pid 10197] <... memfd_create resumed>) = 3 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] ioctl(3, LOOP_CLR_FD [pid 10198] setpgid(0, 0 [pid 10197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] getdents64(4, [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10198] <... setpgid resumed>) = 0 [pid 10197] <... mmap resumed>) = 0x7fe453fca000 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(3 [pid 299] close(4 [pid 296] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] rmdir("./389/file0" [pid 10198] <... openat resumed>) = 3 [pid 299] <... rmdir resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10199 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10198] write(3, "1000", 4 [pid 299] close(3) = 0 [pid 299] rmdir("./389" [pid 10198] <... write resumed>) = 4 [pid 299] <... rmdir resumed>) = 0 [pid 299] mkdir("./390", 0777 [pid 10198] close(3 [pid 299] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10198] <... close resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 10198] symlink("/dev/binderfs", "./binderfs" [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 10198] <... symlink resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10198] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10200 [pid 10198] <... futex resumed>) = 0 [pid 10198] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 ./strace-static-x86_64: Process 10200 attached [pid 10198] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10200] set_robust_list(0x5555557b6760, 24 [pid 10198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10200] <... set_robust_list resumed>) = 0 [pid 10200] chdir("./390" [pid 10198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10200] <... chdir resumed>) = 0 [pid 10198] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10198] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10200] setpgid(0, 0) = 0 [pid 10198] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10198] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10200] <... openat resumed>) = 3 [pid 10198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10200] write(3, "1000", 4 [pid 10198] <... clone3 resumed> => {parent_tid=[10201]}, 88) = 10201 [pid 10200] <... write resumed>) = 4 [pid 10200] close(3) = 0 [pid 10200] symlink("/dev/binderfs", "./binderfs" [pid 10198] rt_sigprocmask(SIG_SETMASK, [], [pid 10200] <... symlink resumed>) = 0 [pid 10198] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 10199 attached [pid 10200] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10200] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10198] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10199] set_robust_list(0x5555557b6760, 24 [pid 10198] <... futex resumed>) = 0 [pid 10200] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10198] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10200] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10200] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10199] <... set_robust_list resumed>) = 0 [pid 10200] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10199] chdir("./396" [pid 10200] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10199] <... chdir resumed>) = 0 [pid 10200] <... clone3 resumed> => {parent_tid=[10202]}, 88) = 10202 [pid 10200] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 142.253265][T10178] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 142.259159][T10194] loop2: detected capacity change from 0 to 2048 [pid 10200] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10200] <... futex resumed>) = 0 [pid 10200] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10201 attached [pid 10201] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10201] rt_sigprocmask(SIG_SETMASK, [], [pid 10199] setpgid(0, 0 [pid 10201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10201] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10201] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10199] <... setpgid resumed>) = 0 [pid 10199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10198] <... futex resumed>) = 0 [pid 10198] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10199] <... openat resumed>) = 3 [pid 10198] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10201] <... futex resumed>) = 1 [pid 10199] write(3, "1000", 4 [pid 10201] memfd_create("syzkaller", 0) = 3 [pid 10201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10199] <... write resumed>) = 4 [pid 10199] close(3) = 0 ./strace-static-x86_64: Process 10202 attached [pid 10201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10197] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10199] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10199] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10199] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10199] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10199] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10203]}, 88) = 10203 [pid 10199] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10199] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10199] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10201] <... write resumed>) = 1048576 [pid 10201] munmap(0x7fe453fca000, 138412032) = 0 [pid 10201] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10201] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 10203 attached [pid 10203] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10203] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10203] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10199] <... futex resumed>) = 0 [pid 10199] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10199] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10203] <... futex resumed>) = 1 [pid 10202] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10203] memfd_create("syzkaller", 0) = 3 [pid 10203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10202] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10202] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10202] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10197] <... write resumed>) = 1048576 [pid 10202] <... futex resumed>) = 1 [pid 10200] <... futex resumed>) = 0 [pid 10197] munmap(0x7fe453fca000, 138412032 [pid 10200] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10200] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10202] memfd_create("syzkaller", 0) = 3 [pid 10202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10197] <... munmap resumed>) = 0 [pid 10194] <... mount resumed>) = 0 [pid 10194] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10194] chdir("./file0") = 0 [pid 10194] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10194] ioctl(4, LOOP_CLR_FD) = 0 [pid 10194] close(4) = 0 [pid 10194] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10191] <... futex resumed>) = 0 [pid 10194] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10191] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10194] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10191] <... futex resumed>) = 0 [pid 10194] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10191] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10194] <... openat resumed>) = 4 [pid 10194] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10191] <... futex resumed>) = 0 [pid 10194] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10191] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10194] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10194] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10191] <... futex resumed>) = 0 [pid 10194] <... write resumed>) = 16 [pid 10191] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10194] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10191] <... futex resumed>) = 0 [pid 10194] <... futex resumed>) = 0 [pid 10191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10194] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10191] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10191] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10197] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10191] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10191] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10206]}, 88) = 10206 [pid 10191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10191] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10191] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10197] <... openat resumed>) = 4 [pid 10197] ioctl(4, LOOP_SET_FD, 3 [pid 10203] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10201] <... ioctl resumed>) = 0 [pid 10201] close(3) = 0 [pid 10201] close(4 [pid 10203] <... write resumed>) = 1048576 [pid 10203] munmap(0x7fe453fca000, 138412032) = 0 [pid 10203] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10203] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 10206 attached [pid 10206] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10206] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10203] <... ioctl resumed>) = 0 [pid 10203] close(3) = 0 [pid 10203] close(4 [pid 10197] <... ioctl resumed>) = 0 [pid 10206] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10197] close(3) = 0 [pid 10197] close(4 [pid 10206] <... write resumed>) = 16 [pid 10206] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10191] <... futex resumed>) = 0 [pid 10202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10191] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10194] <... futex resumed>) = 0 [pid 10191] <... futex resumed>) = 1 [pid 10194] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10191] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10194] <... mmap resumed>) = 0x20000000 [ 142.337733][T10201] loop3: detected capacity change from 0 to 2048 [ 142.361550][T10197] loop0: detected capacity change from 0 to 2048 [ 142.369526][T10203] loop1: detected capacity change from 0 to 2048 [pid 10194] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10191] <... futex resumed>) = 0 [pid 10194] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10191] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10194] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10191] <... futex resumed>) = 0 [pid 10191] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10206] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10202] <... write resumed>) = 1048576 [pid 10202] munmap(0x7fe453fca000, 138412032) = 0 [pid 10202] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10202] ioctl(4, LOOP_SET_FD, 3 [pid 10194] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10194] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10194] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10191] <... futex resumed>) = 0 [pid 10191] exit_group(0 [pid 10206] <... futex resumed>) = ? [pid 10191] <... exit_group resumed>) = ? [pid 10206] +++ exited with 0 +++ [pid 10194] <... futex resumed>) = ? [pid 10194] +++ exited with 0 +++ [pid 10191] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10191, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./395", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10202] <... ioctl resumed>) = 0 [pid 297] getdents64(3, [pid 10202] close(3) = 0 [pid 10202] close(4 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./395/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./395/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./395/binderfs") = 0 [pid 297] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10203] <... close resumed>) = 0 [pid 10201] <... close resumed>) = 0 [pid 10197] <... close resumed>) = 0 [pid 10203] mkdir("./file0", 0777 [pid 10201] mkdir("./file0", 0777 [pid 10197] mkdir("./file0", 0777 [pid 10203] <... mkdir resumed>) = 0 [pid 10203] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10201] <... mkdir resumed>) = 0 [pid 10202] <... close resumed>) = 0 [pid 10197] <... mkdir resumed>) = 0 [pid 10202] mkdir("./file0", 0777 [pid 10201] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10197] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10202] <... mkdir resumed>) = 0 [pid 10202] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10197] <... mount resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 10197] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 297] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10197] <... openat resumed>) = 3 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10197] chdir("./file0" [pid 297] newfstatat(AT_FDCWD, "./395/file0", [pid 10197] <... chdir resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10197] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 297] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10197] <... openat resumed>) = 4 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10197] ioctl(4, LOOP_CLR_FD [pid 297] openat(AT_FDCWD, "./395/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10197] <... ioctl resumed>) = 0 [pid 297] <... openat resumed>) = 4 [pid 10197] close(4 [pid 297] newfstatat(4, "", [pid 10197] <... close resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10197] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(4, [pid 10197] <... futex resumed>) = 1 [pid 10196] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10197] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10196] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(4, [pid 10197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10196] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10197] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10196] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] close(4) = 0 [pid 297] rmdir("./395/file0" [pid 10197] <... openat resumed>) = 4 [pid 297] <... rmdir resumed>) = 0 [pid 10197] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(3, [pid 10197] <... futex resumed>) = 1 [pid 10196] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10197] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10196] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] close(3 [pid 10197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10196] <... futex resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 10197] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10196] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] rmdir("./395" [pid 10197] <... write resumed>) = 16 [pid 10196] <... futex resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 10197] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] mkdir("./396", 0777 [pid 10197] <... futex resumed>) = 0 [pid 10196] <... mmap resumed>) = 0x7fe45c3a9000 [pid 297] <... mkdir resumed>) = 0 [pid 10197] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10196] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10196] <... mprotect resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 10196] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] ioctl(3, LOOP_CLR_FD [pid 10196] <... rt_sigprocmask resumed>[], 8) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10196] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 297] close(3) = 0 ./strace-static-x86_64: Process 10209 attached [pid 10196] <... clone3 resumed> => {parent_tid=[10209]}, 88) = 10209 [pid 10203] <... mount resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10202] <... mount resumed>) = 0 [pid 10209] set_robust_list(0x7fe45c3c99a0, 24 [pid 10203] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10202] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10196] rt_sigprocmask(SIG_SETMASK, [], [pid 10203] <... openat resumed>) = 3 [pid 10202] <... openat resumed>) = 3 [pid 10196] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10214 [pid 10209] <... set_robust_list resumed>) = 0 [pid 10203] chdir("./file0" [pid 10202] chdir("./file0" [pid 10196] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10203] <... chdir resumed>) = 0 [pid 10202] <... chdir resumed>) = 0 [pid 10196] <... futex resumed>) = 0 [pid 10209] rt_sigprocmask(SIG_SETMASK, [], [pid 10203] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10202] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10196] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10209] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10203] <... openat resumed>) = 4 [pid 10202] <... openat resumed>) = 4 ./strace-static-x86_64: Process 10214 attached [pid 10203] ioctl(4, LOOP_CLR_FD [pid 10202] ioctl(4, LOOP_CLR_FD [pid 10203] <... ioctl resumed>) = 0 [pid 10202] <... ioctl resumed>) = 0 [pid 10203] close(4 [pid 10202] close(4 [pid 10203] <... close resumed>) = 0 [pid 10202] <... close resumed>) = 0 [pid 10209] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10203] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10202] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10203] <... futex resumed>) = 1 [pid 10202] <... futex resumed>) = 1 [pid 10200] <... futex resumed>) = 0 [pid 10199] <... futex resumed>) = 0 [pid 10203] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10202] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10200] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10199] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10200] <... futex resumed>) = 0 [pid 10199] <... futex resumed>) = 0 [pid 10209] <... write resumed>) = 16 [pid 10203] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10202] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 142.379340][T10194] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 142.390295][T10202] loop4: detected capacity change from 0 to 2048 [pid 10200] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10199] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10214] set_robust_list(0x5555557b6760, 24 [pid 10209] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10203] <... openat resumed>) = 4 [pid 10202] <... openat resumed>) = 4 [pid 10202] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10200] <... futex resumed>) = 0 [pid 10202] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10200] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10200] <... futex resumed>) = 0 [pid 10202] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10200] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10202] <... write resumed>) = 16 [pid 10200] <... futex resumed>) = 0 [pid 10202] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10202] <... futex resumed>) = 0 [pid 10200] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10202] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10200] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10200] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10214] <... set_robust_list resumed>) = 0 [pid 10209] <... futex resumed>) = 1 [pid 10203] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10200] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10196] <... futex resumed>) = 0 [pid 10209] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10203] <... futex resumed>) = 1 [pid 10200] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10199] <... futex resumed>) = 0 [pid 10196] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10203] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10199] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10197] <... futex resumed>) = 0 [pid 10196] <... futex resumed>) = 1 [pid 10203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10200] <... clone3 resumed> => {parent_tid=[10215]}, 88) = 10215 [pid 10199] <... futex resumed>) = 0 [pid 10197] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10196] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10214] chdir("./396" [pid 10203] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10200] rt_sigprocmask(SIG_SETMASK, [], [pid 10199] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10197] <... mmap resumed>) = 0x20000000 [pid 10214] <... chdir resumed>) = 0 [pid 10200] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10199] <... futex resumed>) = 0 [pid 10197] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10214] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10200] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10197] <... futex resumed>) = 1 [pid 10196] <... futex resumed>) = 0 [pid 10214] <... prctl resumed>) = 0 [pid 10200] <... futex resumed>) = 0 [pid 10199] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10197] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10196] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10214] setpgid(0, 0 [pid 10200] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10199] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10196] <... futex resumed>) = 0 [pid 10214] <... setpgid resumed>) = 0 [pid 10203] <... write resumed>) = 16 [pid 10199] <... mprotect resumed>) = 0 [pid 10196] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10203] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10199] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10214] <... openat resumed>) = 3 [pid 10203] <... futex resumed>) = 0 [pid 10199] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10214] write(3, "1000", 4 [pid 10203] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10217 attached ./strace-static-x86_64: Process 10215 attached [pid 10214] <... write resumed>) = 4 [pid 10201] <... mount resumed>) = 0 [pid 10217] set_robust_list(0x7fe45c3c99a0, 24 [pid 10215] set_robust_list(0x7fe45c3c99a0, 24 [pid 10201] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10199] <... clone3 resumed> => {parent_tid=[10217]}, 88) = 10217 [pid 10217] <... set_robust_list resumed>) = 0 [pid 10215] <... set_robust_list resumed>) = 0 [pid 10201] <... openat resumed>) = 3 [pid 10199] rt_sigprocmask(SIG_SETMASK, [], [pid 10217] rt_sigprocmask(SIG_SETMASK, [], [pid 10215] rt_sigprocmask(SIG_SETMASK, [], [pid 10201] chdir("./file0" [pid 10199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10217] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10214] close(3 [pid 10201] <... chdir resumed>) = 0 [pid 10200] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10199] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10197] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10217] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10215] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10214] <... close resumed>) = 0 [pid 10201] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10200] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10199] <... futex resumed>) = 0 [pid 10197] sendfile(-1, -1, [0] [pid 10217] <... write resumed>) = 16 [pid 10215] <... write resumed>) = 16 [pid 10214] symlink("/dev/binderfs", "./binderfs" [pid 10202] <... futex resumed>) = 0 [pid 10201] <... openat resumed>) = 4 [pid 10200] <... futex resumed>) = 1 [ 142.452744][T10197] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10199] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10217] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10215] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10214] <... symlink resumed>) = 0 [pid 10202] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10201] ioctl(4, LOOP_CLR_FD [pid 10200] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10197] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10217] <... futex resumed>) = 0 [pid 10215] <... futex resumed>) = 0 [pid 10214] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10202] <... mmap resumed>) = 0x20000000 [pid 10201] <... ioctl resumed>) = 0 [pid 10199] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10203] <... futex resumed>) = 0 [pid 10202] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10201] close(4 [pid 10199] <... futex resumed>) = 1 [pid 10217] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10215] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10214] <... futex resumed>) = 0 [pid 10203] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10202] <... futex resumed>) = 1 [pid 10201] <... close resumed>) = 0 [pid 10200] <... futex resumed>) = 0 [pid 10199] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10197] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10214] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10203] <... mmap resumed>) = 0x20000000 [pid 10202] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10201] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10200] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10197] <... futex resumed>) = 0 [pid 10196] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10203] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10201] <... futex resumed>) = 1 [pid 10200] <... futex resumed>) = 0 [pid 10198] <... futex resumed>) = 0 [pid 10196] exit_group(0 [pid 10214] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10209] <... futex resumed>) = ? [pid 10203] <... futex resumed>) = 1 [pid 10202] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10201] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10200] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10199] <... futex resumed>) = 0 [pid 10198] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10196] <... exit_group resumed>) = ? [pid 10209] +++ exited with 0 +++ [pid 10203] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10202] sendfile(-1, -1, [0] [pid 10201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10199] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10198] <... futex resumed>) = 0 [pid 10197] +++ exited with 0 +++ [pid 10196] +++ exited with 0 +++ [pid 10203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10202] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10201] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10199] <... futex resumed>) = 0 [pid 10198] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10196, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 10214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10214] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10203] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10202] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10201] <... openat resumed>) = 4 [pid 10199] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10203] sendfile(-1, -1, [0] [pid 10202] <... futex resumed>) = 1 [pid 10201] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10200] <... futex resumed>) = 0 [pid 10203] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10202] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10201] <... futex resumed>) = 1 [pid 10200] exit_group(0 [pid 10198] <... futex resumed>) = 0 [pid 10215] <... futex resumed>) = ? [pid 10203] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10202] <... futex resumed>) = ? [pid 10201] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10200] <... exit_group resumed>) = ? [pid 10198] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10215] +++ exited with 0 +++ [pid 10214] <... mprotect resumed>) = 0 [pid 10203] <... futex resumed>) = 1 [pid 10202] +++ exited with 0 +++ [pid 10201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10200] +++ exited with 0 +++ [pid 10199] <... futex resumed>) = 0 [pid 10198] <... futex resumed>) = 0 [pid 10203] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10201] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10199] exit_group(0 [pid 10198] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10200, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10217] <... futex resumed>) = ? [pid 10214] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10203] <... futex resumed>) = ? [pid 10201] <... write resumed>) = 16 [pid 10199] <... exit_group resumed>) = ? [pid 10198] <... futex resumed>) = 0 [pid 10217] +++ exited with 0 +++ [pid 10203] +++ exited with 0 +++ [pid 10201] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10199] +++ exited with 0 +++ [pid 10198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 295] umount2("./394", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10201] <... futex resumed>) = 0 [pid 10198] <... mmap resumed>) = 0x7fe45c3a9000 [pid 299] umount2("./390", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10201] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10198] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10199, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] openat(AT_FDCWD, "./394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10198] <... mprotect resumed>) = 0 [pid 299] openat(AT_FDCWD, "./390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 295] <... openat resumed>) = 3 [pid 10198] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... openat resumed>) = 3 [pid 295] newfstatat(3, "", [pid 10198] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] newfstatat(3, "", [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... restart_syscall resumed>) = 0 [pid 295] getdents64(3, [pid 299] getdents64(3, [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10198] <... clone3 resumed> => {parent_tid=[10219]}, 88) = 10219 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./394/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10214] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10198] rt_sigprocmask(SIG_SETMASK, [], [pid 299] umount2("./390/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./396", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./394/binderfs", [pid 10198] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(AT_FDCWD, "./390/binderfs", [pid 296] openat(AT_FDCWD, "./396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10198] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... openat resumed>) = 3 [pid 295] unlink("./394/binderfs" [pid 10198] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] unlink("./390/binderfs" [pid 296] newfstatat(3, "", [pid 295] <... unlink resumed>) = 0 [pid 10214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 299] <... unlink resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] getdents64(3, [pid 10214] <... clone3 resumed> => {parent_tid=[10220]}, 88) = 10220 [pid 299] <... umount2 resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] <... umount2 resumed>) = 0 [pid 10214] rt_sigprocmask(SIG_SETMASK, [], [pid 299] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./396/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10214] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(AT_FDCWD, "./390/file0", [pid 296] newfstatat(AT_FDCWD, "./396/binderfs", [pid 295] newfstatat(AT_FDCWD, "./394/file0", [pid 10214] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10214] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] unlink("./396/binderfs" [pid 295] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... unlink resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./390/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] openat(AT_FDCWD, "./394/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 10220 attached ./strace-static-x86_64: Process 10219 attached [pid 299] <... openat resumed>) = 4 [pid 295] <... openat resumed>) = 4 [pid 10220] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10219] set_robust_list(0x7fe45c3c99a0, 24 [pid 299] newfstatat(4, "", [pid 295] newfstatat(4, "", [pid 10220] <... set_robust_list resumed>) = 0 [pid 10219] <... set_robust_list resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10220] rt_sigprocmask(SIG_SETMASK, [], [pid 10219] rt_sigprocmask(SIG_SETMASK, [], [pid 299] getdents64(4, [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10219] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, [pid 10220] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10219] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 299] getdents64(4, [pid 10220] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10219] <... write resumed>) = 16 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10220] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10219] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] close(4 [pid 295] getdents64(4, [pid 10220] <... futex resumed>) = 1 [pid 10219] <... futex resumed>) = 1 [pid 10214] <... futex resumed>) = 0 [pid 10198] <... futex resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10220] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10219] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10214] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10198] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] rmdir("./390/file0" [pid 295] close(4 [pid 10220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10214] <... futex resumed>) = 0 [pid 10201] <... futex resumed>) = 0 [pid 10198] <... futex resumed>) = 1 [pid 10214] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10201] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10198] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... rmdir resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 10220] memfd_create("syzkaller", 0 [pid 10201] <... mmap resumed>) = 0x20000000 [pid 299] getdents64(3, [pid 295] rmdir("./394/file0" [pid 10220] <... memfd_create resumed>) = 3 [pid 10201] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10201] <... futex resumed>) = 1 [pid 10198] <... futex resumed>) = 0 [pid 299] close(3 [pid 295] <... rmdir resumed>) = 0 [ 142.523243][T10202] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 142.542993][T10203] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10201] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10198] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] <... close resumed>) = 0 [pid 295] getdents64(3, [pid 10198] <... futex resumed>) = 0 [pid 10220] <... mmap resumed>) = 0x7fe453fca000 [pid 10220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10220] munmap(0x7fe453fca000, 138412032) = 0 [pid 10220] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10220] ioctl(4, LOOP_SET_FD, 3 [pid 10201] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10198] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] rmdir("./390" [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 295] close(3) = 0 [pid 299] mkdir("./391", 0777 [pid 295] rmdir("./394" [pid 299] <... mkdir resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 295] mkdir("./395", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10201] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10201] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10198] <... futex resumed>) = 0 [pid 10198] exit_group(0 [pid 10219] <... futex resumed>) = ? [pid 10198] <... exit_group resumed>) = ? [pid 10219] +++ exited with 0 +++ [pid 10201] <... futex resumed>) = ? [pid 10220] <... ioctl resumed>) = 0 [pid 10220] close(3) = 0 [pid 10201] +++ exited with 0 +++ [pid 10198] +++ exited with 0 +++ [pid 10220] close(4 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10198, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 10220] <... close resumed>) = 0 [pid 10220] mkdir("./file0", 0777) = 0 [pid 10220] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] umount2("./396", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./396/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./396/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./396/binderfs") = 0 [pid 298] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 295] ioctl(3, LOOP_CLR_FD [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 295] close(3 [pid 299] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10221 [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10222 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 10221 attached [pid 296] newfstatat(AT_FDCWD, "./396/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10221] set_robust_list(0x5555557b6760, 24) = 0 [pid 10221] chdir("./391") = 0 [pid 10221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10221] setpgid(0, 0) = 0 [pid 296] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./396/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", [pid 10221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10221] <... openat resumed>) = 3 [pid 10221] write(3, "1000", 4) = 4 [pid 10221] close(3) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10221] symlink("/dev/binderfs", "./binderfs" [pid 296] close(4) = 0 [pid 296] rmdir("./396/file0") = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10221] <... symlink resumed>) = 0 [pid 10221] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10221] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10221] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10221] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10221] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./396"./strace-static-x86_64: Process 10222 attached ) = 0 [pid 296] mkdir("./397", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10223 [pid 10221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10224]}, 88) = 10224 [pid 10221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10221] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10221] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10222] set_robust_list(0x5555557b6760, 24) = 0 ./strace-static-x86_64: Process 10224 attached ./strace-static-x86_64: Process 10223 attached [pid 10222] chdir("./395") = 0 [pid 10224] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10223] set_robust_list(0x5555557b6760, 24 [pid 10224] <... set_robust_list resumed>) = 0 [pid 10223] <... set_robust_list resumed>) = 0 [pid 10222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10224] rt_sigprocmask(SIG_SETMASK, [], [pid 10223] chdir("./397" [pid 10222] setpgid(0, 0 [pid 10224] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10223] <... chdir resumed>) = 0 [pid 10222] <... setpgid resumed>) = 0 [pid 10224] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10223] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10224] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [ 142.585264][T10201] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 142.596756][T10220] loop2: detected capacity change from 0 to 2048 [pid 10223] <... prctl resumed>) = 0 [pid 10222] write(3, "1000", 4 [pid 10224] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10223] setpgid(0, 0 [pid 10222] <... write resumed>) = 4 [pid 10224] <... futex resumed>) = 1 [pid 10223] <... setpgid resumed>) = 0 [pid 10222] close(3 [pid 10224] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10222] <... close resumed>) = 0 [pid 10221] <... futex resumed>) = 0 [pid 10220] <... mount resumed>) = 0 [pid 10223] <... openat resumed>) = 3 [pid 10222] symlink("/dev/binderfs", "./binderfs" [pid 10221] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10220] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10224] <... futex resumed>) = 0 [pid 10223] write(3, "1000", 4 [pid 10222] <... symlink resumed>) = 0 [pid 10221] <... futex resumed>) = 1 [pid 10220] <... openat resumed>) = 3 [pid 10224] memfd_create("syzkaller", 0 [pid 10223] <... write resumed>) = 4 [pid 10222] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10221] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10220] chdir("./file0" [pid 10224] <... memfd_create resumed>) = 3 [pid 10223] close(3 [pid 10222] <... futex resumed>) = 0 [pid 10220] <... chdir resumed>) = 0 [pid 10224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10223] <... close resumed>) = 0 [pid 10222] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10220] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10224] <... mmap resumed>) = 0x7fe453fca000 [pid 10223] symlink("/dev/binderfs", "./binderfs" [pid 10222] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10220] <... openat resumed>) = 4 [pid 10223] <... symlink resumed>) = 0 [pid 10222] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10220] ioctl(4, LOOP_CLR_FD [pid 10223] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10220] <... ioctl resumed>) = 0 [pid 10223] <... futex resumed>) = 0 [pid 10222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10220] close(4 [pid 10223] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10222] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10220] <... close resumed>) = 0 [pid 10223] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10222] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10220] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10223] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10222] <... mprotect resumed>) = 0 [pid 10220] <... futex resumed>) = 1 [pid 10214] <... futex resumed>) = 0 [pid 10223] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10222] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10220] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10214] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10222] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10214] <... futex resumed>) = 0 [pid 10223] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10222] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10220] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10214] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10223] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10222] <... clone3 resumed> => {parent_tid=[10227]}, 88) = 10227 [pid 10220] <... openat resumed>) = 4 [pid 10223] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10222] rt_sigprocmask(SIG_SETMASK, [], [pid 10220] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10223] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10220] <... futex resumed>) = 1 [pid 10214] <... futex resumed>) = 0 [pid 10223] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10222] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10220] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10214] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10222] <... futex resumed>) = 0 [pid 10220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10214] <... futex resumed>) = 0 [pid 10223] <... clone3 resumed> => {parent_tid=[10228]}, 88) = 10228 [pid 10222] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10220] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10214] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10223] rt_sigprocmask(SIG_SETMASK, [], [pid 10220] <... write resumed>) = 16 [pid 10214] <... futex resumed>) = 0 [pid 10223] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10220] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10223] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10220] <... futex resumed>) = 0 [pid 10214] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10223] <... futex resumed>) = 0 [pid 10220] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10214] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10214] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 10228 attached ./strace-static-x86_64: Process 10227 attached [pid 10223] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10214] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] <... umount2 resumed>) = 0 [pid 10228] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10227] set_robust_list(0x7fe45c3ea9a0, 24 [pid 298] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10228] <... set_robust_list resumed>) = 0 [pid 10227] <... set_robust_list resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10228] rt_sigprocmask(SIG_SETMASK, [], [pid 10227] rt_sigprocmask(SIG_SETMASK, [], [pid 298] newfstatat(AT_FDCWD, "./396/file0", [pid 10228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10227] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10228] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10227] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 298] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10228] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10227] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10228] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10227] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] openat(AT_FDCWD, "./396/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10228] <... futex resumed>) = 1 [pid 10227] <... futex resumed>) = 1 [pid 10223] <... futex resumed>) = 0 [pid 10222] <... futex resumed>) = 0 [pid 298] <... openat resumed>) = 4 [pid 10228] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10227] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10223] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10222] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] newfstatat(4, "", [pid 10228] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10223] <... futex resumed>) = 0 [pid 10222] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10228] memfd_create("syzkaller", 0 [pid 10227] memfd_create("syzkaller", 0 [pid 10223] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10222] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10214] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] getdents64(4, [pid 10228] <... memfd_create resumed>) = 3 [pid 10227] <... memfd_create resumed>) = 3 [pid 10214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] getdents64(4, [pid 10228] <... mmap resumed>) = 0x7fe453fca000 [pid 10227] <... mmap resumed>) = 0x7fe453fca000 [pid 10214] <... clone3 resumed> => {parent_tid=[10229]}, 88) = 10229 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 10229 attached [pid 10224] <... write resumed>) = 1048576 [pid 10214] rt_sigprocmask(SIG_SETMASK, [], [pid 10229] set_robust_list(0x7fe45c3c99a0, 24 [pid 10224] munmap(0x7fe453fca000, 138412032 [pid 10214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10229] <... set_robust_list resumed>) = 0 [pid 10224] <... munmap resumed>) = 0 [pid 10214] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10229] rt_sigprocmask(SIG_SETMASK, [], [pid 10224] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10214] <... futex resumed>) = 0 [pid 10229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10224] <... openat resumed>) = 4 [pid 10214] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10229] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10224] ioctl(4, LOOP_SET_FD, 3 [pid 10229] <... write resumed>) = 16 [pid 10229] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10227] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 298] close(4 [pid 10229] <... futex resumed>) = 1 [pid 10227] <... write resumed>) = 1048576 [pid 10224] <... ioctl resumed>) = 0 [pid 10214] <... futex resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 10229] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10224] close(3 [pid 10214] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] rmdir("./396/file0" [pid 10228] <... write resumed>) = 1048576 [pid 10227] munmap(0x7fe453fca000, 138412032 [pid 10224] <... close resumed>) = 0 [pid 10220] <... futex resumed>) = 0 [pid 10214] <... futex resumed>) = 1 [pid 10228] munmap(0x7fe453fca000, 138412032 [pid 10227] <... munmap resumed>) = 0 [pid 10224] close(4 [pid 10220] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10214] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... rmdir resumed>) = 0 [pid 10228] <... munmap resumed>) = 0 [pid 10227] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10220] <... mmap resumed>) = 0x20000000 [pid 10228] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10220] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10228] <... openat resumed>) = 4 [pid 10220] <... futex resumed>) = 1 [pid 10214] <... futex resumed>) = 0 [pid 298] getdents64(3, [pid 10227] <... openat resumed>) = 4 [pid 10228] ioctl(4, LOOP_SET_FD, 3 [pid 10220] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10214] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10228] <... ioctl resumed>) = 0 [pid 10227] ioctl(4, LOOP_SET_FD, 3 [pid 10220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10214] <... futex resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10214] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10228] close(3) = 0 [pid 10228] close(4 [pid 10220] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10220] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10220] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10214] <... futex resumed>) = 0 [pid 10214] exit_group(0 [pid 10229] <... futex resumed>) = ? [pid 10214] <... exit_group resumed>) = ? [pid 10229] +++ exited with 0 +++ [pid 10220] <... futex resumed>) = ? [pid 10220] +++ exited with 0 +++ [pid 10214] +++ exited with 0 +++ [pid 298] close(3) = 0 [pid 298] rmdir("./396") = 0 [pid 298] mkdir("./397", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10214, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 10227] <... ioctl resumed>) = 0 [pid 10227] close(3 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10227] <... close resumed>) = 0 [pid 10227] close(4./strace-static-x86_64: Process 10230 attached [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10230 [pid 10230] set_robust_list(0x5555557b6760, 24) = 0 [pid 10230] chdir("./397") = 0 [pid 10230] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] umount2("./396", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10230] <... prctl resumed>) = 0 [pid 10230] setpgid(0, 0) = 0 [pid 10230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10230] <... openat resumed>) = 3 [pid 297] openat(AT_FDCWD, "./396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10230] write(3, "1000", 4) = 4 [pid 10230] close(3) = 0 [pid 10230] symlink("/dev/binderfs", "./binderfs" [pid 297] <... openat resumed>) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, [pid 10230] <... symlink resumed>) = 0 [pid 10230] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10230] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10230] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10230] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10230] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 297] umount2("./396/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10230] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 297] newfstatat(AT_FDCWD, "./396/binderfs", [pid 10230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./396/binderfs" [pid 10230] <... clone3 resumed> => {parent_tid=[10231]}, 88) = 10231 ./strace-static-x86_64: Process 10231 attached [pid 10231] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10231] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10231] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10230] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... unlink resumed>) = 0 [pid 10230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10230] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10231] <... futex resumed>) = 0 [pid 10230] <... futex resumed>) = 1 [pid 10231] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10231] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10231] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10230] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 10230] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10231] <... futex resumed>) = 0 [pid 10230] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10231] memfd_create("syzkaller", 0) = 3 [pid 10231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10231] munmap(0x7fe453fca000, 138412032) = 0 [pid 10231] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 142.680418][T10224] loop4: detected capacity change from 0 to 2048 [ 142.692789][T10228] loop1: detected capacity change from 0 to 2048 [ 142.699807][T10220] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 142.700021][T10227] loop0: detected capacity change from 0 to 2048 [pid 10231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10224] <... close resumed>) = 0 [pid 10227] <... close resumed>) = 0 [pid 10224] mkdir("./file0", 0777 [pid 10231] close(3 [pid 10227] mkdir("./file0", 0777) = 0 [pid 10224] <... mkdir resumed>) = 0 [pid 10227] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10224] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10231] <... close resumed>) = 0 [pid 10231] close(4 [pid 10228] <... close resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 10228] mkdir("./file0", 0777) = 0 [pid 297] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10228] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./396/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./396/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10227] <... mount resumed>) = 0 [pid 297] <... openat resumed>) = 4 [pid 10227] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 297] newfstatat(4, "", [pid 10227] <... openat resumed>) = 3 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10227] chdir("./file0" [pid 297] getdents64(4, [pid 10227] <... chdir resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10227] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./396/file0" [pid 10227] <... openat resumed>) = 4 [pid 297] <... rmdir resumed>) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./396" [pid 10227] ioctl(4, LOOP_CLR_FD [pid 297] <... rmdir resumed>) = 0 [pid 10227] <... ioctl resumed>) = 0 [pid 297] mkdir("./397", 0777 [pid 10227] close(4 [pid 297] <... mkdir resumed>) = 0 [pid 10227] <... close resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10227] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10227] <... futex resumed>) = 1 [pid 10222] <... futex resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10234 [pid 10227] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10222] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) ./strace-static-x86_64: Process 10234 attached [pid 10234] set_robust_list(0x5555557b6760, 24 [pid 10227] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10222] <... futex resumed>) = 0 [pid 10234] <... set_robust_list resumed>) = 0 [pid 10234] chdir("./397") = 0 [pid 10222] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10234] setpgid(0, 0) = 0 [pid 10234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10227] <... openat resumed>) = 4 [pid 10234] <... openat resumed>) = 3 [pid 10227] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10234] write(3, "1000", 4) = 4 [pid 10234] close(3) = 0 [pid 10234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10234] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10234] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10234] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10234] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10234] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10227] <... futex resumed>) = 1 [pid 10222] <... futex resumed>) = 0 [pid 10234] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10237]}, 88) = 10237 [pid 10234] rt_sigprocmask(SIG_SETMASK, [], [pid 10227] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10222] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10222] <... futex resumed>) = 0 [pid 10234] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10222] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10234] <... futex resumed>) = 0 [pid 10227] <... write resumed>) = 16 [pid 10222] <... futex resumed>) = 0 [pid 10234] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10227] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10227] <... futex resumed>) = 0 [pid 10222] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10222] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 10237 attached [pid 10227] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10222] <... mprotect resumed>) = 0 [pid 10222] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10222] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10237] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10222] <... clone3 resumed> => {parent_tid=[10239]}, 88) = 10239 [pid 10222] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10222] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10222] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10237] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10237] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10234] <... futex resumed>) = 0 [pid 10234] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10234] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10237] <... futex resumed>) = 1 [pid 10237] memfd_create("syzkaller", 0) = 3 [pid 10237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10228] <... mount resumed>) = 0 [pid 10228] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10228] chdir("./file0") = 0 [pid 10228] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 10239 attached [pid 10239] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10239] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10239] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10222] <... futex resumed>) = 0 [pid 10222] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10227] <... futex resumed>) = 0 [pid 10222] <... futex resumed>) = 1 [pid 10227] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10222] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10227] <... mmap resumed>) = 0x20000000 [pid 10227] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10222] <... futex resumed>) = 0 [pid 10239] <... futex resumed>) = 1 [pid 10237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10231] <... close resumed>) = 0 [pid 10228] <... openat resumed>) = 4 [pid 10222] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10239] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10231] mkdir("./file0", 0777 [pid 10228] ioctl(4, LOOP_CLR_FD [pid 10222] <... futex resumed>) = 0 [pid 10231] <... mkdir resumed>) = 0 [pid 10228] <... ioctl resumed>) = 0 [pid 10222] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10231] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10228] close(4) = 0 [pid 10228] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10223] <... futex resumed>) = 0 [pid 10223] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10228] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10224] <... mount resumed>) = 0 [pid 10223] <... futex resumed>) = 0 [pid 10223] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10224] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10224] chdir("./file0" [pid 10228] <... openat resumed>) = 4 [pid 10228] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10224] <... chdir resumed>) = 0 [pid 10228] <... futex resumed>) = 1 [pid 10224] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10223] <... futex resumed>) = 0 [pid 10228] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10224] <... openat resumed>) = 4 [pid 10223] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10228] <... write resumed>) = 16 [pid 10224] ioctl(4, LOOP_CLR_FD [pid 10223] <... futex resumed>) = 0 [pid 10228] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10224] <... ioctl resumed>) = 0 [pid 10223] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10228] <... futex resumed>) = 0 [pid 10224] close(4 [pid 10223] <... futex resumed>) = 0 [pid 10228] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10224] <... close resumed>) = 0 [pid 10223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10224] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10223] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10224] <... futex resumed>) = 1 [pid 10223] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10221] <... futex resumed>) = 0 [pid 10224] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10223] <... mprotect resumed>) = 0 [pid 10221] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10224] <... openat resumed>) = 4 [pid 10223] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10221] <... futex resumed>) = 0 [pid 10224] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10223] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10221] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10224] <... futex resumed>) = 0 [pid 10223] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10224] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10221] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10223] <... clone3 resumed> => {parent_tid=[10242]}, 88) = 10242 [pid 10221] <... futex resumed>) = 0 [pid 10224] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10223] rt_sigprocmask(SIG_SETMASK, [], [pid 10221] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10224] <... write resumed>) = 16 [pid 10223] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10221] <... futex resumed>) = 0 [pid 10224] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10223] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10224] <... futex resumed>) = 0 [pid 10223] <... futex resumed>) = 0 [pid 10221] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10224] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10223] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10221] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10221] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10243]}, 88) = 10243 [pid 10221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10221] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10221] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10242 attached ./strace-static-x86_64: Process 10243 attached [pid 10243] set_robust_list(0x7fe45c3c99a0, 24 [pid 10242] set_robust_list(0x7fe45c3c99a0, 24 [pid 10243] <... set_robust_list resumed>) = 0 [pid 10242] <... set_robust_list resumed>) = 0 [pid 10243] rt_sigprocmask(SIG_SETMASK, [], [pid 10242] rt_sigprocmask(SIG_SETMASK, [], [pid 10243] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10242] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10243] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10242] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10243] <... write resumed>) = 16 [pid 10242] <... write resumed>) = 16 [pid 10243] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10237] <... write resumed>) = 1048576 [pid 10227] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10242] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10237] munmap(0x7fe453fca000, 138412032 [pid 10243] <... futex resumed>) = 1 [pid 10221] <... futex resumed>) = 0 [pid 10243] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10221] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10242] <... futex resumed>) = 1 [pid 10223] <... futex resumed>) = 0 [pid 10223] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10228] <... futex resumed>) = 0 [pid 10224] <... futex resumed>) = 0 [pid 10223] <... futex resumed>) = 1 [pid 10221] <... futex resumed>) = 1 [pid 10224] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10221] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10242] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10228] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [ 142.740331][T10231] loop3: detected capacity change from 0 to 2048 [ 142.775041][T10227] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10227] sendfile(-1, -1, [0] [pid 10224] <... mmap resumed>) = 0x20000000 [pid 10223] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10224] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10224] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10221] <... futex resumed>) = 0 [pid 10221] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10224] <... futex resumed>) = 0 [pid 10221] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10228] <... mmap resumed>) = 0x20000000 [pid 10228] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10223] <... futex resumed>) = 0 [pid 10223] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10223] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10227] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10237] <... munmap resumed>) = 0 [pid 10227] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10222] <... futex resumed>) = 0 [pid 10222] exit_group(0) = ? [pid 10227] <... futex resumed>) = ? [pid 10227] +++ exited with 0 +++ [pid 10237] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10237] ioctl(4, LOOP_SET_FD, 3 [pid 10239] <... futex resumed>) = ? [pid 10237] <... ioctl resumed>) = 0 [pid 10237] close(3) = 0 [pid 10237] close(4 [pid 10239] +++ exited with 0 +++ [pid 10222] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10222, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] umount2("./395", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./395/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./395/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./395/binderfs") = 0 [pid 295] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10224] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10224] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10224] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10224] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10221] <... futex resumed>) = 0 [pid 10221] exit_group(0 [pid 10243] <... futex resumed>) = ? [pid 10228] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10221] <... exit_group resumed>) = ? [pid 10243] +++ exited with 0 +++ [pid 10228] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10228] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10223] <... futex resumed>) = 0 [pid 10223] exit_group(0 [pid 10242] <... futex resumed>) = ? [pid 10223] <... exit_group resumed>) = ? [pid 10242] +++ exited with 0 +++ [pid 10228] <... futex resumed>) = ? [pid 10228] +++ exited with 0 +++ [pid 10223] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10223, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 10224] <... futex resumed>) = ? [pid 10224] +++ exited with 0 +++ [pid 10221] +++ exited with 0 +++ [pid 296] <... restart_syscall resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10221, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./397", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] umount2("./391", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] openat(AT_FDCWD, "./397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... openat resumed>) = 3 [pid 299] openat(AT_FDCWD, "./391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] newfstatat(3, "", [pid 299] <... openat resumed>) = 3 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, [pid 299] newfstatat(3, "", [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] umount2("./397/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] getdents64(3, [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] newfstatat(AT_FDCWD, "./397/binderfs", [pid 299] umount2("./391/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] unlink("./397/binderfs" [pid 299] newfstatat(AT_FDCWD, "./391/binderfs", [pid 296] <... unlink resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./391/binderfs" [pid 296] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... unlink resumed>) = 0 [pid 299] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10237] <... close resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 10237] mkdir("./file0", 0777 [pid 299] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10237] <... mkdir resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10237] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./391/file0", [pid 296] newfstatat(AT_FDCWD, "./397/file0", [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] newfstatat(AT_FDCWD, "./395/file0", [pid 299] umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./397/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] openat(AT_FDCWD, "./391/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... openat resumed>) = 4 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... openat resumed>) = 4 [pid 296] newfstatat(4, "", [pid 295] openat(AT_FDCWD, "./395/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] newfstatat(4, "", [pid 295] <... openat resumed>) = 4 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] newfstatat(4, "", [pid 299] getdents64(4, [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, [pid 299] getdents64(4, [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] getdents64(4, [pid 299] close(4 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] <... close resumed>) = 0 [pid 295] close(4 [pid 299] rmdir("./391/file0" [pid 295] <... close resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 296] getdents64(4, [pid 295] rmdir("./395/file0" [pid 299] getdents64(3, [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] <... rmdir resumed>) = 0 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] getdents64(4, [pid 295] getdents64(3, [pid 299] close(3 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] <... close resumed>) = 0 [pid 295] close(3 [pid 299] rmdir("./391" [pid 296] close(4 [pid 295] <... close resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 296] <... close resumed>) = 0 [ 142.813891][T10224] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 142.815964][T10237] loop2: detected capacity change from 0 to 2048 [ 142.829889][T10228] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 295] rmdir("./395" [pid 299] mkdir("./392", 0777 [pid 296] rmdir("./397/file0" [pid 295] <... rmdir resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 295] mkdir("./396", 0777 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] <... rmdir resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 296] getdents64(3, [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] ioctl(3, LOOP_CLR_FD [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] <... openat resumed>) = 3 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] close(3 [pid 295] ioctl(3, LOOP_CLR_FD [pid 299] close(3 [pid 296] <... close resumed>) = 0 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] <... close resumed>) = 0 [pid 296] rmdir("./397" [pid 295] close(3 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... close resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10246 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10247 [pid 10231] <... mount resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 10231] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 296] mkdir("./398", 0777./strace-static-x86_64: Process 10246 attached [pid 10231] chdir("./file0"./strace-static-x86_64: Process 10247 attached [pid 10246] set_robust_list(0x5555557b6760, 24 [pid 10231] <... chdir resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 10231] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10247] set_robust_list(0x5555557b6760, 24 [pid 10246] <... set_robust_list resumed>) = 0 [pid 10231] <... openat resumed>) = 4 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10247] <... set_robust_list resumed>) = 0 [pid 10246] chdir("./392" [pid 10231] ioctl(4, LOOP_CLR_FD) = 0 [pid 296] <... openat resumed>) = 3 [pid 10231] close(4) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 10231] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10231] <... futex resumed>) = 1 [pid 10230] <... futex resumed>) = 0 [pid 296] close(3 [pid 10231] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10230] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... close resumed>) = 0 [pid 10246] <... chdir resumed>) = 0 [pid 10231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10230] <... futex resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10247] chdir("./396" [pid 10246] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10231] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10230] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10247] <... chdir resumed>) = 0 [pid 10246] <... prctl resumed>) = 0 [pid 10231] <... openat resumed>) = 4 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10248 [pid 10231] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10230] <... futex resumed>) = 0 [pid 10231] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10230] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10230] <... futex resumed>) = 0 [pid 10231] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10230] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10231] <... write resumed>) = 16 [pid 10230] <... futex resumed>) = 0 [pid 10231] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10231] <... futex resumed>) = 0 [pid 10230] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10247] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10246] setpgid(0, 0 [pid 10231] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10230] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10246] <... setpgid resumed>) = 0 [pid 10230] <... mprotect resumed>) = 0 [pid 10247] <... prctl resumed>) = 0 [pid 10230] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10230] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10246] <... openat resumed>) = 3 [pid 10230] <... clone3 resumed> => {parent_tid=[10249]}, 88) = 10249 [pid 10230] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10247] setpgid(0, 0 [pid 10246] write(3, "1000", 4 [pid 10230] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 10249 attached [pid 10246] <... write resumed>) = 4 [pid 10230] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10247] <... setpgid resumed>) = 0 [pid 10246] close(3) = 0 [pid 10246] symlink("/dev/binderfs", "./binderfs" [pid 10249] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10249] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10246] <... symlink resumed>) = 0 [pid 10249] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10246] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10249] <... write resumed>) = 16 [pid 10246] <... futex resumed>) = 0 [pid 10249] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10246] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10230] <... futex resumed>) = 0 [pid 10230] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10231] <... futex resumed>) = 0 [pid 10230] <... futex resumed>) = 1 [pid 10246] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10231] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10230] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10246] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10231] <... mmap resumed>) = 0x20000000 [pid 10246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10231] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10231] <... futex resumed>) = 1 [pid 10230] <... futex resumed>) = 0 [pid 10247] <... openat resumed>) = 3 [pid 10246] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10231] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10230] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10247] write(3, "1000", 4 [pid 10246] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10230] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10248 attached [pid 10249] <... futex resumed>) = 1 [pid 10247] <... write resumed>) = 4 [pid 10246] <... mprotect resumed>) = 0 [pid 10247] close(3 [pid 10246] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10247] <... close resumed>) = 0 [pid 10246] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10247] symlink("/dev/binderfs", "./binderfs" [pid 10246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10247] <... symlink resumed>) = 0 [pid 10247] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10246] <... clone3 resumed> => {parent_tid=[10250]}, 88) = 10250 [pid 10249] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10248] set_robust_list(0x5555557b6760, 24 [pid 10247] <... futex resumed>) = 0 [pid 10246] rt_sigprocmask(SIG_SETMASK, [], [pid 10248] <... set_robust_list resumed>) = 0 [pid 10247] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10248] chdir("./398" [pid 10247] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10246] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10248] <... chdir resumed>) = 0 [pid 10247] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10246] <... futex resumed>) = 0 [pid 10248] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10246] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10248] <... prctl resumed>) = 0 [pid 10247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10248] setpgid(0, 0 [pid 10247] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10248] <... setpgid resumed>) = 0 [pid 10247] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10247] <... mprotect resumed>) = 0 [pid 10248] <... openat resumed>) = 3 [pid 10247] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10248] write(3, "1000", 4 [pid 10247] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10248] <... write resumed>) = 4 [pid 10247] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10248] close(3) = 0 [pid 10247] <... clone3 resumed> => {parent_tid=[10251]}, 88) = 10251 [pid 10248] symlink("/dev/binderfs", "./binderfs" [pid 10247] rt_sigprocmask(SIG_SETMASK, [], [pid 10248] <... symlink resumed>) = 0 [pid 10247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10248] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10247] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10248] <... futex resumed>) = 0 [pid 10247] <... futex resumed>) = 0 [pid 10248] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10247] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10248] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10248] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10248] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10248] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10248] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 10252 attached ./strace-static-x86_64: Process 10251 attached ./strace-static-x86_64: Process 10250 attached [pid 10230] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10252] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10251] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10250] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10248] <... clone3 resumed> => {parent_tid=[10252]}, 88) = 10252 [pid 10252] <... set_robust_list resumed>) = 0 [pid 10251] <... set_robust_list resumed>) = 0 [pid 10250] <... set_robust_list resumed>) = 0 [pid 10248] rt_sigprocmask(SIG_SETMASK, [], [pid 10252] rt_sigprocmask(SIG_SETMASK, [], [pid 10251] rt_sigprocmask(SIG_SETMASK, [], [pid 10250] rt_sigprocmask(SIG_SETMASK, [], [pid 10248] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10248] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10252] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10251] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10250] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10248] <... futex resumed>) = 0 [pid 10231] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10252] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10251] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10250] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10248] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10252] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10251] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10250] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10252] <... futex resumed>) = 0 [pid 10251] <... futex resumed>) = 1 [pid 10250] <... futex resumed>) = 1 [pid 10248] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10247] <... futex resumed>) = 0 [pid 10246] <... futex resumed>) = 0 [pid 10231] sendfile(-1, -1, [0] [pid 10252] memfd_create("syzkaller", 0 [pid 10251] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10250] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10248] <... futex resumed>) = 0 [pid 10247] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10246] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10252] <... memfd_create resumed>) = 3 [pid 10251] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10248] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10247] <... futex resumed>) = 0 [pid 10246] <... futex resumed>) = 0 [pid 10252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10251] memfd_create("syzkaller", 0 [pid 10250] memfd_create("syzkaller", 0 [pid 10247] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10246] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10231] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10252] <... mmap resumed>) = 0x7fe453fca000 [pid 10251] <... memfd_create resumed>) = 3 [pid 10250] <... memfd_create resumed>) = 3 [pid 10252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10231] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10251] <... mmap resumed>) = 0x7fe453fca000 [pid 10250] <... mmap resumed>) = 0x7fe453fca000 [pid 10251] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10231] <... futex resumed>) = 1 [pid 10230] <... futex resumed>) = 0 [pid 10231] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10230] exit_group(0 [pid 10249] <... futex resumed>) = ? [pid 10231] <... futex resumed>) = ? [pid 10230] <... exit_group resumed>) = ? [pid 10249] +++ exited with 0 +++ [pid 10231] +++ exited with 0 +++ [pid 10230] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10230, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] umount2("./397", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 298] <... openat resumed>) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./397/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./397/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./397/binderfs") = 0 [pid 298] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10237] <... mount resumed>) = 0 [pid 10237] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10237] chdir("./file0") = 0 [pid 10237] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10237] ioctl(4, LOOP_CLR_FD) = 0 [ 142.912585][T10231] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10237] close(4 [pid 10252] <... write resumed>) = 1048576 [pid 10251] <... write resumed>) = 1048576 [pid 10250] <... write resumed>) = 1048576 [pid 10237] <... close resumed>) = 0 [pid 10251] munmap(0x7fe453fca000, 138412032 [pid 10250] munmap(0x7fe453fca000, 138412032 [pid 10237] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10251] <... munmap resumed>) = 0 [pid 10250] <... munmap resumed>) = 0 [pid 10237] <... futex resumed>) = 1 [pid 10234] <... futex resumed>) = 0 [pid 10251] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10250] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10237] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10234] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10251] <... openat resumed>) = 4 [pid 10250] <... openat resumed>) = 4 [pid 10237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10234] <... futex resumed>) = 0 [pid 10251] ioctl(4, LOOP_SET_FD, 3 [pid 10250] ioctl(4, LOOP_SET_FD, 3 [pid 10237] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10234] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10252] munmap(0x7fe453fca000, 138412032 [pid 10237] <... openat resumed>) = 4 [pid 10252] <... munmap resumed>) = 0 [pid 10252] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10252] ioctl(4, LOOP_SET_FD, 3 [pid 10251] <... ioctl resumed>) = 0 [pid 10250] <... ioctl resumed>) = 0 [pid 10237] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10234] <... futex resumed>) = 0 [pid 10237] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10234] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10237] <... write resumed>) = 16 [pid 10234] <... futex resumed>) = 0 [pid 10237] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10234] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10237] <... futex resumed>) = 0 [pid 10234] <... futex resumed>) = 0 [pid 10237] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10234] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10255]}, 88) = 10255 [pid 10234] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10234] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10234] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10251] close(3) = 0 [pid 10251] close(4 [pid 10250] close(3) = 0 [pid 10250] close(4./strace-static-x86_64: Process 10255 attached [pid 10255] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10255] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10255] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10234] <... futex resumed>) = 0 [pid 10234] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10237] <... futex resumed>) = 0 [pid 10234] <... futex resumed>) = 1 [pid 10237] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10234] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10237] <... mmap resumed>) = 0x20000000 [pid 10237] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10234] <... futex resumed>) = 0 [pid 10255] <... futex resumed>) = 1 [pid 10252] <... ioctl resumed>) = 0 [pid 10234] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./397/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./397/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./397/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./397") = 0 [pid 298] mkdir("./398", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10256 [pid 10255] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10252] close(3) = 0 [pid 10252] close(4 [pid 10234] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10256 attached [pid 10234] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10256] set_robust_list(0x5555557b6760, 24) = 0 [pid 10256] chdir("./398") = 0 [pid 10237] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10256] setpgid(0, 0) = 0 [pid 10256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10237] sendfile(-1, -1, [0] [pid 10256] <... openat resumed>) = 3 [pid 10256] write(3, "1000", 4) = 4 [pid 10256] close(3) = 0 [pid 10256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10237] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10256] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10251] <... close resumed>) = 0 [pid 10250] <... close resumed>) = 0 [pid 10256] <... futex resumed>) = 0 [pid 10251] mkdir("./file0", 0777 [pid 10250] mkdir("./file0", 0777 [pid 10256] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10237] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10251] <... mkdir resumed>) = 0 [pid 10256] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10251] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10250] <... mkdir resumed>) = 0 [pid 10256] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10237] <... futex resumed>) = 1 [pid 10234] <... futex resumed>) = 0 [pid 10256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10250] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10234] exit_group(0 [pid 10256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10237] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10234] <... exit_group resumed>) = ? [pid 10256] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10256] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10255] <... futex resumed>) = ? [pid 10237] <... futex resumed>) = ? [pid 10256] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10255] +++ exited with 0 +++ [pid 10256] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10237] +++ exited with 0 +++ [pid 10234] +++ exited with 0 +++ [pid 10256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10234, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- ./strace-static-x86_64: Process 10257 attached [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 10257] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10256] <... clone3 resumed> => {parent_tid=[10257]}, 88) = 10257 [pid 297] <... restart_syscall resumed>) = 0 [pid 10257] <... set_robust_list resumed>) = 0 [pid 10256] rt_sigprocmask(SIG_SETMASK, [], [pid 10257] rt_sigprocmask(SIG_SETMASK, [], [pid 10256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10256] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./397", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10257] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10256] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10257] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10256] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] openat(AT_FDCWD, "./397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10257] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... openat resumed>) = 3 [pid 10257] <... futex resumed>) = 1 [pid 10256] <... futex resumed>) = 0 [pid 297] newfstatat(3, "", [pid 10257] memfd_create("syzkaller", 0 [pid 10256] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10257] <... memfd_create resumed>) = 3 [pid 10256] <... futex resumed>) = 0 [pid 297] getdents64(3, [pid 10257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10256] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10257] <... mmap resumed>) = 0x7fe453fca000 [pid 297] umount2("./397/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./397/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./397/binderfs") = 0 [pid 297] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10250] <... mount resumed>) = 0 [pid 10250] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10250] chdir("./file0") = 0 [pid 10250] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10250] ioctl(4, LOOP_CLR_FD) = 0 [pid 10250] close(4) = 0 [pid 10250] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10246] <... futex resumed>) = 0 [pid 10246] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10246] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10250] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10250] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10246] <... futex resumed>) = 0 [pid 10246] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10246] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10250] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10246] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10250] <... write resumed>) = 16 [pid 10246] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10250] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10246] <... mprotect resumed>) = 0 [pid 10250] <... futex resumed>) = 0 [pid 10246] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10250] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10246] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10260]}, 88) = 10260 [pid 10246] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10246] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10246] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10260 attached [pid 10260] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10260] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10260] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10260] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10246] <... futex resumed>) = 0 [pid 10246] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10250] <... futex resumed>) = 0 [pid 10246] <... futex resumed>) = 1 [pid 10250] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10246] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10250] <... mmap resumed>) = 0x20000000 [pid 10250] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10246] <... futex resumed>) = 0 [ 142.979677][T10250] loop4: detected capacity change from 0 to 2048 [ 142.988895][T10251] loop0: detected capacity change from 0 to 2048 [ 142.990854][T10252] loop1: detected capacity change from 0 to 2048 [ 143.001803][T10237] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10260] <... futex resumed>) = 1 [pid 10257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10246] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10260] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10252] <... close resumed>) = 0 [pid 10246] <... futex resumed>) = 0 [pid 10252] mkdir("./file0", 0777 [pid 10246] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10252] <... mkdir resumed>) = 0 [pid 10252] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10250] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10250] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10250] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10246] <... futex resumed>) = 0 [pid 10246] exit_group(0) = ? [pid 10260] <... futex resumed>) = ? [pid 10260] +++ exited with 0 +++ [pid 10257] <... write resumed>) = 1048576 [pid 10257] munmap(0x7fe453fca000, 138412032 [pid 10250] <... futex resumed>) = ? [pid 10257] <... munmap resumed>) = 0 [pid 10257] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10257] ioctl(4, LOOP_SET_FD, 3 [pid 10250] +++ exited with 0 +++ [pid 10246] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10246, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 299] umount2("./392", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./392/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./392/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./392/binderfs") = 0 [pid 299] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10252] <... mount resumed>) = 0 [pid 10252] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10252] chdir("./file0") = 0 [pid 10252] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10252] ioctl(4, LOOP_CLR_FD) = 0 [pid 10257] <... ioctl resumed>) = 0 [pid 10252] close(4 [pid 10257] close(3) = 0 [pid 10257] close(4 [pid 10252] <... close resumed>) = 0 [pid 10252] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10248] <... futex resumed>) = 0 [pid 10248] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10252] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10248] <... futex resumed>) = 0 [pid 10248] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10252] <... openat resumed>) = 4 [pid 10252] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10248] <... futex resumed>) = 0 [pid 10252] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10248] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10252] <... write resumed>) = 16 [pid 10248] <... futex resumed>) = 0 [pid 10252] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10248] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10252] <... futex resumed>) = 0 [pid 10248] <... futex resumed>) = 0 [pid 10252] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10248] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10248] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10248] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10263 attached => {parent_tid=[10263]}, 88) = 10263 [pid 10248] rt_sigprocmask(SIG_SETMASK, [], [pid 10263] set_robust_list(0x7fe45c3c99a0, 24 [pid 10248] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10248] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10248] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10263] <... set_robust_list resumed>) = 0 [pid 10263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10263] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10263] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10248] <... futex resumed>) = 0 [pid 10263] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10248] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10252] <... futex resumed>) = 0 [pid 10248] <... futex resumed>) = 1 [pid 10252] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10248] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10252] <... mmap resumed>) = 0x20000000 [pid 10252] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10251] <... mount resumed>) = 0 [pid 10252] <... futex resumed>) = 1 [pid 10248] <... futex resumed>) = 0 [pid 10251] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10252] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10248] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10251] <... openat resumed>) = 3 [pid 10248] <... futex resumed>) = 0 [pid 10251] chdir("./file0") = 0 [pid 10251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10251] ioctl(4, LOOP_CLR_FD) = 0 [pid 10251] close(4) = 0 [pid 10251] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10247] <... futex resumed>) = 0 [pid 10251] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10247] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10251] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10247] <... futex resumed>) = 0 [pid 10251] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10247] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10248] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10251] <... openat resumed>) = 4 [pid 10251] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10247] <... futex resumed>) = 0 [pid 10251] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10247] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10251] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10247] <... futex resumed>) = 0 [pid 10251] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10247] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10251] <... write resumed>) = 16 [pid 10247] <... futex resumed>) = 0 [pid 10251] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10251] <... futex resumed>) = 0 [pid 10247] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10251] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10247] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10247] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10247] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10266]}, 88) = 10266 [pid 10247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10247] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10247] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10266 attached [pid 10266] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10266] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10266] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10266] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10247] <... futex resumed>) = 0 [pid 10247] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10251] <... futex resumed>) = 0 [pid 10247] <... futex resumed>) = 1 [pid 10251] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10247] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10251] <... mmap resumed>) = 0x20000000 [pid 10251] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10247] <... futex resumed>) = 0 [ 143.038001][T10250] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 143.058811][T10257] loop3: detected capacity change from 0 to 2048 [pid 10251] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10247] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10251] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10247] <... futex resumed>) = 0 [pid 10266] <... futex resumed>) = 1 [pid 10266] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10252] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10252] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10252] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10248] <... futex resumed>) = 0 [pid 10248] exit_group(0 [pid 10263] <... futex resumed>) = ? [pid 10248] <... exit_group resumed>) = ? [pid 10263] +++ exited with 0 +++ [pid 10252] <... futex resumed>) = ? [pid 10252] +++ exited with 0 +++ [pid 10248] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10248, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 10247] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... restart_syscall resumed>) = 0 [pid 296] umount2("./398", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./398", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./398/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./398/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./398/binderfs") = 0 [pid 296] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = 0 [pid 10257] <... close resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 297] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10257] mkdir("./file0", 0777 [pid 299] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10257] <... mkdir resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./397/file0", [pid 10257] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 299] newfstatat(AT_FDCWD, "./392/file0", [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./397/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] openat(AT_FDCWD, "./392/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... openat resumed>) = 4 [pid 299] <... openat resumed>) = 4 [pid 297] newfstatat(4, "", [pid 299] newfstatat(4, "", [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, [pid 299] getdents64(4, [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, [pid 299] getdents64(4, [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4 [pid 299] close(4 [pid 297] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 297] rmdir("./397/file0" [pid 299] rmdir("./392/file0" [pid 297] <... rmdir resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 297] getdents64(3, [pid 299] getdents64(3, [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3 [pid 299] close(3 [pid 297] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 297] rmdir("./397" [pid 299] rmdir("./392" [pid 297] <... rmdir resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 297] mkdir("./398", 0777 [pid 299] mkdir("./393", 0777 [pid 297] <... mkdir resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] <... openat resumed>) = 3 [pid 10251] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 299] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD [pid 10251] sendfile(-1, -1, [0] [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] close(3 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... close resumed>) = 0 [pid 299] close(3 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... close resumed>) = 0 [pid 10251] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10251] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10247] <... futex resumed>) = 0 [pid 10251] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10247] exit_group(0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10267 [pid 10266] <... futex resumed>) = ? [pid 10251] <... futex resumed>) = ? [pid 10247] <... exit_group resumed>) = ? [pid 10266] +++ exited with 0 +++ [pid 10251] +++ exited with 0 +++ [pid 10247] +++ exited with 0 +++ ./strace-static-x86_64: Process 10268 attached ./strace-static-x86_64: Process 10267 attached [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10268 [pid 296] <... umount2 resumed>) = 0 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10247, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10268] set_robust_list(0x5555557b6760, 24 [pid 10267] set_robust_list(0x5555557b6760, 24 [pid 296] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10268] <... set_robust_list resumed>) = 0 [pid 10267] <... set_robust_list resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10268] chdir("./393" [pid 10267] chdir("./398" [pid 296] newfstatat(AT_FDCWD, "./398/file0", [pid 295] umount2("./396", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10268] <... chdir resumed>) = 0 [pid 10267] <... chdir resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10268] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10267] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 296] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] openat(AT_FDCWD, "./396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10268] <... prctl resumed>) = 0 [pid 10267] <... prctl resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... openat resumed>) = 3 [pid 10268] setpgid(0, 0 [pid 10267] setpgid(0, 0 [pid 296] openat(AT_FDCWD, "./398/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] newfstatat(3, "", [pid 10268] <... setpgid resumed>) = 0 [pid 10267] <... setpgid resumed>) = 0 [pid 296] <... openat resumed>) = 4 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10257] <... mount resumed>) = 0 [pid 296] newfstatat(4, "", [pid 295] getdents64(3, [pid 10268] <... openat resumed>) = 3 [pid 10267] <... openat resumed>) = 3 [pid 10257] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10268] write(3, "1000", 4 [pid 10267] write(3, "1000", 4 [pid 10257] <... openat resumed>) = 3 [pid 296] getdents64(4, [pid 295] umount2("./396/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10268] <... write resumed>) = 4 [pid 10267] <... write resumed>) = 4 [pid 10257] chdir("./file0" [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10268] close(3 [pid 10267] close(3 [pid 10257] <... chdir resumed>) = 0 [pid 296] getdents64(4, [pid 295] newfstatat(AT_FDCWD, "./396/binderfs", [pid 10268] <... close resumed>) = 0 [pid 10267] <... close resumed>) = 0 [pid 10257] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10268] symlink("/dev/binderfs", "./binderfs" [pid 10267] symlink("/dev/binderfs", "./binderfs" [pid 10257] <... openat resumed>) = 4 [pid 296] close(4 [pid 295] unlink("./396/binderfs" [pid 10268] <... symlink resumed>) = 0 [pid 10267] <... symlink resumed>) = 0 [pid 10257] ioctl(4, LOOP_CLR_FD [pid 295] <... unlink resumed>) = 0 [pid 10268] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10267] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10268] <... futex resumed>) = 0 [pid 10267] <... futex resumed>) = 0 [pid 10257] <... ioctl resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 10268] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10267] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10257] close(4 [pid 10268] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10267] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10257] <... close resumed>) = 0 [pid 296] rmdir("./398/file0" [pid 10268] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10267] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10257] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... rmdir resumed>) = 0 [pid 10268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10268] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10267] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10268] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10267] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10268] <... mprotect resumed>) = 0 [pid 10267] <... mprotect resumed>) = 0 [pid 10257] <... futex resumed>) = 1 [pid 10256] <... futex resumed>) = 0 [pid 296] getdents64(3, [pid 10268] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10267] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10257] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10256] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10268] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10267] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10267] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10256] <... futex resumed>) = 0 [pid 10257] <... openat resumed>) = 4 [pid 10256] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] close(3 [pid 10268] <... clone3 resumed> => {parent_tid=[10271]}, 88) = 10271 [pid 10267] <... clone3 resumed> => {parent_tid=[10272]}, 88) = 10272 [pid 10257] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10256] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] <... close resumed>) = 0 [pid 10268] rt_sigprocmask(SIG_SETMASK, [], [pid 10267] rt_sigprocmask(SIG_SETMASK, [], [pid 10257] <... futex resumed>) = 0 [pid 10256] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] rmdir("./398" [pid 10268] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 143.074055][T10252] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 143.087150][T10251] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10257] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10256] <... futex resumed>) = 0 [pid 10268] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10267] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... rmdir resumed>) = 0 [pid 10268] <... futex resumed>) = 0 [pid 10267] <... futex resumed>) = 0 [pid 10257] <... write resumed>) = 16 [pid 10256] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] mkdir("./399", 0777 [pid 10268] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10267] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10257] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10256] <... futex resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 10257] <... futex resumed>) = 0 [pid 10256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10257] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10256] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10256] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 296] <... openat resumed>) = 3 [pid 10256] <... mprotect resumed>) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 10256] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10256] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] close(3 [pid 10256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 296] <... close resumed>) = 0 [pid 10256] <... clone3 resumed> => {parent_tid=[10273]}, 88) = 10273 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10256] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 10271 attached NULL, 8) = 0 [pid 10256] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10274 [pid 10271] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10256] <... futex resumed>) = 0 [pid 10271] <... set_robust_list resumed>) = 0 [pid 10256] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10271] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 10272 attached NULL, 8) = 0 [pid 10271] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10272] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10271] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10271] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10272] <... set_robust_list resumed>) = 0 [pid 10271] <... futex resumed>) = 1 [pid 10268] <... futex resumed>) = 0 [pid 10272] rt_sigprocmask(SIG_SETMASK, [], [pid 10271] memfd_create("syzkaller", 0 [pid 10268] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10272] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10271] <... memfd_create resumed>) = 3 [pid 10268] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10274 attached [pid 10272] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10268] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10271] <... mmap resumed>) = 0x7fe453fca000 ./strace-static-x86_64: Process 10273 attached [pid 10274] set_robust_list(0x5555557b6760, 24 [pid 10272] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10271] munmap(0x7fe453fca000, 138412032) = 0 [pid 10272] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10271] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10271] ioctl(4, LOOP_SET_FD, 3 [pid 10272] <... futex resumed>) = 1 [pid 10267] <... futex resumed>) = 0 [pid 10267] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10272] memfd_create("syzkaller", 0 [pid 10267] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10272] <... memfd_create resumed>) = 3 [pid 10272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10274] <... set_robust_list resumed>) = 0 [pid 10273] set_robust_list(0x7fe45c3c99a0, 24 [pid 10272] <... mmap resumed>) = 0x7fe453fca000 [pid 10271] <... ioctl resumed>) = 0 [pid 10274] chdir("./399" [pid 10273] <... set_robust_list resumed>) = 0 [pid 10274] <... chdir resumed>) = 0 [pid 10273] rt_sigprocmask(SIG_SETMASK, [], [pid 10274] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10274] <... prctl resumed>) = 0 [pid 10273] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10274] setpgid(0, 0) = 0 [pid 10273] <... write resumed>) = 16 [pid 10271] close(3 [pid 10274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10273] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10274] <... openat resumed>) = 3 [pid 10271] <... close resumed>) = 0 [pid 10274] write(3, "1000", 4 [pid 10273] <... futex resumed>) = 1 [pid 10256] <... futex resumed>) = 0 [pid 10274] <... write resumed>) = 4 [pid 10273] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10256] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10274] close(3 [pid 10257] <... futex resumed>) = 0 [pid 10256] <... futex resumed>) = 1 [pid 10274] <... close resumed>) = 0 [pid 10257] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10256] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10274] symlink("/dev/binderfs", "./binderfs" [pid 10257] <... mmap resumed>) = 0x20000000 [pid 10257] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10256] <... futex resumed>) = 0 [pid 10257] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10256] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10274] <... symlink resumed>) = 0 [pid 10257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10256] <... futex resumed>) = 0 [pid 10271] close(4) = 0 [pid 10271] mkdir("./file0", 0777) = 0 [pid 10271] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10256] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10272] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10274] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./396/file0", [pid 10272] <... write resumed>) = 1048576 [pid 10272] munmap(0x7fe453fca000, 138412032) = 0 [pid 10272] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10272] ioctl(4, LOOP_SET_FD, 3 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10274] <... futex resumed>) = 0 [ 143.170514][T10271] loop4: detected capacity change from 0 to 2048 [ 143.185142][T10257] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 295] openat(AT_FDCWD, "./396/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, [pid 10274] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10272] <... ioctl resumed>) = 0 [pid 295] getdents64(4, [pid 10274] <... rt_sigaction resumed>NULL, 8) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 10274] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 295] rmdir("./396/file0" [pid 10274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10272] close(3) = 0 [pid 10274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 295] <... rmdir resumed>) = 0 [pid 10274] <... mmap resumed>) = 0x7fe45c3ca000 [pid 295] getdents64(3, [pid 10274] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10274] <... mprotect resumed>) = 0 [pid 295] close(3 [pid 10274] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] <... close resumed>) = 0 [pid 10274] <... rt_sigprocmask resumed>[], 8) = 0 [pid 295] rmdir("./396" [pid 10274] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10272] close(4 [pid 295] <... rmdir resumed>) = 0 [pid 10274] <... clone3 resumed> => {parent_tid=[10275]}, 88) = 10275 [pid 295] mkdir("./397", 0777 [pid 10274] rt_sigprocmask(SIG_SETMASK, [], [pid 295] <... mkdir resumed>) = 0 [pid 10274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10274] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] <... openat resumed>) = 3 [pid 10274] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10276 attached [pid 10276] set_robust_list(0x5555557b6760, 24 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10276 [pid 10276] <... set_robust_list resumed>) = 0 [pid 10276] chdir("./397") = 0 [pid 10276] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10257] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10257] sendfile(-1, -1, [0] [pid 10276] <... prctl resumed>) = 0 [pid 10257] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) ./strace-static-x86_64: Process 10275 attached [pid 10275] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10275] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10275] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10275] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10274] <... futex resumed>) = 0 [pid 10274] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10274] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10275] <... futex resumed>) = 0 [pid 10275] memfd_create("syzkaller", 0 [pid 10257] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10276] setpgid(0, 0 [pid 10275] <... memfd_create resumed>) = 3 [pid 10257] <... futex resumed>) = 1 [pid 10256] <... futex resumed>) = 0 [pid 10256] exit_group(0) = ? [pid 10273] <... futex resumed>) = 231 [pid 10273] +++ exited with 0 +++ [pid 10275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10276] <... setpgid resumed>) = 0 [pid 10271] <... mount resumed>) = 0 [pid 10275] <... mmap resumed>) = 0x7fe453fca000 [pid 10271] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10271] chdir("./file0") = 0 [pid 10271] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10271] ioctl(4, LOOP_CLR_FD) = 0 [pid 10271] close(4 [pid 10257] +++ exited with 0 +++ [pid 10256] +++ exited with 0 +++ [pid 10276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10256, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 10276] <... openat resumed>) = 3 [pid 10276] write(3, "1000", 4 [pid 298] umount2("./398", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10276] <... write resumed>) = 4 [pid 10276] close(3) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./398", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10276] symlink("/dev/binderfs", "./binderfs" [pid 298] <... openat resumed>) = 3 [pid 10276] <... symlink resumed>) = 0 [pid 10271] <... close resumed>) = 0 [pid 298] newfstatat(3, "", [pid 10276] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10276] <... futex resumed>) = 0 [pid 10276] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 298] getdents64(3, [pid 10276] <... rt_sigaction resumed>NULL, 8) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./398/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10276] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./398/binderfs", [pid 10276] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./398/binderfs" [pid 10276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10276] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 298] <... unlink resumed>) = 0 [pid 10276] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10276] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10276] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10279]}, 88) = 10279 [pid 10276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10276] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10276] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10279 attached [pid 10279] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10279] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10279] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10279] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10276] <... futex resumed>) = 0 [pid 10276] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10276] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10279] <... futex resumed>) = 1 [pid 10279] memfd_create("syzkaller", 0) = 3 [pid 10279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10271] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10268] <... futex resumed>) = 0 [pid 10271] <... futex resumed>) = 1 [pid 10268] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10268] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10271] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10271] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10268] <... futex resumed>) = 0 [pid 10268] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10271] <... futex resumed>) = 1 [pid 10268] <... futex resumed>) = 0 [pid 10268] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10271] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10268] <... futex resumed>) = 0 [pid 10268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10268] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10271] <... write resumed>) = 16 [pid 10268] <... mprotect resumed>) = 0 [pid 10268] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10271] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10268] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10271] <... futex resumed>) = 0 [pid 10268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10280]}, 88) = 10280 [pid 10271] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10268] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10268] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10280 attached [pid 10280] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10280] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10280] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10280] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10268] <... futex resumed>) = 0 [pid 10280] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10268] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10271] <... futex resumed>) = 0 [pid 10268] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10271] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [ 143.215186][T10272] loop2: detected capacity change from 0 to 2048 [pid 10271] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10268] <... futex resumed>) = 0 [pid 10271] <... futex resumed>) = 1 [pid 10268] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10268] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10279] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10279] munmap(0x7fe453fca000, 138412032) = 0 [pid 10279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10279] ioctl(4, LOOP_SET_FD, 3 [pid 10275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10271] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10279] <... ioctl resumed>) = 0 [pid 10272] <... close resumed>) = 0 [pid 10271] sendfile(-1, -1, [0] [pid 298] <... umount2 resumed>) = 0 [pid 10272] mkdir("./file0", 0777 [pid 10279] close(3 [pid 10275] <... write resumed>) = 1048576 [pid 10272] <... mkdir resumed>) = 0 [pid 10279] <... close resumed>) = 0 [pid 10275] munmap(0x7fe453fca000, 138412032 [pid 10271] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10272] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10279] close(4 [pid 10275] <... munmap resumed>) = 0 [pid 10271] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10275] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] newfstatat(AT_FDCWD, "./398/file0", [pid 10275] <... openat resumed>) = 4 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./398/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./398/file0" [pid 10275] ioctl(4, LOOP_SET_FD, 3 [pid 298] <... rmdir resumed>) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./398") = 0 [pid 298] mkdir("./399", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10281 [pid 10271] <... futex resumed>) = 1 [pid 10271] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 10281 attached [pid 10281] set_robust_list(0x5555557b6760, 24) = 0 [pid 10281] chdir("./399") = 0 [pid 10281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10281] setpgid(0, 0) = 0 [pid 10281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10281] write(3, "1000", 4) = 4 [pid 10281] close(3) = 0 [pid 10281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10281] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10281] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10281] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10268] <... futex resumed>) = 0 [pid 10268] exit_group(0) = ? [pid 10280] <... futex resumed>) = ? [pid 10280] +++ exited with 0 +++ [pid 10271] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 10275] <... ioctl resumed>) = 0 [pid 10281] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10281] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10281] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10271] +++ exited with 0 +++ [pid 10268] +++ exited with 0 +++ [pid 10281] <... clone3 resumed> => {parent_tid=[10282]}, 88) = 10282 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10268, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 10275] close(3 [pid 10281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10281] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10281] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10282 attached [pid 10282] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10282] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10282] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10281] <... futex resumed>) = 0 [pid 10281] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10281] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10282] <... futex resumed>) = 1 [pid 299] umount2("./393", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", [pid 10282] memfd_create("syzkaller", 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, [pid 10282] <... memfd_create resumed>) = 3 [pid 10282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10282] <... mmap resumed>) = 0x7fe453fca000 [pid 299] umount2("./393/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./393/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./393/binderfs") = 0 [pid 299] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10275] <... close resumed>) = 0 [pid 10275] close(4 [pid 10279] <... close resumed>) = 0 [pid 10279] mkdir("./file0", 0777) = 0 [pid 10282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10279] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10282] <... write resumed>) = 1048576 [pid 10282] munmap(0x7fe453fca000, 138412032) = 0 [pid 10282] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 143.258327][T10271] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 143.264460][T10279] loop0: detected capacity change from 0 to 2048 [ 143.288582][T10275] loop1: detected capacity change from 0 to 2048 [pid 10282] ioctl(4, LOOP_SET_FD, 3 [pid 10272] <... mount resumed>) = 0 [pid 10282] <... ioctl resumed>) = 0 [pid 10282] close(3) = 0 [pid 10282] close(4 [pid 10272] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10272] chdir("./file0") = 0 [pid 10272] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10272] ioctl(4, LOOP_CLR_FD) = 0 [pid 10272] close(4) = 0 [pid 10272] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10267] <... futex resumed>) = 0 [pid 10272] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10267] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10267] <... futex resumed>) = 0 [pid 10272] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10267] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10272] <... openat resumed>) = 4 [pid 10272] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10267] <... futex resumed>) = 0 [pid 10272] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10267] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10267] <... futex resumed>) = 0 [pid 10272] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10267] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10272] <... write resumed>) = 16 [pid 10267] <... futex resumed>) = 0 [pid 10272] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10272] <... futex resumed>) = 0 [pid 10267] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10272] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10267] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10267] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10267] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10286]}, 88) = 10286 [pid 10267] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10267] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10267] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10286 attached [pid 10286] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10286] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10286] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10267] <... futex resumed>) = 0 [pid 10267] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10272] <... futex resumed>) = 0 [pid 10267] <... futex resumed>) = 1 [pid 10272] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10267] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10272] <... mmap resumed>) = 0x20000000 [pid 10272] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10267] <... futex resumed>) = 0 [pid 10286] <... futex resumed>) = 1 [pid 10267] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10286] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10279] <... mount resumed>) = 0 [pid 10279] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10279] chdir("./file0") = 0 [pid 10279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10279] ioctl(4, LOOP_CLR_FD) = 0 [pid 10279] close(4) = 0 [pid 10279] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10279] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10267] <... futex resumed>) = 0 [pid 10267] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10276] <... futex resumed>) = 0 [pid 10276] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10279] <... futex resumed>) = 0 [pid 10276] <... futex resumed>) = 1 [pid 10279] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10276] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10279] <... openat resumed>) = 4 [pid 10279] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10276] <... futex resumed>) = 0 [pid 10279] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10276] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10279] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10276] <... futex resumed>) = 0 [pid 10279] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10276] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10279] <... write resumed>) = 16 [pid 10276] <... futex resumed>) = 0 [pid 10279] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10279] <... futex resumed>) = 0 [pid 10276] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10279] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10276] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10276] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10276] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10288]}, 88) = 10288 [pid 10276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10276] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10288 attached ) = 0 [pid 10276] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10272] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10272] sendfile(-1, -1, [0] [pid 10288] set_robust_list(0x7fe45c3c99a0, 24 [pid 10272] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10272] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10267] <... futex resumed>) = 0 [pid 10272] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10267] exit_group(0 [pid 10272] <... futex resumed>) = ? [pid 10267] <... exit_group resumed>) = ? [pid 10272] +++ exited with 0 +++ [pid 10286] <... futex resumed>) = ? [pid 10286] +++ exited with 0 +++ [pid 10267] +++ exited with 0 +++ [pid 10288] <... set_robust_list resumed>) = 0 [pid 10288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10288] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10288] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10276] <... futex resumed>) = 0 [pid 10276] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10279] <... futex resumed>) = 0 [pid 10276] <... futex resumed>) = 1 [pid 10279] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10276] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10279] <... mmap resumed>) = 0x20000000 [pid 10279] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10276] <... futex resumed>) = 0 [pid 10279] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10276] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10279] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10276] <... futex resumed>) = 0 [pid 10288] <... futex resumed>) = 1 [pid 299] <... umount2 resumed>) = 0 [pid 10288] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10267, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./393/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./398", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./398", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] openat(AT_FDCWD, "./393/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... openat resumed>) = 3 [pid 299] <... openat resumed>) = 4 [pid 297] newfstatat(3, "", [pid 299] newfstatat(4, "", [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, [pid 299] getdents64(4, [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] umount2("./398/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] getdents64(4, [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] newfstatat(AT_FDCWD, "./398/binderfs", [pid 299] close(4 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... close resumed>) = 0 [pid 297] unlink("./398/binderfs" [pid 299] rmdir("./393/file0" [pid 297] <... unlink resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 297] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] getdents64(3, [pid 10282] <... close resumed>) = 0 [pid 10275] <... close resumed>) = 0 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10282] mkdir("./file0", 0777 [pid 10275] mkdir("./file0", 0777 [pid 299] close(3) = 0 [pid 10282] <... mkdir resumed>) = 0 [pid 299] rmdir("./393" [pid 10275] <... mkdir resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 299] mkdir("./394", 0777 [pid 10282] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10276] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10275] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 299] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10279] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10279] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10289 [pid 10279] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10276] <... futex resumed>) = 0 [pid 10279] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10276] exit_group(0 [pid 10288] <... futex resumed>) = ? [pid 10279] <... futex resumed>) = ? [pid 10276] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 10289 attached [pid 10288] +++ exited with 0 +++ [pid 10289] set_robust_list(0x5555557b6760, 24) = 0 [pid 10279] +++ exited with 0 +++ [pid 10276] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10276, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 10289] chdir("./394") = 0 [pid 10289] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] umount2("./397", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10289] <... prctl resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10289] setpgid(0, 0 [pid 295] openat(AT_FDCWD, "./397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10289] <... setpgid resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 10289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] newfstatat(3, "", [pid 10289] <... openat resumed>) = 3 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10289] write(3, "1000", 4 [pid 295] getdents64(3, [pid 10289] <... write resumed>) = 4 [pid 10289] close(3) = 0 [pid 10289] symlink("/dev/binderfs", "./binderfs" [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./397/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10289] <... symlink resumed>) = 0 [pid 295] newfstatat(AT_FDCWD, "./397/binderfs", [pid 10289] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./397/binderfs" [pid 10289] <... futex resumed>) = 0 [pid 295] <... unlink resumed>) = 0 [pid 295] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10289] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10289] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10289] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10292]}, 88) = 10292 [pid 10289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10289] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10289] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10292 attached [pid 10292] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10292] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10292] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10282] <... mount resumed>) = 0 [pid 10282] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10282] chdir("./file0") = 0 [pid 10282] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10282] ioctl(4, LOOP_CLR_FD) = 0 [pid 10282] close(4) = 0 [pid 10282] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10281] <... futex resumed>) = 0 [pid 10282] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10281] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10292] <... futex resumed>) = 1 [pid 10289] <... futex resumed>) = 0 [pid 10281] <... futex resumed>) = 0 [pid 10289] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10281] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10282] <... openat resumed>) = 4 [pid 10282] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10281] <... futex resumed>) = 0 [pid 10282] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10281] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10281] <... futex resumed>) = 0 [pid 10282] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10281] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10289] <... futex resumed>) = 0 [pid 10282] <... write resumed>) = 16 [pid 10281] <... futex resumed>) = 0 [pid 10282] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10282] <... futex resumed>) = 0 [pid 10281] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10282] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10281] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10289] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10281] <... mprotect resumed>) = 0 [pid 10281] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] <... umount2 resumed>) = 0 [pid 10292] memfd_create("syzkaller", 0 [pid 10281] <... rt_sigprocmask resumed>[], 8) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 10281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 297] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10295 attached [pid 10292] <... memfd_create resumed>) = 3 [pid 10281] <... clone3 resumed> => {parent_tid=[10295]}, 88) = 10295 [pid 10275] <... mount resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10295] set_robust_list(0x7fe45c3c99a0, 24 [pid 10292] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10281] rt_sigprocmask(SIG_SETMASK, [], [pid 10275] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 297] newfstatat(AT_FDCWD, "./398/file0", [pid 295] newfstatat(AT_FDCWD, "./397/file0", [pid 10295] <... set_robust_list resumed>) = 0 [pid 10292] <... mmap resumed>) = 0x7fe453fca000 [pid 10281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10275] <... openat resumed>) = 3 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10295] rt_sigprocmask(SIG_SETMASK, [], [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10281] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10275] chdir("./file0" [pid 297] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10281] <... futex resumed>) = 0 [pid 10275] <... chdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10281] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10275] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 297] openat(AT_FDCWD, "./398/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] openat(AT_FDCWD, "./397/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10275] <... openat resumed>) = 4 [pid 297] <... openat resumed>) = 4 [pid 10275] ioctl(4, LOOP_CLR_FD [ 143.314571][T10282] loop3: detected capacity change from 0 to 2048 [ 143.326725][T10272] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 143.345474][T10279] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 297] newfstatat(4, "", [pid 295] <... openat resumed>) = 4 [pid 10275] <... ioctl resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] newfstatat(4, "", [pid 10275] close(4 [pid 297] getdents64(4, [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10275] <... close resumed>) = 0 [pid 10275] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, [pid 10295] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10292] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10275] <... futex resumed>) = 1 [pid 10274] <... futex resumed>) = 0 [pid 297] getdents64(4, [pid 10275] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10274] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10295] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10274] <... futex resumed>) = 0 [pid 297] close(4 [pid 295] getdents64(4, [pid 10295] <... write resumed>) = 16 [pid 10275] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10274] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... close resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] rmdir("./398/file0" [pid 295] close(4 [pid 10295] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10275] <... openat resumed>) = 4 [pid 297] <... rmdir resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 10295] <... futex resumed>) = 1 [pid 10281] <... futex resumed>) = 0 [pid 10275] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(3, [pid 295] rmdir("./397/file0" [pid 10295] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10281] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10275] <... futex resumed>) = 1 [pid 10274] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 10281] <... futex resumed>) = 1 [pid 10282] <... futex resumed>) = 0 [pid 10281] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10275] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10274] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] close(3 [pid 295] getdents64(3, [pid 10282] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10274] <... futex resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10282] <... mmap resumed>) = 0x20000000 [pid 10275] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10274] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] rmdir("./398" [pid 295] close(3 [pid 10292] <... write resumed>) = 1048576 [pid 10282] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10275] <... write resumed>) = 16 [pid 10274] <... futex resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 10274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10282] <... futex resumed>) = 1 [pid 10281] <... futex resumed>) = 0 [pid 10275] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10292] munmap(0x7fe453fca000, 138412032 [pid 295] <... close resumed>) = 0 [pid 10282] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10281] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10275] <... futex resumed>) = 0 [pid 10274] <... mmap resumed>) = 0x7fe45c3a9000 [pid 297] mkdir("./399", 0777 [pid 295] rmdir("./397" [pid 10282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10281] <... futex resumed>) = 0 [pid 10275] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10274] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10281] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... mkdir resumed>) = 0 [pid 10274] <... mprotect resumed>) = 0 [pid 10274] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 295] <... rmdir resumed>) = 0 [pid 10274] <... rt_sigprocmask resumed>[], 8) = 0 [pid 295] mkdir("./398", 0777 [pid 10274] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 297] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD [pid 295] <... mkdir resumed>) = 0 [pid 10274] <... clone3 resumed> => {parent_tid=[10296]}, 88) = 10296 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10274] rt_sigprocmask(SIG_SETMASK, [], [pid 297] close(3 [pid 295] <... openat resumed>) = 3 [pid 10274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] <... close resumed>) = 0 [pid 10274] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] ioctl(3, LOOP_CLR_FD [pid 10274] <... futex resumed>) = 0 [pid 10274] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10297 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10298 ./strace-static-x86_64: Process 10297 attached [pid 10292] <... munmap resumed>) = 0 [pid 10297] set_robust_list(0x5555557b6760, 24) = 0 [pid 10297] chdir("./399" [pid 10292] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10297] <... chdir resumed>) = 0 [pid 10297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 10298 attached [pid 10292] <... openat resumed>) = 4 [pid 10297] setpgid(0, 0 [pid 10292] ioctl(4, LOOP_SET_FD, 3 [pid 10298] set_robust_list(0x5555557b6760, 24 [pid 10297] <... setpgid resumed>) = 0 [pid 10297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10297] write(3, "1000", 4) = 4 [pid 10297] close(3) = 0 [pid 10297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10297] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10297] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10297] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10297] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10299]}, 88) = 10299 [pid 10297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10297] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10297] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10299 attached [pid 10299] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10299] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10299] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10297] <... futex resumed>) = 0 [pid 10297] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10297] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10299] <... futex resumed>) = 1 [pid 10299] memfd_create("syzkaller", 0) = 3 [pid 10298] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 10296 attached [pid 10292] <... ioctl resumed>) = 0 [pid 10299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10298] chdir("./398" [pid 10296] set_robust_list(0x7fe45c3c99a0, 24 [pid 10292] close(3 [pid 10298] <... chdir resumed>) = 0 [pid 10296] <... set_robust_list resumed>) = 0 [pid 10292] <... close resumed>) = 0 [pid 10298] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10296] rt_sigprocmask(SIG_SETMASK, [], [pid 10292] close(4 [pid 10298] <... prctl resumed>) = 0 [pid 10296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10282] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10298] setpgid(0, 0 [pid 10296] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10298] <... setpgid resumed>) = 0 [pid 10298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10296] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10274] <... futex resumed>) = 0 [pid 10298] <... openat resumed>) = 3 [pid 10282] sendfile(-1, -1, [0] [pid 10274] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10296] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10282] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10275] <... futex resumed>) = 0 [pid 10274] <... futex resumed>) = 1 [pid 10298] write(3, "1000", 4) = 4 [pid 10292] <... close resumed>) = 0 [pid 10275] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10274] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10298] close(3 [pid 10282] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10275] <... mmap resumed>) = 0x20000000 [pid 10275] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10298] <... close resumed>) = 0 [pid 10292] mkdir("./file0", 0777 [pid 10281] <... futex resumed>) = 0 [pid 10281] exit_group(0 [pid 10298] symlink("/dev/binderfs", "./binderfs" [pid 10295] <... futex resumed>) = ? [pid 10281] <... exit_group resumed>) = ? [ 143.403743][T10282] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 143.438826][T10292] loop4: detected capacity change from 0 to 2048 [pid 10275] <... futex resumed>) = 1 [pid 10274] <... futex resumed>) = 0 [pid 10295] +++ exited with 0 +++ [pid 10298] <... symlink resumed>) = 0 [pid 10274] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10282] <... futex resumed>) = ? [pid 10282] +++ exited with 0 +++ [pid 10281] +++ exited with 0 +++ [pid 10299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10299] munmap(0x7fe453fca000, 138412032) = 0 [pid 10299] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10299] ioctl(4, LOOP_SET_FD, 3 [pid 10298] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10292] <... mkdir resumed>) = 0 [pid 10274] <... futex resumed>) = 0 [pid 10298] <... futex resumed>) = 0 [pid 10292] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10274] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10281, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 10298] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10299] <... ioctl resumed>) = 0 [pid 10298] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10275] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10298] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 298] umount2("./399", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10298] <... mmap resumed>) = 0x7fe45c3ca000 [pid 298] openat(AT_FDCWD, "./399", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10298] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 298] <... openat resumed>) = 3 [pid 10298] <... mprotect resumed>) = 0 [pid 298] newfstatat(3, "", [pid 10298] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10298] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] getdents64(3, [pid 10298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./399/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10298] <... clone3 resumed> => {parent_tid=[10300]}, 88) = 10300 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10298] rt_sigprocmask(SIG_SETMASK, [], [pid 298] newfstatat(AT_FDCWD, "./399/binderfs", [pid 10298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10298] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] unlink("./399/binderfs" [pid 10298] <... futex resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 10298] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10299] close(3) = 0 [pid 10299] close(4 [pid 10275] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10275] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10274] <... futex resumed>) = 0 [pid 10274] exit_group(0 [pid 10296] <... futex resumed>) = ? [pid 10274] <... exit_group resumed>) = ? [pid 10296] +++ exited with 0 +++ [pid 10275] <... futex resumed>) = ? [pid 10275] +++ exited with 0 +++ [pid 10274] +++ exited with 0 +++ ./strace-static-x86_64: Process 10300 attached [pid 10300] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10274, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 10300] rt_sigprocmask(SIG_SETMASK, [], [pid 296] umount2("./399", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./399", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, [pid 10300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10300] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./399/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10300] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10300] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10292] <... mount resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./399/binderfs", [pid 10298] <... futex resumed>) = 0 [pid 10298] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10298] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10300] <... futex resumed>) = 1 [pid 10300] memfd_create("syzkaller", 0 [pid 10292] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10300] <... memfd_create resumed>) = 3 [pid 296] unlink("./399/binderfs" [pid 10300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10292] <... openat resumed>) = 3 [pid 10292] chdir("./file0" [pid 296] <... unlink resumed>) = 0 [pid 10300] <... mmap resumed>) = 0x7fe453fca000 [pid 296] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10292] <... chdir resumed>) = 0 [pid 10292] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10292] ioctl(4, LOOP_CLR_FD) = 0 [pid 10292] close(4) = 0 [pid 10292] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10289] <... futex resumed>) = 0 [pid 10292] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10289] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10289] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10292] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10292] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10292] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10289] <... futex resumed>) = 0 [pid 10289] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10292] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10289] <... futex resumed>) = 0 [pid 10289] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10292] <... write resumed>) = 16 [pid 10289] <... futex resumed>) = 0 [pid 10289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10292] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10289] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10292] <... futex resumed>) = 0 [pid 10289] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10292] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10303]}, 88) = 10303 [pid 10289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10289] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10289] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10303 attached [pid 10303] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10303] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10303] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10289] <... futex resumed>) = 0 [pid 10303] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10289] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10292] <... futex resumed>) = 0 [pid 10289] <... futex resumed>) = 1 [pid 10292] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10289] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10292] <... mmap resumed>) = 0x20000000 [pid 10292] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10289] <... futex resumed>) = 0 [pid 10292] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10289] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10292] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10289] <... futex resumed>) = 0 [ 143.453496][T10275] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 143.466409][T10299] loop2: detected capacity change from 0 to 2048 [pid 10300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10300] munmap(0x7fe453fca000, 138412032) = 0 [pid 10300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10300] ioctl(4, LOOP_SET_FD, 3 [pid 10292] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10289] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10292] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10292] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10289] <... futex resumed>) = 0 [pid 10289] exit_group(0 [pid 10303] <... futex resumed>) = ? [pid 10289] <... exit_group resumed>) = ? [pid 10303] +++ exited with 0 +++ [pid 10292] <... futex resumed>) = ? [pid 10292] +++ exited with 0 +++ [pid 10289] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10289, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] umount2("./394", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./394/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./394/binderfs", [pid 10300] <... ioctl resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10300] close(3) = 0 [pid 10300] close(4 [pid 299] unlink("./394/binderfs") = 0 [pid 299] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10299] <... close resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 10299] mkdir("./file0", 0777 [pid 298] <... umount2 resumed>) = 0 [pid 10299] <... mkdir resumed>) = 0 [pid 10299] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 296] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./399/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./399/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./399/file0") = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./399" [pid 299] <... umount2 resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 296] mkdir("./400", 0777 [pid 298] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10300] <... close resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... mkdir resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./399/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./399/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 10300] mkdir("./file0", 0777 [pid 299] newfstatat(AT_FDCWD, "./394/file0", [pid 298] newfstatat(4, "", [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... openat resumed>) = 3 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./399/file0" [pid 10300] <... mkdir resumed>) = 0 [pid 299] umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] ioctl(3, LOOP_CLR_FD [pid 298] <... rmdir resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] openat(AT_FDCWD, "./394/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] close(3 [pid 299] <... openat resumed>) = 4 [pid 298] getdents64(3, [pid 296] <... close resumed>) = 0 [pid 10300] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 299] newfstatat(4, "", [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] getdents64(4, [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10304 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] close(3 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./394/file0") = 0 [pid 298] <... close resumed>) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3 [pid 298] rmdir("./399" [pid 299] <... close resumed>) = 0 [pid 299] rmdir("./394") = 0 [pid 298] <... rmdir resumed>) = 0 [pid 299] mkdir("./395", 0777 [pid 298] mkdir("./400", 0777 [pid 299] <... mkdir resumed>) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 298] <... openat resumed>) = 3 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] ioctl(3, LOOP_CLR_FD [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10305 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 10304 attached ./strace-static-x86_64: Process 10305 attached [pid 298] close(3 [pid 10304] set_robust_list(0x5555557b6760, 24) = 0 [pid 298] <... close resumed>) = 0 [pid 10305] set_robust_list(0x5555557b6760, 24 [pid 10304] chdir("./400") = 0 [pid 10304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10304] setpgid(0, 0) = 0 [pid 10304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10305] <... set_robust_list resumed>) = 0 [pid 10304] <... openat resumed>) = 3 [pid 10304] write(3, "1000", 4) = 4 [pid 10304] close(3) = 0 [pid 10304] symlink("/dev/binderfs", "./binderfs" [pid 10305] chdir("./395"./strace-static-x86_64: Process 10306 attached [pid 10304] <... symlink resumed>) = 0 [pid 10306] set_robust_list(0x5555557b6760, 24 [pid 10304] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10306] <... set_robust_list resumed>) = 0 [pid 10304] <... futex resumed>) = 0 [pid 10306] chdir("./400" [pid 10304] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10306] <... chdir resumed>) = 0 [pid 10304] <... rt_sigaction resumed>NULL, 8) = 0 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10306 [pid 10306] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10304] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10306] <... prctl resumed>) = 0 [pid 10304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10306] setpgid(0, 0 [pid 10304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10305] <... chdir resumed>) = 0 [pid 10304] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10304] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10306] <... setpgid resumed>) = 0 [pid 10305] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10304] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10305] <... prctl resumed>) = 0 [pid 10304] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10306] <... openat resumed>) = 3 [pid 10304] <... clone3 resumed> => {parent_tid=[10307]}, 88) = 10307 [pid 10306] write(3, "1000", 4 [pid 10305] setpgid(0, 0 [pid 10304] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 10307 attached NULL, 8) = 0 [ 143.500991][T10292] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 143.511790][T10300] loop0: detected capacity change from 0 to 2048 [pid 10304] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10306] <... write resumed>) = 4 [pid 10305] <... setpgid resumed>) = 0 [pid 10307] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10306] close(3 [pid 10305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10304] <... futex resumed>) = 0 [pid 10306] <... close resumed>) = 0 [pid 10305] <... openat resumed>) = 3 [pid 10304] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10306] symlink("/dev/binderfs", "./binderfs" [pid 10305] write(3, "1000", 4 [pid 10306] <... symlink resumed>) = 0 [pid 10305] <... write resumed>) = 4 [pid 10306] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10305] close(3 [pid 10306] <... futex resumed>) = 0 [pid 10305] <... close resumed>) = 0 [pid 10306] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10305] symlink("/dev/binderfs", "./binderfs" [pid 10306] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10305] <... symlink resumed>) = 0 [pid 10306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10305] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10305] <... futex resumed>) = 0 [pid 10306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10305] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10306] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10305] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10306] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10305] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10306] <... mprotect resumed>) = 0 [pid 10305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10306] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10306] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10305] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10305] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10306] <... clone3 resumed> => {parent_tid=[10309]}, 88) = 10309 [pid 10305] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10306] rt_sigprocmask(SIG_SETMASK, [], [pid 10305] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10306] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10305] <... clone3 resumed> => {parent_tid=[10310]}, 88) = 10310 [pid 10306] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10305] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10305] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10310 attached [pid 10310] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10307] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 10309 attached [pid 10310] <... set_robust_list resumed>) = 0 [pid 10309] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10310] rt_sigprocmask(SIG_SETMASK, [], [pid 10309] <... set_robust_list resumed>) = 0 [pid 10300] <... mount resumed>) = 0 [pid 10307] rt_sigprocmask(SIG_SETMASK, [], [pid 10300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10307] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10307] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10300] <... openat resumed>) = 3 [pid 10307] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10300] chdir("./file0" [pid 10307] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10300] <... chdir resumed>) = 0 [pid 10307] <... futex resumed>) = 1 [pid 10304] <... futex resumed>) = 0 [pid 10300] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10307] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10304] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10300] <... openat resumed>) = 4 [pid 10310] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10309] rt_sigprocmask(SIG_SETMASK, [], [pid 10307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10304] <... futex resumed>) = 0 [pid 10300] ioctl(4, LOOP_CLR_FD [pid 10310] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10307] memfd_create("syzkaller", 0 [pid 10304] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10300] <... ioctl resumed>) = 0 [pid 10310] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10309] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10307] <... memfd_create resumed>) = 3 [pid 10300] close(4 [pid 10310] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10309] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10300] <... close resumed>) = 0 [pid 10310] <... futex resumed>) = 1 [pid 10309] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10307] <... mmap resumed>) = 0x7fe453fca000 [pid 10305] <... futex resumed>) = 0 [pid 10300] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10310] memfd_create("syzkaller", 0 [pid 10309] <... futex resumed>) = 1 [pid 10306] <... futex resumed>) = 0 [pid 10305] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10310] <... memfd_create resumed>) = 3 [pid 10309] memfd_create("syzkaller", 0 [pid 10306] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10305] <... futex resumed>) = 0 [pid 10310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10309] <... memfd_create resumed>) = 3 [pid 10306] <... futex resumed>) = 0 [pid 10305] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10310] <... mmap resumed>) = 0x7fe453fca000 [pid 10309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10306] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10309] <... mmap resumed>) = 0x7fe453fca000 [pid 10300] <... futex resumed>) = 1 [pid 10298] <... futex resumed>) = 0 [pid 10310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10300] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10298] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10309] <... write resumed>) = 1048576 [pid 10307] <... write resumed>) = 1048576 [pid 10300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10298] <... futex resumed>) = 0 [pid 10307] munmap(0x7fe453fca000, 138412032 [pid 10300] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10298] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10307] <... munmap resumed>) = 0 [pid 10307] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10307] ioctl(4, LOOP_SET_FD, 3 [pid 10309] munmap(0x7fe453fca000, 138412032 [pid 10300] <... openat resumed>) = 4 [pid 10299] <... mount resumed>) = 0 [pid 10307] <... ioctl resumed>) = 0 [pid 10307] close(3) = 0 [pid 10307] close(4 [pid 10300] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10300] <... futex resumed>) = 1 [pid 10298] <... futex resumed>) = 0 [pid 10298] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10299] <... openat resumed>) = 3 [pid 10300] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10298] <... futex resumed>) = 0 [pid 10300] <... write resumed>) = 16 [pid 10298] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10299] chdir("./file0" [pid 10298] <... futex resumed>) = 0 [pid 10300] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10299] <... chdir resumed>) = 0 [pid 10300] <... futex resumed>) = 0 [pid 10299] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10300] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10299] <... openat resumed>) = 4 [pid 10299] ioctl(4, LOOP_CLR_FD [pid 10298] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10299] <... ioctl resumed>) = 0 [pid 10298] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10299] close(4) = 0 [pid 10298] <... mprotect resumed>) = 0 [pid 10299] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10298] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10299] <... futex resumed>) = 1 [pid 10297] <... futex resumed>) = 0 [pid 10297] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10297] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10310] <... write resumed>) = 1048576 [pid 10310] munmap(0x7fe453fca000, 138412032 [pid 10299] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10298] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10310] <... munmap resumed>) = 0 [pid 10299] <... openat resumed>) = 4 [pid 10298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10299] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10297] <... futex resumed>) = 0 [pid 10299] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10297] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10298] <... clone3 resumed> => {parent_tid=[10314]}, 88) = 10314 [pid 10297] <... futex resumed>) = 0 [pid 10299] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10298] rt_sigprocmask(SIG_SETMASK, [], [pid 10297] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10299] <... write resumed>) = 16 [pid 10298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10297] <... futex resumed>) = 0 [pid 10299] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10298] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10299] <... futex resumed>) = 0 [pid 10298] <... futex resumed>) = 0 [pid 10297] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10310] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10299] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10298] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10297] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10315]}, 88) = 10315 [pid 10297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10297] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10297] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10310] <... openat resumed>) = 4 [pid 10310] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 10315 attached ./strace-static-x86_64: Process 10314 attached [pid 10309] <... munmap resumed>) = 0 [pid 10314] set_robust_list(0x7fe45c3c99a0, 24 [pid 10309] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10314] <... set_robust_list resumed>) = 0 [pid 10309] <... openat resumed>) = 4 [pid 10314] rt_sigprocmask(SIG_SETMASK, [], [pid 10309] ioctl(4, LOOP_SET_FD, 3 [pid 10314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10310] <... ioctl resumed>) = 0 [pid 10315] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10310] close(3 [pid 10315] rt_sigprocmask(SIG_SETMASK, [], [pid 10310] <... close resumed>) = 0 [pid 10315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10315] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10310] close(4 [pid 10315] <... write resumed>) = 16 [pid 10315] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10297] <... futex resumed>) = 0 [pid 10297] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10299] <... futex resumed>) = 0 [pid 10297] <... futex resumed>) = 1 [pid 10299] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10297] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10299] <... mmap resumed>) = 0x20000000 [pid 10299] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10297] <... futex resumed>) = 0 [pid 10315] <... futex resumed>) = 1 [pid 10299] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10297] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10315] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10297] <... futex resumed>) = 0 [pid 10314] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10309] <... ioctl resumed>) = 0 [pid 10314] <... write resumed>) = 16 [pid 10309] close(3 [pid 10314] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10309] <... close resumed>) = 0 [pid 10314] <... futex resumed>) = 1 [pid 10309] close(4 [pid 10298] <... futex resumed>) = 0 [pid 10314] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10298] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10300] <... futex resumed>) = 0 [pid 10298] <... futex resumed>) = 1 [pid 10300] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10298] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10300] <... mmap resumed>) = 0x20000000 [pid 10300] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10298] <... futex resumed>) = 0 [pid 10300] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10298] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 143.607898][T10307] loop1: detected capacity change from 0 to 2048 [ 143.626525][T10310] loop4: detected capacity change from 0 to 2048 [ 143.630296][T10309] loop3: detected capacity change from 0 to 2048 [ 143.635270][T10299] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10298] <... futex resumed>) = 0 [pid 10307] <... close resumed>) = 0 [pid 10299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10297] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10307] mkdir("./file0", 0777 [pid 10299] sendfile(-1, -1, [0] [pid 10307] <... mkdir resumed>) = 0 [pid 10307] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10299] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10298] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10310] <... close resumed>) = 0 [pid 10310] mkdir("./file0", 0777 [pid 10299] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10299] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10300] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10300] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10300] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10298] <... futex resumed>) = 0 [pid 10297] <... futex resumed>) = 0 [pid 10300] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10310] <... mkdir resumed>) = 0 [pid 10298] exit_group(0 [pid 10297] exit_group(0 [pid 10315] <... futex resumed>) = ? [pid 10314] <... futex resumed>) = ? [pid 10310] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10300] <... futex resumed>) = ? [pid 10299] <... futex resumed>) = ? [pid 10298] <... exit_group resumed>) = ? [pid 10297] <... exit_group resumed>) = ? [pid 10315] +++ exited with 0 +++ [pid 10314] +++ exited with 0 +++ [pid 10309] <... close resumed>) = 0 [pid 10300] +++ exited with 0 +++ [pid 10299] +++ exited with 0 +++ [pid 10298] +++ exited with 0 +++ [pid 10297] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10297, si_uid=0, si_status=0, si_utime=1, si_stime=2} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10298, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 295] umount2("./398", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./398", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./398/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... restart_syscall resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./398/binderfs", [pid 297] umount2("./399", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] openat(AT_FDCWD, "./399", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] unlink("./398/binderfs" [pid 297] newfstatat(3, "", [pid 10309] mkdir("./file0", 0777 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... unlink resumed>) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./399/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10309] <... mkdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10309] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 297] newfstatat(AT_FDCWD, "./399/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./399/binderfs") = 0 [pid 297] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10310] <... mount resumed>) = 0 [pid 10310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10307] <... mount resumed>) = 0 [pid 10310] <... openat resumed>) = 3 [pid 10310] chdir("./file0") = 0 [pid 10310] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10310] ioctl(4, LOOP_CLR_FD) = 0 [pid 10307] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10310] close(4 [pid 10307] <... openat resumed>) = 3 [pid 10310] <... close resumed>) = 0 [pid 10307] chdir("./file0" [pid 10310] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10307] <... chdir resumed>) = 0 [pid 10310] <... futex resumed>) = 1 [pid 10305] <... futex resumed>) = 0 [pid 10310] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10305] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10307] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10305] <... futex resumed>) = 0 [pid 10305] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10307] <... openat resumed>) = 4 [pid 10310] <... openat resumed>) = 4 [pid 10307] ioctl(4, LOOP_CLR_FD [pid 10310] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10307] <... ioctl resumed>) = 0 [pid 10305] <... futex resumed>) = 0 [pid 10307] close(4 [pid 10310] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10305] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10307] <... close resumed>) = 0 [pid 10305] <... futex resumed>) = 0 [pid 10310] <... write resumed>) = 16 [pid 10307] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10305] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10310] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10307] <... futex resumed>) = 1 [pid 10305] <... futex resumed>) = 0 [pid 10304] <... futex resumed>) = 0 [pid 10310] <... futex resumed>) = 0 [pid 10307] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10304] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10310] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10305] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10304] <... futex resumed>) = 0 [pid 10307] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10305] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10304] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10305] <... mprotect resumed>) = 0 [pid 10307] <... openat resumed>) = 4 [pid 10305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10307] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10307] <... futex resumed>) = 1 [pid 10305] <... clone3 resumed> => {parent_tid=[10320]}, 88) = 10320 [pid 10304] <... futex resumed>) = 0 [pid 10305] rt_sigprocmask(SIG_SETMASK, [], [pid 10307] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10304] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10304] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10320 attached [pid 10307] <... write resumed>) = 16 [pid 10304] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10305] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10307] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10304] <... futex resumed>) = 0 [pid 10305] <... futex resumed>) = 0 [pid 10304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10307] <... futex resumed>) = 0 [pid 10305] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10304] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10307] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10320] set_robust_list(0x7fe45c3c99a0, 24 [pid 10304] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10320] <... set_robust_list resumed>) = 0 [pid 10304] <... mprotect resumed>) = 0 [pid 10320] rt_sigprocmask(SIG_SETMASK, [], [pid 10304] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10321]}, 88) = 10321 [pid 10320] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10320] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10304] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10304] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10320] <... write resumed>) = 16 [pid 10320] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10305] <... futex resumed>) = 0 [pid 10320] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10305] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10310] <... futex resumed>) = 0 [pid 10305] <... futex resumed>) = 1 [pid 10310] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10305] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10321 attached [pid 10310] <... mmap resumed>) = 0x20000000 [pid 10310] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10310] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10305] <... futex resumed>) = 0 [pid 10305] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10321] set_robust_list(0x7fe45c3c99a0, 24 [pid 10310] <... futex resumed>) = 0 [pid 10305] <... futex resumed>) = 1 [pid 10321] <... set_robust_list resumed>) = 0 [pid 10321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10321] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10321] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10305] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10304] <... futex resumed>) = 0 [pid 10321] <... futex resumed>) = 1 [ 143.646351][T10300] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10321] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10304] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10304] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10307] <... futex resumed>) = 0 [pid 10307] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10307] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10304] <... futex resumed>) = 0 [pid 10304] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10304] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10310] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10310] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10305] <... futex resumed>) = 0 [pid 10305] exit_group(0 [pid 10320] <... futex resumed>) = ? [pid 10305] <... exit_group resumed>) = ? [pid 10320] +++ exited with 0 +++ [pid 10310] <... futex resumed>) = ? [pid 10310] +++ exited with 0 +++ [pid 10305] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10305, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] umount2("./395", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./395/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./395/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./395/binderfs") = 0 [pid 299] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10307] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10307] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10307] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10304] <... futex resumed>) = 0 [pid 10304] exit_group(0 [pid 10321] <... futex resumed>) = ? [pid 10304] <... exit_group resumed>) = ? [pid 10321] +++ exited with 0 +++ [pid 10307] <... futex resumed>) = ? [pid 10307] +++ exited with 0 +++ [pid 10304] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10304, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./400", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./400", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./400/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./400/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./400/binderfs") = 0 [pid 296] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 299] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./395/file0", [pid 295] newfstatat(AT_FDCWD, "./398/file0", [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./395/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] openat(AT_FDCWD, "./398/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... openat resumed>) = 4 [pid 295] <... openat resumed>) = 4 [pid 299] newfstatat(4, "", [pid 295] newfstatat(4, "", [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, [pid 295] getdents64(4, [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, [pid 295] getdents64(4, [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4 [pid 295] close(4 [pid 299] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 299] rmdir("./395/file0" [pid 295] rmdir("./398/file0" [pid 299] <... rmdir resumed>) = 0 [pid 297] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... rmdir resumed>) = 0 [pid 299] getdents64(3, [pid 295] getdents64(3, [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = 0 [pid 295] close(3 [pid 299] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 299] rmdir("./395" [pid 295] rmdir("./398" [pid 299] <... rmdir resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./399/file0", [pid 296] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... rmdir resumed>) = 0 [pid 299] mkdir("./396", 0777 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] mkdir("./399", 0777 [pid 299] <... mkdir resumed>) = 0 [pid 297] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 295] ioctl(3, LOOP_CLR_FD [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 295] close(3 [pid 299] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] openat(AT_FDCWD, "./399/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10323 [pid 297] <... openat resumed>) = 4 [pid 296] newfstatat(AT_FDCWD, "./400/file0", [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10324 [pid 297] newfstatat(4, "", [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] getdents64(4, [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, [pid 296] openat(AT_FDCWD, "./400/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4 [pid 296] <... openat resumed>) = 4 [pid 297] <... close resumed>) = 0 [pid 296] newfstatat(4, "", [pid 297] rmdir("./399/file0" [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 297] getdents64(3, [pid 296] getdents64(4, [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] close(3) = 0 [pid 297] rmdir("./399" [pid 296] getdents64(4, [pid 297] <... rmdir resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] mkdir("./400", 0777 [pid 296] close(4 [pid 297] <... mkdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] <... close resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] rmdir("./400/file0" [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] getdents64(3, [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10327 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3./strace-static-x86_64: Process 10323 attached ) = 0 ./strace-static-x86_64: Process 10327 attached [pid 10327] set_robust_list(0x5555557b6760, 24) = 0 [pid 10327] chdir("./400") = 0 [pid 10327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10327] setpgid(0, 0) = 0 [pid 10327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] rmdir("./400" [pid 10327] <... openat resumed>) = 3 [pid 10327] write(3, "1000", 4) = 4 [ 143.698613][T10310] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 143.700077][T10307] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10327] close(3) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 296] mkdir("./401", 0777 [pid 10327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10327] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10327] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10327] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 296] <... openat resumed>) = 3 [pid 10327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 10327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10327] <... mmap resumed>) = 0x7fe45c3ca000 [pid 296] close(3 [pid 10327] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10323] set_robust_list(0x5555557b6760, 24 [pid 296] <... close resumed>) = 0 [pid 10327] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10323] <... set_robust_list resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10327] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10328]}, 88) = 10328 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10329 ./strace-static-x86_64: Process 10324 attached [pid 10327] rt_sigprocmask(SIG_SETMASK, [], [pid 10323] chdir("./396" [pid 10327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10324] set_robust_list(0x5555557b6760, 24 [pid 10323] <... chdir resumed>) = 0 [pid 10327] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10327] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10324] <... set_robust_list resumed>) = 0 [pid 10323] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10324] chdir("./399" [pid 10323] <... prctl resumed>) = 0 [pid 10324] <... chdir resumed>) = 0 [pid 10323] setpgid(0, 0./strace-static-x86_64: Process 10329 attached [pid 10329] set_robust_list(0x5555557b6760, 24) = 0 [pid 10329] chdir("./401") = 0 [pid 10309] <... mount resumed>) = 0 [pid 10324] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10323] <... setpgid resumed>) = 0 [pid 10309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10309] chdir("./file0" [pid 10324] <... prctl resumed>) = 0 [pid 10323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10329] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10323] <... openat resumed>) = 3 [pid 10309] <... chdir resumed>) = 0 [pid 10324] setpgid(0, 0 [pid 10329] <... prctl resumed>) = 0 [pid 10323] write(3, "1000", 4 [pid 10309] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10329] setpgid(0, 0 [pid 10324] <... setpgid resumed>) = 0 [pid 10323] <... write resumed>) = 4 [pid 10309] <... openat resumed>) = 4 [pid 10329] <... setpgid resumed>) = 0 [pid 10323] close(3 [pid 10309] ioctl(4, LOOP_CLR_FD [pid 10329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10323] <... close resumed>) = 0 [pid 10309] <... ioctl resumed>) = 0 [pid 10309] close(4 [pid 10323] symlink("/dev/binderfs", "./binderfs" [pid 10309] <... close resumed>) = 0 [pid 10309] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10329] <... openat resumed>) = 3 [pid 10324] <... openat resumed>) = 3 [pid 10323] <... symlink resumed>) = 0 [pid 10309] <... futex resumed>) = 1 [pid 10306] <... futex resumed>) = 0 [pid 10329] write(3, "1000", 4 [pid 10324] write(3, "1000", 4 [pid 10323] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10309] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10306] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10329] <... write resumed>) = 4 [pid 10324] <... write resumed>) = 4 [pid 10323] <... futex resumed>) = 0 [pid 10309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10306] <... futex resumed>) = 0 [pid 10329] close(3 [pid 10324] close(3 [pid 10323] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10309] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10306] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10329] <... close resumed>) = 0 [pid 10324] <... close resumed>) = 0 [pid 10323] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10329] symlink("/dev/binderfs", "./binderfs" [pid 10324] symlink("/dev/binderfs", "./binderfs" [pid 10323] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10309] <... openat resumed>) = 4 [pid 10309] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10329] <... symlink resumed>) = 0 [pid 10324] <... symlink resumed>) = 0 [pid 10323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10309] <... futex resumed>) = 1 [pid 10306] <... futex resumed>) = 0 [pid 10329] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10324] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10309] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10306] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10328 attached [pid 10329] <... futex resumed>) = 0 [pid 10324] <... futex resumed>) = 0 [pid 10323] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10306] <... futex resumed>) = 0 [pid 10329] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10328] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10324] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10323] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10309] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10306] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10329] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10328] <... set_robust_list resumed>) = 0 [pid 10324] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10323] <... mprotect resumed>) = 0 [pid 10309] <... write resumed>) = 16 [pid 10306] <... futex resumed>) = 0 [pid 10329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10328] rt_sigprocmask(SIG_SETMASK, [], [pid 10324] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10323] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10309] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10323] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10309] <... futex resumed>) = 0 [pid 10306] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10306] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10329] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10306] <... mprotect resumed>) = 0 [pid 10329] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10306] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10329] <... mprotect resumed>) = 0 [pid 10306] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10329] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10329] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10306] <... clone3 resumed> => {parent_tid=[10330]}, 88) = 10330 [pid 10306] rt_sigprocmask(SIG_SETMASK, [], [pid 10329] <... clone3 resumed> => {parent_tid=[10331]}, 88) = 10331 [pid 10306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10329] rt_sigprocmask(SIG_SETMASK, [], [pid 10306] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10309] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10306] <... futex resumed>) = 0 [pid 10324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10328] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10329] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10324] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10306] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10329] <... futex resumed>) = 0 [pid 10328] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10324] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10323] <... clone3 resumed> => {parent_tid=[10332]}, 88) = 10332 [pid 10329] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10328] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10324] <... mprotect resumed>) = 0 [pid 10323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10324] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10323] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10328] <... futex resumed>) = 1 [pid 10327] <... futex resumed>) = 0 [pid 10328] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10327] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10324] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10323] <... futex resumed>) = 0 [pid 10328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10327] <... futex resumed>) = 0 [pid 10324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10323] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10328] memfd_create("syzkaller", 0 [pid 10327] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10328] <... memfd_create resumed>) = 3 [pid 10328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10324] <... clone3 resumed> => {parent_tid=[10333]}, 88) = 10333 [pid 10328] <... mmap resumed>) = 0x7fe453fca000 [pid 10324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 10331 attached [pid 10324] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10331] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10324] <... futex resumed>) = 0 [pid 10331] <... set_robust_list resumed>) = 0 [pid 10324] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 10330 attached [pid 10331] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10330] set_robust_list(0x7fe45c3c99a0, 24 [pid 10331] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10330] <... set_robust_list resumed>) = 0 [pid 10331] <... futex resumed>) = 1 [pid 10330] rt_sigprocmask(SIG_SETMASK, [], [pid 10329] <... futex resumed>) = 0 [pid 10331] memfd_create("syzkaller", 0 [pid 10330] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10329] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10331] <... memfd_create resumed>) = 3 [pid 10330] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10329] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10332 attached [pid 10331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10330] <... write resumed>) = 16 [pid 10329] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10332] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10331] <... mmap resumed>) = 0x7fe453fca000 [pid 10330] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10332] <... set_robust_list resumed>) = 0 [pid 10330] <... futex resumed>) = 1 [pid 10328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10306] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10333 attached [pid 10332] rt_sigprocmask(SIG_SETMASK, [], [pid 10330] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10306] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10309] <... futex resumed>) = 0 [pid 10306] <... futex resumed>) = 1 [pid 10333] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10332] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10309] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10306] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10333] <... set_robust_list resumed>) = 0 [pid 10332] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10309] <... mmap resumed>) = 0x20000000 [pid 10333] rt_sigprocmask(SIG_SETMASK, [], [pid 10332] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10309] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10333] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10332] <... futex resumed>) = 1 [pid 10331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10328] <... write resumed>) = 1048576 [pid 10323] <... futex resumed>) = 0 [pid 10309] <... futex resumed>) = 1 [pid 10306] <... futex resumed>) = 0 [pid 10333] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10332] memfd_create("syzkaller", 0 [pid 10331] <... write resumed>) = 1048576 [pid 10328] munmap(0x7fe453fca000, 138412032 [pid 10323] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10309] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10306] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10333] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10328] <... munmap resumed>) = 0 [pid 10333] <... futex resumed>) = 1 [pid 10328] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10324] <... futex resumed>) = 0 [pid 10333] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10328] <... openat resumed>) = 4 [pid 10324] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10328] ioctl(4, LOOP_SET_FD, 3 [pid 10324] <... futex resumed>) = 0 [pid 10333] memfd_create("syzkaller", 0 [pid 10332] <... memfd_create resumed>) = 3 [pid 10324] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10323] <... futex resumed>) = 0 [pid 10309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10306] <... futex resumed>) = 0 [pid 10333] <... memfd_create resumed>) = 3 [pid 10323] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10331] munmap(0x7fe453fca000, 138412032) = 0 [pid 10331] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10331] ioctl(4, LOOP_SET_FD, 3 [pid 10333] <... write resumed>) = 1048576 [pid 10332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10306] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10331] <... ioctl resumed>) = 0 [pid 10331] close(3) = 0 [pid 10331] close(4 [pid 10332] <... mmap resumed>) = 0x7fe453fca000 [pid 10328] <... ioctl resumed>) = 0 [pid 10328] close(3) = 0 [pid 10328] close(4) = 0 [pid 10328] mkdir("./file0", 0777) = 0 [pid 10328] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10333] munmap(0x7fe453fca000, 138412032) = 0 [pid 10333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10333] close(3) = 0 [pid 10333] close(4 [pid 10309] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10309] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10309] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10309] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10306] <... futex resumed>) = 0 [pid 10306] exit_group(0) = ? [pid 10330] <... futex resumed>) = ? [pid 10330] +++ exited with 0 +++ [pid 10309] <... futex resumed>) = ? [pid 10309] +++ exited with 0 +++ [pid 10306] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10306, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./400", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./400", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./400/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./400/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./400/binderfs") = 0 [pid 298] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10332] <... write resumed>) = 1048576 [pid 10332] munmap(0x7fe453fca000, 138412032 [pid 10328] <... mount resumed>) = 0 [pid 10328] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10328] chdir("./file0") = 0 [pid 10328] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10328] ioctl(4, LOOP_CLR_FD) = 0 [pid 10328] close(4) = 0 [pid 10328] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10327] <... futex resumed>) = 0 [pid 10328] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10327] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10327] <... futex resumed>) = 0 [pid 10328] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10327] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10332] <... munmap resumed>) = 0 [pid 10332] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10328] <... openat resumed>) = 4 [pid 10328] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10332] <... openat resumed>) = 4 [pid 10328] <... futex resumed>) = 1 [pid 10327] <... futex resumed>) = 0 [pid 10332] ioctl(4, LOOP_SET_FD, 3 [pid 10328] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10327] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10327] <... futex resumed>) = 0 [pid 10328] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [ 143.825845][T10328] loop2: detected capacity change from 0 to 2048 [ 143.840363][T10309] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 143.851723][T10331] loop1: detected capacity change from 0 to 2048 [ 143.866064][T10333] loop0: detected capacity change from 0 to 2048 [pid 10327] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10328] <... write resumed>) = 16 [pid 10328] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10328] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10327] <... futex resumed>) = 0 [pid 10327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10327] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10327] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10336]}, 88) = 10336 [pid 10327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10327] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10327] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10336 attached [pid 10336] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10336] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10336] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10327] <... futex resumed>) = 0 [pid 10332] <... ioctl resumed>) = 0 [pid 10331] <... close resumed>) = 0 [pid 10327] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10332] close(3 [pid 10331] mkdir("./file0", 0777 [pid 10328] <... futex resumed>) = 0 [pid 10327] <... futex resumed>) = 1 [pid 10332] <... close resumed>) = 0 [pid 10328] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10327] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10332] close(4 [pid 10331] <... mkdir resumed>) = 0 [pid 10328] <... mmap resumed>) = 0x20000000 [pid 10331] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10328] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10336] <... futex resumed>) = 1 [pid 10336] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10328] <... futex resumed>) = 1 [pid 10328] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10327] <... futex resumed>) = 0 [pid 10327] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10328] <... futex resumed>) = 0 [pid 10327] <... futex resumed>) = 1 [pid 10327] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10333] <... close resumed>) = 0 [pid 10333] mkdir("./file0", 0777) = 0 [pid 10333] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10328] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10328] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10327] <... futex resumed>) = 0 [pid 10327] exit_group(0 [pid 10336] <... futex resumed>) = ? [pid 10327] <... exit_group resumed>) = ? [pid 10336] +++ exited with 0 +++ [pid 10328] <... futex resumed>) = ? [pid 10328] +++ exited with 0 +++ [pid 10327] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10327, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 297] umount2("./400", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./400", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... umount2 resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10332] <... close resumed>) = 0 [pid 297] umount2("./400/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10332] mkdir("./file0", 0777 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10332] <... mkdir resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./400/binderfs", [pid 298] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10332] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] newfstatat(AT_FDCWD, "./400/file0", [pid 297] unlink("./400/binderfs") = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./400/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 10331] <... mount resumed>) = 0 [pid 10331] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] rmdir("./400/file0") = 0 [pid 298] getdents64(3, [pid 10333] <... mount resumed>) = 0 [pid 10331] <... openat resumed>) = 3 [pid 10331] chdir("./file0" [pid 10333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10331] <... chdir resumed>) = 0 [pid 10331] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10333] <... openat resumed>) = 3 [pid 10333] chdir("./file0" [pid 10331] <... openat resumed>) = 4 [pid 10333] <... chdir resumed>) = 0 [pid 10331] ioctl(4, LOOP_CLR_FD [pid 10333] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10331] <... ioctl resumed>) = 0 [pid 10331] close(4 [pid 10333] <... openat resumed>) = 4 [pid 10331] <... close resumed>) = 0 [pid 10333] ioctl(4, LOOP_CLR_FD [pid 10331] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10333] <... ioctl resumed>) = 0 [pid 10331] <... futex resumed>) = 1 [pid 10329] <... futex resumed>) = 0 [pid 10333] close(4 [pid 10331] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10329] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10333] <... close resumed>) = 0 [pid 10331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10329] <... futex resumed>) = 0 [pid 10333] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10331] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10329] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10333] <... futex resumed>) = 1 [pid 10324] <... futex resumed>) = 0 [pid 10333] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10324] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10333] <... openat resumed>) = 4 [pid 10331] <... openat resumed>) = 4 [pid 10324] <... futex resumed>) = 0 [pid 10333] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10324] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10333] <... futex resumed>) = 0 [pid 10324] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10333] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10324] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10333] <... write resumed>) = 16 [pid 10324] <... futex resumed>) = 0 [pid 10333] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10324] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10333] <... futex resumed>) = 0 [pid 10324] <... futex resumed>) = 0 [pid 10333] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10324] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 297] <... umount2 resumed>) = 0 [pid 10331] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10324] <... mprotect resumed>) = 0 [pid 298] close(3 [pid 297] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10331] <... futex resumed>) = 1 [pid 10329] <... futex resumed>) = 0 [pid 10324] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] <... close resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10331] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10329] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10324] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] rmdir("./400" [pid 297] newfstatat(AT_FDCWD, "./400/file0", [pid 10331] <... write resumed>) = 16 [pid 10329] <... futex resumed>) = 0 [pid 10324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 298] <... rmdir resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 10341 attached [pid 10331] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10329] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] mkdir("./401", 0777 [pid 297] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10341] set_robust_list(0x7fe45c3c99a0, 24 [pid 10331] <... futex resumed>) = 0 [pid 10329] <... futex resumed>) = 0 [pid 10324] <... clone3 resumed> => {parent_tid=[10341]}, 88) = 10341 [pid 10341] <... set_robust_list resumed>) = 0 [pid 10331] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10324] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10341] rt_sigprocmask(SIG_SETMASK, [], [pid 10329] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] openat(AT_FDCWD, "./400/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10341] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10329] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10324] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10341] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10329] <... mprotect resumed>) = 0 [pid 297] <... openat resumed>) = 4 [pid 10324] <... futex resumed>) = 0 [pid 10329] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10324] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] newfstatat(4, "", [pid 10341] <... write resumed>) = 16 [pid 10329] <... rt_sigprocmask resumed>[], 8) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10341] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10341] <... futex resumed>) = 1 [pid 10324] <... futex resumed>) = 0 [pid 297] getdents64(4, [pid 10329] <... clone3 resumed> => {parent_tid=[10342]}, 88) = 10342 [pid 10324] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10329] rt_sigprocmask(SIG_SETMASK, [], [pid 10341] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10333] <... futex resumed>) = 0 [pid 10329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10324] <... futex resumed>) = 1 [pid 298] <... mkdir resumed>) = 0 [pid 297] getdents64(4, [pid 10333] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10329] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10324] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10333] <... mmap resumed>) = 0x20000000 [pid 10329] <... futex resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] close(4 [pid 10333] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10329] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10333] <... futex resumed>) = 1 [pid 10324] <... futex resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 297] <... close resumed>) = 0 [pid 10333] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10324] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] rmdir("./400/file0" [pid 10333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10324] <... futex resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 143.891268][T10332] loop4: detected capacity change from 0 to 2048 [ 143.900925][T10328] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set ./strace-static-x86_64: Process 10342 attached [pid 10324] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... rmdir resumed>) = 0 [pid 298] close(3 [pid 297] getdents64(3, [pid 298] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] close(3) = 0 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10343 [pid 297] rmdir("./400") = 0 [pid 297] mkdir("./401", 0777 [pid 10342] set_robust_list(0x7fe45c3c99a0, 24 [pid 10333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10342] <... set_robust_list resumed>) = 0 [pid 10342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10342] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 297] <... openat resumed>) = 3 [pid 10342] <... write resumed>) = 16 [pid 297] ioctl(3, LOOP_CLR_FD [pid 10333] sendfile(-1, -1, [0] [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10333] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10342] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10329] <... futex resumed>) = 0 [pid 10329] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10331] <... futex resumed>) = 0 [pid 10329] <... futex resumed>) = 1 [pid 10331] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10329] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10331] <... mmap resumed>) = 0x20000000 [pid 10331] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10329] <... futex resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10344 [pid 10331] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10329] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10329] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10344 attached ./strace-static-x86_64: Process 10343 attached [pid 10342] <... futex resumed>) = 1 [pid 10333] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10344] set_robust_list(0x5555557b6760, 24 [pid 10343] set_robust_list(0x5555557b6760, 24 [pid 10333] <... futex resumed>) = 1 [pid 10324] <... futex resumed>) = 0 [pid 10344] <... set_robust_list resumed>) = 0 [pid 10343] <... set_robust_list resumed>) = 0 [pid 10333] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10324] exit_group(0 [pid 10344] chdir("./401" [pid 10343] chdir("./401" [pid 10341] <... futex resumed>) = ? [pid 10333] <... futex resumed>) = ? [pid 10324] <... exit_group resumed>) = ? [pid 10344] <... chdir resumed>) = 0 [pid 10343] <... chdir resumed>) = 0 [pid 10341] +++ exited with 0 +++ [pid 10333] +++ exited with 0 +++ [pid 10324] +++ exited with 0 +++ [pid 10344] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10343] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10329] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10324, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10344] <... prctl resumed>) = 0 [pid 10343] <... prctl resumed>) = 0 [pid 10344] setpgid(0, 0 [pid 10343] setpgid(0, 0 [pid 10344] <... setpgid resumed>) = 0 [pid 10343] <... setpgid resumed>) = 0 [pid 10344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10344] <... openat resumed>) = 3 [pid 10343] <... openat resumed>) = 3 [pid 10344] write(3, "1000", 4 [pid 10343] write(3, "1000", 4 [pid 10344] <... write resumed>) = 4 [pid 10343] <... write resumed>) = 4 [pid 10342] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] umount2("./399", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10344] close(3 [pid 10343] close(3 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10344] <... close resumed>) = 0 [pid 10343] <... close resumed>) = 0 [pid 295] openat(AT_FDCWD, "./399", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10344] symlink("/dev/binderfs", "./binderfs" [pid 10343] symlink("/dev/binderfs", "./binderfs" [pid 295] <... openat resumed>) = 3 [pid 10344] <... symlink resumed>) = 0 [pid 10343] <... symlink resumed>) = 0 [pid 295] newfstatat(3, "", [pid 10344] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10343] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10344] <... futex resumed>) = 0 [pid 10343] <... futex resumed>) = 0 [pid 295] getdents64(3, [pid 10344] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10343] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10331] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10344] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10343] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10331] sendfile(-1, -1, [0] [pid 295] umount2("./399/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10344] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10343] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10331] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 295] newfstatat(AT_FDCWD, "./399/binderfs", [pid 10344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10331] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10344] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10343] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10331] <... futex resumed>) = 1 [pid 10329] <... futex resumed>) = 0 [pid 295] unlink("./399/binderfs" [pid 10344] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10343] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10331] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10329] exit_group(0 [pid 10331] <... futex resumed>) = ? [pid 10329] <... exit_group resumed>) = ? [pid 295] <... unlink resumed>) = 0 [pid 10344] <... mprotect resumed>) = 0 [pid 10343] <... mprotect resumed>) = 0 [pid 10331] +++ exited with 0 +++ [pid 10343] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10344] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10343] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10344] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10347]}, 88) = 10347 [pid 10342] <... futex resumed>) = ? [pid 10344] rt_sigprocmask(SIG_SETMASK, [], [pid 10343] <... clone3 resumed> => {parent_tid=[10348]}, 88) = 10348 [pid 10344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10342] +++ exited with 0 +++ [pid 10329] +++ exited with 0 +++ [pid 10343] rt_sigprocmask(SIG_SETMASK, [], [pid 10344] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10329, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 10344] <... futex resumed>) = 0 [pid 10343] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10344] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10343] <... futex resumed>) = 0 [pid 10343] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] umount2("./401", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10347 attached ./strace-static-x86_64: Process 10348 attached [pid 10332] <... mount resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10332] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./401", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10332] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 10332] chdir("./file0" [pid 296] newfstatat(3, "", [pid 10332] <... chdir resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10332] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] getdents64(3, [pid 10348] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10347] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10332] <... openat resumed>) = 4 [pid 10332] ioctl(4, LOOP_CLR_FD [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10332] <... ioctl resumed>) = 0 [pid 296] umount2("./401/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10332] close(4 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10332] <... close resumed>) = 0 [pid 10348] <... set_robust_list resumed>) = 0 [pid 10347] <... set_robust_list resumed>) = 0 [pid 10348] rt_sigprocmask(SIG_SETMASK, [], [pid 10347] rt_sigprocmask(SIG_SETMASK, [], [pid 10348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10347] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10348] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10347] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10348] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10347] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10348] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10347] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10348] <... futex resumed>) = 1 [pid 10347] <... futex resumed>) = 1 [pid 10348] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10347] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] newfstatat(AT_FDCWD, "./401/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./401/binderfs") = 0 [pid 296] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10344] <... futex resumed>) = 0 [pid 10343] <... futex resumed>) = 0 [pid 10332] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10344] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10343] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10348] <... futex resumed>) = 0 [pid 10347] <... futex resumed>) = 0 [pid 10344] <... futex resumed>) = 1 [pid 10343] <... futex resumed>) = 1 [pid 10332] <... futex resumed>) = 1 [pid 10323] <... futex resumed>) = 0 [pid 10348] memfd_create("syzkaller", 0 [pid 10347] memfd_create("syzkaller", 0 [pid 10344] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10343] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10332] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10323] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10348] <... memfd_create resumed>) = 3 [pid 10347] <... memfd_create resumed>) = 3 [pid 10332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10323] <... futex resumed>) = 0 [pid 10348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 143.940988][T10333] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 143.964562][T10331] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10332] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10323] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10348] <... mmap resumed>) = 0x7fe453fca000 [pid 10347] <... mmap resumed>) = 0x7fe453fca000 [pid 10332] <... openat resumed>) = 4 [pid 10348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10332] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10323] <... futex resumed>) = 0 [pid 10332] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10323] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10323] <... futex resumed>) = 0 [pid 10332] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10323] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10332] <... write resumed>) = 16 [pid 10323] <... futex resumed>) = 0 [pid 10332] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10332] <... futex resumed>) = 0 [pid 10323] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10332] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10323] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10323] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10348] <... write resumed>) = 1048576 [pid 10347] <... write resumed>) = 1048576 [pid 10323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10348] munmap(0x7fe453fca000, 138412032./strace-static-x86_64: Process 10349 attached [pid 10347] munmap(0x7fe453fca000, 138412032 [pid 10323] <... clone3 resumed> => {parent_tid=[10349]}, 88) = 10349 [pid 10349] set_robust_list(0x7fe45c3c99a0, 24 [pid 10348] <... munmap resumed>) = 0 [pid 10323] rt_sigprocmask(SIG_SETMASK, [], [pid 10349] <... set_robust_list resumed>) = 0 [pid 10348] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10349] rt_sigprocmask(SIG_SETMASK, [], [pid 10348] <... openat resumed>) = 4 [pid 10323] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10348] ioctl(4, LOOP_SET_FD, 3 [pid 10323] <... futex resumed>) = 0 [pid 10347] <... munmap resumed>) = 0 [pid 10347] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10347] ioctl(4, LOOP_SET_FD, 3 [pid 10349] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10348] <... ioctl resumed>) = 0 [pid 10323] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 10349] <... write resumed>) = 16 [pid 10348] close(3 [pid 296] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10349] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10348] <... close resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10349] <... futex resumed>) = 1 [pid 10348] close(4 [pid 10323] <... futex resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./401/file0", [pid 295] newfstatat(AT_FDCWD, "./399/file0", [pid 10349] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10323] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10332] <... futex resumed>) = 0 [pid 10323] <... futex resumed>) = 1 [pid 296] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10332] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10323] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10332] <... mmap resumed>) = 0x20000000 [pid 296] openat(AT_FDCWD, "./401/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] openat(AT_FDCWD, "./399/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10332] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... openat resumed>) = 4 [pid 295] <... openat resumed>) = 4 [pid 10332] <... futex resumed>) = 1 [pid 10323] <... futex resumed>) = 0 [pid 296] newfstatat(4, "", [pid 295] newfstatat(4, "", [pid 10332] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10323] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10323] <... futex resumed>) = 0 [pid 296] getdents64(4, [pid 295] getdents64(4, [pid 10347] <... ioctl resumed>) = 0 [pid 10347] close(3) = 0 [pid 10347] close(4 [pid 10323] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./401/file0") = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./401") = 0 [pid 296] mkdir("./402", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10350 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./399/file0") = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./399") = 0 [pid 295] mkdir("./400", 0777./strace-static-x86_64: Process 10350 attached [pid 10350] set_robust_list(0x5555557b6760, 24 [pid 295] <... mkdir resumed>) = 0 [pid 10350] <... set_robust_list resumed>) = 0 [pid 10350] chdir("./402" [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10350] <... chdir resumed>) = 0 [pid 10332] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10350] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10332] sendfile(-1, -1, [0] [pid 295] <... openat resumed>) = 3 [pid 10350] <... prctl resumed>) = 0 [pid 10332] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10350] setpgid(0, 0 [pid 10332] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10350] <... setpgid resumed>) = 0 [pid 10332] <... futex resumed>) = 1 [pid 10323] <... futex resumed>) = 0 [pid 295] ioctl(3, LOOP_CLR_FD [pid 10350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10332] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10323] exit_group(0 [pid 10350] <... openat resumed>) = 3 [pid 10349] <... futex resumed>) = ? [pid 10332] <... futex resumed>) = ? [pid 10323] <... exit_group resumed>) = ? [pid 10350] write(3, "1000", 4 [pid 10349] +++ exited with 0 +++ [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10350] <... write resumed>) = 4 [pid 10332] +++ exited with 0 +++ [pid 10323] +++ exited with 0 +++ [pid 295] close(3 [pid 10350] close(3) = 0 [pid 10350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10323, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] <... close resumed>) = 0 [pid 10350] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10350] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10350] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10350] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10350] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10351]}, 88) = 10351 [pid 10350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10350] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10350] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10351 attached [pid 10351] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10352 [pid 10351] rt_sigprocmask(SIG_SETMASK, [], [pid 299] umount2("./396", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10351] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 299] openat(AT_FDCWD, "./396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10351] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 299] <... openat resumed>) = 3 [pid 10351] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(3, "", [pid 10350] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10350] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] getdents64(3, [pid 10350] <... futex resumed>) = 0 [pid 10350] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10351] <... futex resumed>) = 1 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./396/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./396/binderfs", [pid 10351] memfd_create("syzkaller", 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./396/binderfs" [pid 10351] <... memfd_create resumed>) = 3 [pid 10351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 299] <... unlink resumed>) = 0 [pid 299] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10352 attached [pid 10352] set_robust_list(0x5555557b6760, 24) = 0 [pid 10352] chdir("./400") = 0 [pid 10352] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10348] <... close resumed>) = 0 [pid 10348] mkdir("./file0", 0777 [pid 10347] <... close resumed>) = 0 [pid 10352] <... prctl resumed>) = 0 [pid 10348] <... mkdir resumed>) = 0 [pid 10347] mkdir("./file0", 0777 [pid 10348] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10347] <... mkdir resumed>) = 0 [pid 10347] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10352] setpgid(0, 0) = 0 [pid 10352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10352] write(3, "1000", 4) = 4 [pid 10352] close(3) = 0 [pid 10352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10352] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10352] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10352] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10352] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10352] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10352] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10352] <... clone3 resumed> => {parent_tid=[10353]}, 88) = 10353 ./strace-static-x86_64: Process 10353 attached [pid 10353] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10352] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10352] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10353] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10353] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10352] <... futex resumed>) = 0 [pid 10352] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10352] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10353] memfd_create("syzkaller", 0) = 3 [pid 10353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10351] <... write resumed>) = 1048576 [pid 10351] munmap(0x7fe453fca000, 138412032) = 0 [pid 10351] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10347] <... mount resumed>) = 0 [pid 10351] <... openat resumed>) = 4 [pid 10351] ioctl(4, LOOP_SET_FD, 3 [pid 10347] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10347] chdir("./file0") = 0 [ 144.045881][T10348] loop3: detected capacity change from 0 to 2048 [ 144.047443][T10347] loop2: detected capacity change from 0 to 2048 [ 144.063433][T10332] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10347] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10347] ioctl(4, LOOP_CLR_FD) = 0 [pid 10347] close(4) = 0 [pid 10347] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10344] <... futex resumed>) = 0 [pid 10347] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10344] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10344] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10347] <... openat resumed>) = 4 [pid 10347] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10344] <... futex resumed>) = 0 [pid 10344] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10344] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10347] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10344] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10347] <... write resumed>) = 16 [pid 10344] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 299] <... umount2 resumed>) = 0 [pid 10347] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10344] <... mprotect resumed>) = 0 [pid 10347] <... futex resumed>) = 0 [pid 10344] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10347] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10344] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 299] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10344] <... clone3 resumed> => {parent_tid=[10356]}, 88) = 10356 [pid 10344] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10344] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(AT_FDCWD, "./396/file0", [pid 10344] <... futex resumed>) = 0 [pid 10344] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./396/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", [pid 10351] <... ioctl resumed>) = 0 [pid 10353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10351] close(3) = 0 [pid 10351] close(4 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./396/file0") = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./396") = 0 [pid 299] mkdir("./397", 0777./strace-static-x86_64: Process 10356 attached ) = 0 [pid 10356] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10356] rt_sigprocmask(SIG_SETMASK, [], [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 10356] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10353] <... write resumed>) = 1048576 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10356] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10356] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] close(3 [pid 10353] munmap(0x7fe453fca000, 138412032 [pid 10356] <... futex resumed>) = 1 [pid 10344] <... futex resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 10356] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10344] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10347] <... futex resumed>) = 0 [pid 10344] <... futex resumed>) = 1 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10347] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10344] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10347] <... mmap resumed>) = 0x20000000 [pid 10347] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10344] <... futex resumed>) = 0 [pid 10347] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10344] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10357 [pid 10347] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10344] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10357 attached [pid 10344] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10357] set_robust_list(0x5555557b6760, 24) = 0 [pid 10357] chdir("./397") = 0 [pid 10357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10357] setpgid(0, 0) = 0 [pid 10357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10357] write(3, "1000", 4) = 4 [pid 10357] close(3) = 0 [pid 10357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10357] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10353] <... munmap resumed>) = 0 [pid 10353] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10357] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10351] <... close resumed>) = 0 [pid 10347] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10347] sendfile(-1, -1, [0] [pid 10357] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10347] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10357] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10353] <... openat resumed>) = 4 [pid 10351] mkdir("./file0", 0777 [pid 10357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10357] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10347] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10357] <... mprotect resumed>) = 0 [pid 10344] <... futex resumed>) = 0 [pid 10344] exit_group(0 [pid 10356] <... futex resumed>) = ? [pid 10344] <... exit_group resumed>) = ? [pid 10356] +++ exited with 0 +++ [pid 10353] ioctl(4, LOOP_SET_FD, 3 [pid 10351] <... mkdir resumed>) = 0 [pid 10347] <... futex resumed>) = ? [pid 10357] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10347] +++ exited with 0 +++ [pid 10344] +++ exited with 0 +++ [pid 10357] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10359]}, 88) = 10359 [pid 10357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10357] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10357] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10359 attached [pid 10359] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10359] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10359] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10357] <... futex resumed>) = 0 [pid 10357] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10357] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10359] <... futex resumed>) = 1 [pid 10359] memfd_create("syzkaller", 0) = 3 [pid 10359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10351] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10344, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 10353] <... ioctl resumed>) = 0 [pid 297] umount2("./401", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./401", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10353] close(3 [pid 297] <... openat resumed>) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, [pid 10353] <... close resumed>) = 0 [pid 10353] close(4 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./401/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10348] <... mount resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./401/binderfs", [pid 10348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./401/binderfs" [pid 10348] <... openat resumed>) = 3 [pid 297] <... unlink resumed>) = 0 [pid 297] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10348] chdir("./file0") = 0 [pid 10348] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10348] ioctl(4, LOOP_CLR_FD) = 0 [pid 10348] close(4) = 0 [pid 10348] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10343] <... futex resumed>) = 0 [pid 10343] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10348] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10343] <... futex resumed>) = 0 [pid 10343] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10348] <... openat resumed>) = 4 [pid 10348] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10343] <... futex resumed>) = 0 [pid 10348] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10343] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10348] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10343] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10348] <... write resumed>) = 16 [pid 10343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10348] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10343] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10343] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10348] <... futex resumed>) = 0 [pid 10348] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10343] <... mprotect resumed>) = 0 [pid 10343] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10361]}, 88) = 10361 [pid 10343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10343] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10343] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10361 attached [pid 10361] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10361] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10359] <... write resumed>) = 1048576 [pid 10359] munmap(0x7fe453fca000, 138412032 [pid 10361] <... write resumed>) = 16 [pid 10361] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10343] <... futex resumed>) = 0 [pid 10361] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10343] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10359] <... munmap resumed>) = 0 [pid 10348] <... futex resumed>) = 0 [pid 10343] <... futex resumed>) = 1 [pid 10359] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10348] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10343] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10359] <... openat resumed>) = 4 [ 144.107244][T10351] loop1: detected capacity change from 0 to 2048 [ 144.125568][T10347] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 144.143108][T10353] loop0: detected capacity change from 0 to 2048 [pid 10359] ioctl(4, LOOP_SET_FD, 3 [pid 10348] <... mmap resumed>) = 0x20000000 [pid 10348] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10343] <... futex resumed>) = 0 [pid 10359] <... ioctl resumed>) = 0 [pid 10343] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10359] close(3 [pid 10353] <... close resumed>) = 0 [pid 10353] mkdir("./file0", 0777) = 0 [pid 10353] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10359] <... close resumed>) = 0 [pid 10359] close(4 [pid 10343] <... futex resumed>) = 0 [pid 10343] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./401/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./401/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./401/file0") = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./401") = 0 [pid 297] mkdir("./402", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10362 [pid 10348] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10348] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10348] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10343] <... futex resumed>) = 0 [pid 10343] exit_group(0 [pid 10361] <... futex resumed>) = ? [pid 10343] <... exit_group resumed>) = ? [pid 10361] +++ exited with 0 +++ [pid 10348] <... futex resumed>) = ? ./strace-static-x86_64: Process 10362 attached [pid 10362] set_robust_list(0x5555557b6760, 24 [pid 10359] <... close resumed>) = 0 [pid 10359] mkdir("./file0", 0777 [pid 10362] <... set_robust_list resumed>) = 0 [pid 10348] +++ exited with 0 +++ [pid 10343] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10343, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 10362] chdir("./402") = 0 [pid 10359] <... mkdir resumed>) = 0 [pid 10362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 298] <... restart_syscall resumed>) = 0 [pid 10362] setpgid(0, 0 [pid 298] umount2("./401", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10362] <... setpgid resumed>) = 0 [pid 10362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10359] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] openat(AT_FDCWD, "./401", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, [pid 10362] <... openat resumed>) = 3 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./401/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./401/binderfs", [pid 10362] write(3, "1000", 4 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./401/binderfs" [pid 10362] <... write resumed>) = 4 [pid 10362] close(3) = 0 [pid 10362] symlink("/dev/binderfs", "./binderfs" [pid 298] <... unlink resumed>) = 0 [pid 298] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10362] <... symlink resumed>) = 0 [pid 10362] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10353] <... mount resumed>) = 0 [pid 10362] <... futex resumed>) = 0 [pid 10353] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10351] <... mount resumed>) = 0 [pid 10362] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10353] <... openat resumed>) = 3 [pid 10351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10362] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10353] chdir("./file0" [pid 10351] <... openat resumed>) = 3 [pid 10362] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10353] <... chdir resumed>) = 0 [pid 10351] chdir("./file0" [pid 10362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10353] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10351] <... chdir resumed>) = 0 [pid 10362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10353] <... openat resumed>) = 4 [pid 10362] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10351] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10362] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10353] ioctl(4, LOOP_CLR_FD [pid 10351] <... openat resumed>) = 4 [pid 10362] <... mprotect resumed>) = 0 [pid 10353] <... ioctl resumed>) = 0 [pid 10351] ioctl(4, LOOP_CLR_FD [pid 10362] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10353] close(4 [pid 10351] <... ioctl resumed>) = 0 [pid 10362] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10353] <... close resumed>) = 0 [pid 10351] close(4 [pid 10362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10353] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10351] <... close resumed>) = 0 ./strace-static-x86_64: Process 10367 attached [pid 10353] <... futex resumed>) = 1 [pid 10351] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10362] <... clone3 resumed> => {parent_tid=[10367]}, 88) = 10367 [pid 10353] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10351] <... futex resumed>) = 1 [pid 10362] rt_sigprocmask(SIG_SETMASK, [], [pid 10351] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10350] <... futex resumed>) = 0 [pid 10362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10350] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10362] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10352] <... futex resumed>) = 0 [pid 10351] <... futex resumed>) = 0 [pid 10350] <... futex resumed>) = 1 [pid 10362] <... futex resumed>) = 0 [pid 10351] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10350] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10362] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10352] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10353] <... futex resumed>) = 0 [pid 10352] <... futex resumed>) = 1 [pid 10353] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10352] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10351] <... openat resumed>) = 4 [pid 10351] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10350] <... futex resumed>) = 0 [pid 10351] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10350] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10353] <... openat resumed>) = 4 [pid 10351] <... write resumed>) = 16 [pid 10350] <... futex resumed>) = 0 [pid 10351] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10350] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10353] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10351] <... futex resumed>) = 0 [pid 10350] <... futex resumed>) = 0 [pid 10351] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10350] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10353] <... futex resumed>) = 1 [pid 10352] <... futex resumed>) = 0 [pid 10351] <... write resumed>) = 16 [pid 10353] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10352] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10351] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10353] <... write resumed>) = 16 [pid 10352] <... futex resumed>) = 0 [pid 10351] <... futex resumed>) = 1 [pid 10350] <... futex resumed>) = 0 [pid 10353] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10352] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10351] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10350] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10353] <... futex resumed>) = 0 [pid 10352] <... futex resumed>) = 0 [pid 10351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10350] <... futex resumed>) = 0 [pid 10353] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10351] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10350] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10367] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10352] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10351] <... mmap resumed>) = 0x20000000 [pid 10352] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10351] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10352] <... mprotect resumed>) = 0 [pid 10352] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10351] <... futex resumed>) = 1 [pid 10350] <... futex resumed>) = 0 [pid 10352] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10351] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10350] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [ 144.163973][T10359] loop4: detected capacity change from 0 to 2048 [ 144.164267][T10348] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10352] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10350] <... futex resumed>) = 0 [pid 10352] <... clone3 resumed> => {parent_tid=[10368]}, 88) = 10368 [pid 10350] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10352] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10352] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10367] <... set_robust_list resumed>) = 0 [pid 10367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10367] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10367] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10362] <... futex resumed>) = 0 [pid 10362] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10362] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10367] <... futex resumed>) = 1 [pid 10367] memfd_create("syzkaller", 0) = 3 [pid 10367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 ./strace-static-x86_64: Process 10368 attached [pid 10368] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10368] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10368] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10352] <... futex resumed>) = 0 [pid 10352] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10353] <... futex resumed>) = 0 [pid 10352] <... futex resumed>) = 1 [pid 10353] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10352] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10353] <... mmap resumed>) = 0x20000000 [pid 10353] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10352] <... futex resumed>) = 0 [pid 10353] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10352] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10353] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10352] <... futex resumed>) = 0 [pid 10352] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10368] <... futex resumed>) = 1 [pid 10368] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10351] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10351] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10351] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10351] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10367] <... write resumed>) = 1048576 [pid 10367] munmap(0x7fe453fca000, 138412032) = 0 [pid 10350] <... futex resumed>) = 0 [pid 10350] exit_group(0 [pid 10367] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10350] <... exit_group resumed>) = ? [pid 10351] <... futex resumed>) = ? [pid 10367] <... openat resumed>) = 4 [pid 10367] ioctl(4, LOOP_SET_FD, 3 [pid 10351] +++ exited with 0 +++ [pid 10350] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10350, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./401/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./402", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./401/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10353] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./402", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", [pid 10353] sendfile(-1, -1, [0] [pid 298] getdents64(4, [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] getdents64(3, [pid 298] close(4 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] <... close resumed>) = 0 [pid 296] umount2("./402/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] rmdir("./401/file0" [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... rmdir resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./402/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./402/binderfs") = 0 [pid 298] getdents64(3, [pid 296] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 10367] <... ioctl resumed>) = 0 [pid 10367] close(3) = 0 [pid 10367] close(4 [pid 10353] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10353] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10353] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10359] <... mount resumed>) = 0 [pid 10352] <... futex resumed>) = 0 [pid 298] rmdir("./401" [pid 10359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10352] exit_group(0 [pid 10368] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 10352] <... exit_group resumed>) = ? [pid 10368] +++ exited with 0 +++ [pid 10359] <... openat resumed>) = 3 [pid 10353] <... futex resumed>) = ? [pid 298] <... rmdir resumed>) = 0 [pid 10359] chdir("./file0" [pid 298] mkdir("./402", 0777 [pid 10359] <... chdir resumed>) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 10359] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10359] ioctl(4, LOOP_CLR_FD [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 10359] <... ioctl resumed>) = 0 [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10359] close(4 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10371 [pid 10359] <... close resumed>) = 0 [pid 10359] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10357] <... futex resumed>) = 0 [pid 10359] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10357] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10359] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10357] <... futex resumed>) = 0 [pid 10359] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10357] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10353] +++ exited with 0 +++ [pid 10352] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10352, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 10359] <... openat resumed>) = 4 ./strace-static-x86_64: Process 10371 attached [pid 295] <... restart_syscall resumed>) = 0 [pid 10359] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] umount2("./400", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10371] set_robust_list(0x5555557b6760, 24 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./400", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./400/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10359] <... futex resumed>) = 1 [pid 10357] <... futex resumed>) = 0 [pid 10357] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10357] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10359] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10357] <... mmap resumed>) = 0x7fe45c3a9000 [pid 295] newfstatat(AT_FDCWD, "./400/binderfs", [pid 10359] <... write resumed>) = 16 [pid 10357] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10359] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10357] <... mprotect resumed>) = 0 [pid 10357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10359] <... futex resumed>) = 0 [pid 295] unlink("./400/binderfs") = 0 [pid 10357] <... clone3 resumed> => {parent_tid=[10372]}, 88) = 10372 [pid 10359] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 295] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10357] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10357] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10371] <... set_robust_list resumed>) = 0 [pid 10371] chdir("./402") = 0 [pid 10371] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 10372 attached [pid 10372] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10372] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10371] <... prctl resumed>) = 0 [pid 10371] setpgid(0, 0) = 0 [pid 10371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10372] <... write resumed>) = 16 [pid 10372] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10371] <... openat resumed>) = 3 [pid 10371] write(3, "1000", 4 [pid 10372] <... futex resumed>) = 1 [pid 10357] <... futex resumed>) = 0 [pid 10357] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10359] <... futex resumed>) = 0 [pid 10357] <... futex resumed>) = 1 [pid 10359] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10357] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10372] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10371] <... write resumed>) = 4 [pid 10359] <... mmap resumed>) = 0x20000000 [ 144.216603][T10351] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 144.231566][T10353] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 144.246911][T10367] loop2: detected capacity change from 0 to 2048 [pid 10359] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10359] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10357] <... futex resumed>) = 0 [pid 10357] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10359] <... futex resumed>) = 0 [pid 10357] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10371] close(3) = 0 [pid 10371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10371] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10371] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10371] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10373]}, 88) = 10373 [pid 10371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10371] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10371] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10373 attached [pid 10373] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10373] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10373] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10371] <... futex resumed>) = 0 [pid 10371] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10371] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10373] <... futex resumed>) = 1 [pid 10373] memfd_create("syzkaller", 0) = 3 [pid 10373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10373] munmap(0x7fe453fca000, 138412032) = 0 [pid 10373] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10373] ioctl(4, LOOP_SET_FD, 3 [pid 10359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10373] <... ioctl resumed>) = 0 [pid 10373] close(3) = 0 [pid 10373] close(4 [pid 10359] sendfile(-1, -1, [0] [pid 10367] <... close resumed>) = 0 [pid 10367] mkdir("./file0", 0777 [pid 10359] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10367] <... mkdir resumed>) = 0 [pid 10359] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10367] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10359] <... futex resumed>) = 1 [pid 10357] <... futex resumed>) = 0 [pid 10359] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10357] exit_group(0 [pid 10372] <... futex resumed>) = ? [pid 10359] <... futex resumed>) = ? [pid 10357] <... exit_group resumed>) = ? [pid 10372] +++ exited with 0 +++ [pid 10359] +++ exited with 0 +++ [pid 10357] +++ exited with 0 +++ [pid 296] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./400/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./400/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, [pid 296] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10357, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./402/file0", [pid 295] close(4 [pid 299] umount2("./397", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] openat(AT_FDCWD, "./397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... openat resumed>) = 3 [pid 296] openat(AT_FDCWD, "./402/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] newfstatat(3, "", [pid 296] <... openat resumed>) = 4 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] newfstatat(4, "", [pid 299] getdents64(3, [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] getdents64(4, [pid 295] <... close resumed>) = 0 [pid 299] umount2("./397/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] rmdir("./400/file0" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] getdents64(4, [pid 299] newfstatat(AT_FDCWD, "./397/binderfs", [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] close(4 [pid 299] unlink("./397/binderfs" [pid 296] <... close resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 296] rmdir("./402/file0" [pid 295] <... rmdir resumed>) = 0 [pid 299] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] getdents64(3, [pid 296] <... rmdir resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./400" [pid 296] getdents64(3, [pid 295] <... rmdir resumed>) = 0 [pid 295] mkdir("./401", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10374 [pid 296] close(3) = 0 [pid 296] rmdir("./402"./strace-static-x86_64: Process 10374 attached [pid 10374] set_robust_list(0x5555557b6760, 24) = 0 [pid 10374] chdir("./401" [pid 296] <... rmdir resumed>) = 0 [pid 296] mkdir("./403", 0777 [pid 10374] <... chdir resumed>) = 0 [pid 10374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10374] setpgid(0, 0) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 10374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 10374] <... openat resumed>) = 3 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10374] write(3, "1000", 4) = 4 [pid 10374] close(3) = 0 [pid 10374] symlink("/dev/binderfs", "./binderfs" [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10375 [pid 10374] <... symlink resumed>) = 0 [pid 10374] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10374] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10374] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10374] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 10375 attached => {parent_tid=[10376]}, 88) = 10376 [pid 10374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10374] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10374] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10375] set_robust_list(0x5555557b6760, 24) = 0 [pid 10375] chdir("./403") = 0 [pid 10375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10375] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 10376 attached [pid 10375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10375] write(3, "1000", 4) = 4 [pid 10375] close(3) = 0 [pid 10375] symlink("/dev/binderfs", "./binderfs" [pid 10376] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10376] rt_sigprocmask(SIG_SETMASK, [], [pid 10375] <... symlink resumed>) = 0 [pid 10373] <... close resumed>) = 0 [pid 10373] mkdir("./file0", 0777 [pid 10376] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10373] <... mkdir resumed>) = 0 [pid 10373] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10376] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10375] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10375] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10375] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10375] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10375] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10376] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10375] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10376] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 ./strace-static-x86_64: Process 10377 attached [pid 10376] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10374] <... futex resumed>) = 0 [pid 10375] <... clone3 resumed> => {parent_tid=[10377]}, 88) = 10377 [pid 10375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10375] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10375] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10374] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10377] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10377] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10377] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10375] <... futex resumed>) = 0 [pid 10377] memfd_create("syzkaller", 0 [pid 10375] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10377] <... memfd_create resumed>) = 3 [pid 10375] <... futex resumed>) = 0 [pid 10376] memfd_create("syzkaller", 0 [pid 10374] <... futex resumed>) = 0 [pid 10377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10375] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10377] <... mmap resumed>) = 0x7fe453fca000 [pid 10376] <... memfd_create resumed>) = 3 [pid 10374] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [ 144.285476][T10359] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 144.298874][T10373] loop3: detected capacity change from 0 to 2048 [pid 10377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10377] munmap(0x7fe453fca000, 138412032) = 0 [pid 10377] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10377] ioctl(4, LOOP_SET_FD, 3 [pid 10376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10373] <... mount resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 10376] <... write resumed>) = 1048576 [pid 10373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 299] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10376] munmap(0x7fe453fca000, 138412032 [pid 10373] <... openat resumed>) = 3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10376] <... munmap resumed>) = 0 [pid 10373] chdir("./file0" [pid 299] newfstatat(AT_FDCWD, "./397/file0", [pid 10376] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10373] <... chdir resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10376] <... openat resumed>) = 4 [pid 10373] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 299] umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10376] ioctl(4, LOOP_SET_FD, 3 [pid 10373] <... openat resumed>) = 4 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10377] <... ioctl resumed>) = 0 [pid 10367] <... mount resumed>) = 0 [pid 10377] close(3 [pid 10367] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10377] <... close resumed>) = 0 [pid 10367] <... openat resumed>) = 3 [pid 10377] close(4 [pid 10367] chdir("./file0") = 0 [pid 10367] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10367] ioctl(4, LOOP_CLR_FD) = 0 [pid 10367] close(4) = 0 [pid 10367] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10367] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10373] ioctl(4, LOOP_CLR_FD) = 0 [pid 10373] close(4) = 0 [pid 10373] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10371] <... futex resumed>) = 0 [pid 10373] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10371] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10371] <... futex resumed>) = 0 [pid 10373] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10371] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10373] <... openat resumed>) = 4 [pid 10373] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10371] <... futex resumed>) = 0 [pid 10373] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10371] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10371] <... futex resumed>) = 0 [pid 10373] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10371] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10373] <... write resumed>) = 16 [pid 10371] <... futex resumed>) = 0 [pid 10373] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10373] <... futex resumed>) = 0 [pid 10371] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10373] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10371] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10362] <... futex resumed>) = 0 [pid 10371] <... mprotect resumed>) = 0 [pid 10371] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10362] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10371] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] openat(AT_FDCWD, "./397/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10382]}, 88) = 10382 [pid 10371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10371] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10371] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10382 attached [pid 10376] <... ioctl resumed>) = 0 [pid 10367] <... futex resumed>) = 0 [pid 10362] <... futex resumed>) = 1 [pid 299] <... openat resumed>) = 4 [pid 10367] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10362] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] newfstatat(4, "", [pid 10382] set_robust_list(0x7fe45c3c99a0, 24 [pid 10376] close(3 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, [pid 10382] <... set_robust_list resumed>) = 0 [pid 10382] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10367] <... openat resumed>) = 4 [pid 299] getdents64(4, [pid 10376] <... close resumed>) = 0 [pid 10382] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10382] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10376] close(4 [pid 10382] <... write resumed>) = 16 [pid 10382] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10371] <... futex resumed>) = 0 [pid 10371] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10373] <... futex resumed>) = 0 [pid 10371] <... futex resumed>) = 1 [pid 10373] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10371] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10373] <... mmap resumed>) = 0x20000000 [pid 10373] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10371] <... futex resumed>) = 0 [pid 10373] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10371] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10371] <... futex resumed>) = 0 [pid 10382] <... futex resumed>) = 1 [pid 10367] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10367] <... futex resumed>) = 1 [pid 10362] <... futex resumed>) = 0 [pid 299] close(4 [pid 10367] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10362] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... close resumed>) = 0 [pid 10367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10362] <... futex resumed>) = 0 [pid 299] rmdir("./397/file0" [pid 10367] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10362] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... rmdir resumed>) = 0 [pid 10371] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10367] <... write resumed>) = 16 [pid 10362] <... futex resumed>) = 0 [pid 299] getdents64(3, [pid 10367] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10367] <... futex resumed>) = 0 [pid 10362] <... mmap resumed>) = 0x7fe45c3a9000 [pid 299] close(3 [pid 10367] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10362] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 299] <... close resumed>) = 0 [pid 10362] <... mprotect resumed>) = 0 [pid 299] rmdir("./397" [pid 10382] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10362] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... rmdir resumed>) = 0 [pid 10362] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] mkdir("./398", 0777 [pid 10362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 299] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10362] <... clone3 resumed> => {parent_tid=[10383]}, 88) = 10383 [pid 299] <... openat resumed>) = 3 [pid 10362] rt_sigprocmask(SIG_SETMASK, [], [pid 299] ioctl(3, LOOP_CLR_FD [pid 10362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10362] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] close(3 [pid 10362] <... futex resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 10362] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10384 ./strace-static-x86_64: Process 10384 attached [pid 10384] set_robust_list(0x5555557b6760, 24) = 0 [pid 10384] chdir("./398"./strace-static-x86_64: Process 10383 attached ) = 0 [pid 10383] set_robust_list(0x7fe45c3c99a0, 24 [pid 10373] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10383] <... set_robust_list resumed>) = 0 [pid 10384] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10383] rt_sigprocmask(SIG_SETMASK, [], [pid 10384] <... prctl resumed>) = 0 [pid 10383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10384] setpgid(0, 0) = 0 [pid 10384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10383] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10373] sendfile(-1, -1, [0] [pid 10383] <... write resumed>) = 16 [pid 10373] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10383] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10373] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10362] <... futex resumed>) = 0 [pid 10383] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10362] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10367] <... futex resumed>) = 0 [pid 10362] <... futex resumed>) = 1 [pid 10367] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10362] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10367] <... mmap resumed>) = 0x20000000 [pid 10367] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10362] <... futex resumed>) = 0 [pid 10373] <... futex resumed>) = 1 [pid 10371] <... futex resumed>) = 0 [pid 10367] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10362] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10373] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10371] exit_group(0 [pid 10367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10362] <... futex resumed>) = 0 [ 144.347377][T10377] loop1: detected capacity change from 0 to 2048 [ 144.365260][T10376] loop0: detected capacity change from 0 to 2048 [ 144.377608][T10373] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10382] <... futex resumed>) = ? [pid 10373] <... futex resumed>) = ? [pid 10371] <... exit_group resumed>) = ? [pid 10362] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10382] +++ exited with 0 +++ [pid 10377] <... close resumed>) = 0 [pid 10376] <... close resumed>) = 0 [pid 10377] mkdir("./file0", 0777 [pid 10376] mkdir("./file0", 0777 [pid 10377] <... mkdir resumed>) = 0 [pid 10384] <... openat resumed>) = 3 [pid 10377] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10376] <... mkdir resumed>) = 0 [pid 10384] write(3, "1000", 4 [pid 10376] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10384] <... write resumed>) = 4 [pid 10384] close(3) = 0 [pid 10384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10373] +++ exited with 0 +++ [pid 10371] +++ exited with 0 +++ [pid 10367] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10384] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10367] sendfile(-1, -1, [0] [pid 10384] <... futex resumed>) = 0 [pid 10367] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10371, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 10367] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10362] <... futex resumed>) = 0 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 10384] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10362] exit_group(0) = ? [pid 10384] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10383] <... futex resumed>) = ? [pid 10367] +++ exited with 0 +++ [pid 10384] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10384] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10384] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10383] +++ exited with 0 +++ [pid 10362] +++ exited with 0 +++ [pid 10384] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... restart_syscall resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10362, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 298] umount2("./402", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10385 attached ) = -1 EINVAL (Invalid argument) [pid 10385] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10384] <... clone3 resumed> => {parent_tid=[10385]}, 88) = 10385 [pid 298] openat(AT_FDCWD, "./402", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] umount2("./402", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10385] <... set_robust_list resumed>) = 0 [pid 10384] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... openat resumed>) = 3 [pid 10384] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] newfstatat(3, "", [pid 297] openat(AT_FDCWD, "./402", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10384] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10384] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... openat resumed>) = 3 [pid 298] getdents64(3, [pid 297] newfstatat(3, "", [pid 10385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10385] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 298] umount2("./402/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] getdents64(3, [pid 10385] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10385] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] newfstatat(AT_FDCWD, "./402/binderfs", [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10385] <... futex resumed>) = 1 [pid 10384] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./402/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10384] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] unlink("./402/binderfs" [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10385] memfd_create("syzkaller", 0 [pid 10384] <... futex resumed>) = 0 [pid 10385] <... memfd_create resumed>) = 3 [pid 10384] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 298] <... unlink resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./402/binderfs", [pid 10385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./402/binderfs") = 0 [pid 10385] <... mmap resumed>) = 0x7fe453fca000 [pid 297] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10376] <... mount resumed>) = 0 [pid 10376] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10376] chdir("./file0" [pid 10385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10376] <... chdir resumed>) = 0 [pid 10376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10376] ioctl(4, LOOP_CLR_FD) = 0 [pid 10376] close(4) = 0 [pid 10376] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10374] <... futex resumed>) = 0 [pid 10376] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10374] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10374] <... futex resumed>) = 0 [pid 10376] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10374] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10376] <... openat resumed>) = 4 [pid 10376] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10374] <... futex resumed>) = 0 [pid 10376] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10374] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10374] <... futex resumed>) = 0 [pid 10376] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10374] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10376] <... write resumed>) = 16 [pid 10374] <... futex resumed>) = 0 [pid 10376] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10376] <... futex resumed>) = 0 [pid 10376] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10374] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10374] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10388]}, 88) = 10388 [pid 10374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10374] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10374] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10385] <... write resumed>) = 1048576 ./strace-static-x86_64: Process 10388 attached [pid 10388] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10388] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10388] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10374] <... futex resumed>) = 0 [pid 10374] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10374] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10376] <... futex resumed>) = 0 [pid 10385] munmap(0x7fe453fca000, 138412032 [pid 10376] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10376] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10385] <... munmap resumed>) = 0 [pid 10376] <... futex resumed>) = 1 [pid 10374] <... futex resumed>) = 0 [pid 10374] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10374] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 144.396189][T10367] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10385] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10388] <... futex resumed>) = 1 [pid 10385] <... openat resumed>) = 4 [pid 10385] ioctl(4, LOOP_SET_FD, 3 [pid 10388] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10376] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10376] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10374] <... futex resumed>) = 0 [pid 10374] exit_group(0) = ? [pid 10388] <... futex resumed>) = ? [pid 10388] +++ exited with 0 +++ [pid 10376] <... futex resumed>) = ? [pid 10376] +++ exited with 0 +++ [pid 10374] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10374, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./401", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./401", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./401/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./401/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./401/binderfs") = 0 [pid 295] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10385] <... ioctl resumed>) = 0 [pid 10385] close(3) = 0 [pid 10385] close(4) = 0 [pid 10385] mkdir("./file0", 0777) = 0 [pid 10385] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 298] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./402/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./402/file0", [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] openat(AT_FDCWD, "./402/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(4, "", [pid 297] openat(AT_FDCWD, "./402/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... openat resumed>) = 4 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4 [pid 297] getdents64(4, [pid 298] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 298] rmdir("./402/file0") = 0 [pid 297] rmdir("./402/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] getdents64(3, [pid 298] close(3 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] <... close resumed>) = 0 [pid 297] close(3 [pid 298] rmdir("./402" [pid 297] <... close resumed>) = 0 [pid 10377] <... mount resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 10377] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 297] rmdir("./402" [pid 10377] <... openat resumed>) = 3 [pid 298] mkdir("./403", 0777 [pid 10377] chdir("./file0") = 0 [pid 298] <... mkdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 10377] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] mkdir("./403", 0777 [pid 10377] <... openat resumed>) = 4 [pid 10377] ioctl(4, LOOP_CLR_FD [pid 298] <... openat resumed>) = 3 [pid 297] <... mkdir resumed>) = 0 [pid 10377] <... ioctl resumed>) = 0 [pid 10377] close(4 [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10377] <... close resumed>) = 0 [pid 10377] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10375] <... futex resumed>) = 0 [pid 10377] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10375] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10375] <... futex resumed>) = 0 [pid 10377] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10375] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... openat resumed>) = 3 [pid 298] close(3 [pid 297] ioctl(3, LOOP_CLR_FD [pid 298] <... close resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] close(3 [pid 10377] <... openat resumed>) = 4 [pid 10377] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... close resumed>) = 0 [pid 10377] <... futex resumed>) = 1 [pid 10375] <... futex resumed>) = 0 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10392 [pid 10377] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10375] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10375] <... futex resumed>) = 0 [pid 10377] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10375] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10377] <... write resumed>) = 16 [pid 10375] <... futex resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10377] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10377] <... futex resumed>) = 0 [pid 10375] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10377] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10375] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10375] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10393 [pid 10375] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10394]}, 88) = 10394 [pid 10375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10375] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 10393 attached ./strace-static-x86_64: Process 10392 attached [pid 10375] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10393] set_robust_list(0x5555557b6760, 24./strace-static-x86_64: Process 10394 attached [pid 10394] set_robust_list(0x7fe45c3c99a0, 24 [pid 10393] <... set_robust_list resumed>) = 0 [pid 10394] <... set_robust_list resumed>) = 0 [pid 10394] rt_sigprocmask(SIG_SETMASK, [], [pid 10393] chdir("./403" [pid 10394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10394] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10394] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10393] <... chdir resumed>) = 0 [pid 10385] <... mount resumed>) = 0 [pid 10375] <... futex resumed>) = 0 [pid 10375] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10394] <... futex resumed>) = 1 [pid 10393] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10392] set_robust_list(0x5555557b6760, 24 [pid 10385] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10375] <... futex resumed>) = 1 [pid 10377] <... futex resumed>) = 0 [pid 10375] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10377] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10394] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10393] <... prctl resumed>) = 0 [pid 10392] <... set_robust_list resumed>) = 0 [pid 10385] <... openat resumed>) = 3 [pid 10377] <... mmap resumed>) = 0x20000000 [pid 10377] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10375] <... futex resumed>) = 0 [pid 10377] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10375] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10375] <... futex resumed>) = 0 [pid 10393] setpgid(0, 0 [pid 10392] chdir("./403" [pid 10385] chdir("./file0" [pid 10393] <... setpgid resumed>) = 0 [pid 10392] <... chdir resumed>) = 0 [pid 10385] <... chdir resumed>) = 0 [pid 10375] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10392] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10385] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10393] <... openat resumed>) = 3 [pid 10392] <... prctl resumed>) = 0 [pid 10385] <... openat resumed>) = 4 [pid 10393] write(3, "1000", 4 [pid 10392] setpgid(0, 0 [pid 10385] ioctl(4, LOOP_CLR_FD [pid 10393] <... write resumed>) = 4 [pid 10392] <... setpgid resumed>) = 0 [pid 10385] <... ioctl resumed>) = 0 [pid 10393] close(3 [pid 10392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10385] close(4 [pid 10393] <... close resumed>) = 0 [pid 10392] <... openat resumed>) = 3 [pid 10385] <... close resumed>) = 0 [pid 10393] symlink("/dev/binderfs", "./binderfs" [pid 10392] write(3, "1000", 4 [pid 10385] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10393] <... symlink resumed>) = 0 [pid 10392] <... write resumed>) = 4 [pid 10385] <... futex resumed>) = 1 [pid 10393] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10392] close(3 [pid 10385] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10393] <... futex resumed>) = 0 [pid 10392] <... close resumed>) = 0 [pid 10393] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10392] symlink("/dev/binderfs", "./binderfs" [pid 10393] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10392] <... symlink resumed>) = 0 [pid 10393] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10392] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10392] <... futex resumed>) = 0 [pid 10393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10392] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10393] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10392] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10393] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10392] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10393] <... mprotect resumed>) = 0 [pid 10392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10393] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10393] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10392] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10392] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10393] <... clone3 resumed> => {parent_tid=[10396]}, 88) = 10396 [pid 10392] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10393] rt_sigprocmask(SIG_SETMASK, [], [pid 10392] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10393] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10392] <... clone3 resumed> => {parent_tid=[10397]}, 88) = 10397 [pid 10393] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10392] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10392] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10384] <... futex resumed>) = 0 [pid 10384] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10385] <... futex resumed>) = 0 [pid 10384] <... futex resumed>) = 1 [pid 10385] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10384] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10396 attached [pid 10396] set_robust_list(0x7fe45c3ea9a0, 24) = 0 ./strace-static-x86_64: Process 10397 attached [pid 10385] <... openat resumed>) = 4 [pid 10377] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10397] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10396] rt_sigprocmask(SIG_SETMASK, [], [pid 10385] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10397] <... set_robust_list resumed>) = 0 [pid 10385] <... futex resumed>) = 1 [pid 10384] <... futex resumed>) = 0 [pid 10377] sendfile(-1, -1, [0] [pid 10397] rt_sigprocmask(SIG_SETMASK, [], [pid 10385] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10384] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10377] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10384] <... futex resumed>) = 0 [pid 10377] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10397] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10385] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10384] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10397] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10377] <... futex resumed>) = 1 [pid 10375] <... futex resumed>) = 0 [pid 10385] <... write resumed>) = 16 [pid 10397] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10384] <... futex resumed>) = 0 [pid 10377] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10375] exit_group(0 [pid 10397] <... futex resumed>) = 1 [pid 10394] <... futex resumed>) = ? [pid 10392] <... futex resumed>) = 0 [pid 10385] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10377] <... futex resumed>) = ? [pid 10375] <... exit_group resumed>) = ? [pid 10397] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10396] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10394] +++ exited with 0 +++ [pid 10392] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10385] <... futex resumed>) = 0 [pid 10384] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10396] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10392] <... futex resumed>) = 0 [pid 10385] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10384] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10377] +++ exited with 0 +++ [pid 10375] +++ exited with 0 +++ [pid 10397] memfd_create("syzkaller", 0 [pid 10396] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10392] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10384] <... mprotect resumed>) = 0 [pid 10397] <... memfd_create resumed>) = 3 [pid 10396] <... futex resumed>) = 1 [pid 10393] <... futex resumed>) = 0 [pid 10384] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10396] memfd_create("syzkaller", 0 [pid 10393] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10384] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10397] <... mmap resumed>) = 0x7fe453fca000 [pid 10396] <... memfd_create resumed>) = 3 [pid 10393] <... futex resumed>) = 0 [pid 10384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 295] <... umount2 resumed>) = 0 [pid 10397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10393] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10375, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 295] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10398 attached [pid 10397] <... write resumed>) = 1048576 [pid 10396] <... mmap resumed>) = 0x7fe453fca000 [pid 10384] <... clone3 resumed> => {parent_tid=[10398]}, 88) = 10398 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10384] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10384] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10398] set_robust_list(0x7fe45c3c99a0, 24 [pid 295] newfstatat(AT_FDCWD, "./401/file0", [pid 296] umount2("./403", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10398] <... set_robust_list resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10398] rt_sigprocmask(SIG_SETMASK, [], [pid 295] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10397] munmap(0x7fe453fca000, 138412032 [pid 10398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10397] <... munmap resumed>) = 0 [pid 296] openat(AT_FDCWD, "./403", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10398] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 296] <... openat resumed>) = 3 [pid 295] openat(AT_FDCWD, "./401/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] newfstatat(3, "", [pid 295] <... openat resumed>) = 4 [pid 10398] <... write resumed>) = 16 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] newfstatat(4, "", [pid 10398] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] getdents64(3, [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10398] <... futex resumed>) = 1 [pid 10384] <... futex resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] getdents64(4, [pid 10398] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10384] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./403/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10385] <... futex resumed>) = 0 [pid 10384] <... futex resumed>) = 1 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10385] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10384] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] getdents64(4, [pid 10385] <... mmap resumed>) = 0x20000000 [pid 296] newfstatat(AT_FDCWD, "./403/binderfs", [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [ 144.435866][T10376] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 144.451293][T10385] loop4: detected capacity change from 0 to 2048 [ 144.483063][T10377] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10385] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] close(4 [pid 10397] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10385] <... futex resumed>) = 1 [pid 10384] <... futex resumed>) = 0 [pid 296] unlink("./403/binderfs" [pid 295] <... close resumed>) = 0 [pid 10385] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] <... unlink resumed>) = 0 [pid 295] rmdir("./401/file0" [pid 296] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... rmdir resumed>) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./401") = 0 [pid 295] mkdir("./402", 0777 [pid 10385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10384] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... mkdir resumed>) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10384] <... futex resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10399 [pid 10397] <... openat resumed>) = 4 [pid 10397] ioctl(4, LOOP_SET_FD, 3 [pid 10384] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10397] <... ioctl resumed>) = 0 [pid 10397] close(3) = 0 [pid 10397] close(4) = 0 [pid 10397] mkdir("./file0", 0777) = 0 [pid 10397] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue"./strace-static-x86_64: Process 10399 attached [pid 10385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10385] sendfile(-1, -1, [0] [pid 10399] set_robust_list(0x5555557b6760, 24 [pid 10385] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10385] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10384] <... futex resumed>) = 0 [pid 10399] <... set_robust_list resumed>) = 0 [pid 10385] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10384] exit_group(0 [pid 10398] <... futex resumed>) = ? [pid 10385] <... futex resumed>) = ? [pid 10384] <... exit_group resumed>) = ? [pid 10399] chdir("./402" [pid 10398] +++ exited with 0 +++ [pid 10385] +++ exited with 0 +++ [pid 10384] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10384, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10399] <... chdir resumed>) = 0 [pid 299] umount2("./398", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10399] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./398", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10399] <... prctl resumed>) = 0 [pid 299] getdents64(3, [pid 10399] setpgid(0, 0 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./398/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./398/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10399] <... setpgid resumed>) = 0 [pid 299] unlink("./398/binderfs") = 0 [pid 299] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10396] <... write resumed>) = 1048576 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./398/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./398/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10399] <... openat resumed>) = 3 [pid 299] close(4) = 0 [pid 299] rmdir("./398/file0") = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./398") = 0 [pid 299] mkdir("./399", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 10399] write(3, "1000", 4 [pid 299] ioctl(3, LOOP_CLR_FD) = 0 [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10400 ./strace-static-x86_64: Process 10400 attached [pid 10400] set_robust_list(0x5555557b6760, 24) = 0 [pid 10400] chdir("./399" [pid 10399] <... write resumed>) = 4 [pid 10399] close(3) = 0 [pid 10400] <... chdir resumed>) = 0 [pid 10396] munmap(0x7fe453fca000, 138412032 [pid 10400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10400] setpgid(0, 0) = 0 [pid 10399] symlink("/dev/binderfs", "./binderfs") = 0 [ 144.536348][T10385] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 144.540169][T10397] loop3: detected capacity change from 0 to 2048 [pid 10399] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10399] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10399] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10396] <... munmap resumed>) = 0 [pid 10400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10396] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10400] <... openat resumed>) = 3 [pid 10396] <... openat resumed>) = 4 [pid 10396] ioctl(4, LOOP_SET_FD, 3 [pid 10399] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10399] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10400] write(3, "1000", 4) = 4 [pid 10400] close(3) = 0 [pid 10400] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10399] <... mprotect resumed>) = 0 [pid 10400] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10399] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10400] <... futex resumed>) = 0 [pid 10399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10400] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10400] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10400] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10400] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10399] <... clone3 resumed> => {parent_tid=[10402]}, 88) = 10402 [pid 10399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./403/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10399] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 10402 attached [pid 10400] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10399] <... futex resumed>) = 0 [pid 296] openat(AT_FDCWD, "./403/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 10402] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10399] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10402] <... set_robust_list resumed>) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./403/file0" [pid 10402] rt_sigprocmask(SIG_SETMASK, [], [pid 296] <... rmdir resumed>) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3 [pid 10402] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] <... close resumed>) = 0 [pid 296] rmdir("./403" [pid 10402] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10400] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 296] <... rmdir resumed>) = 0 [pid 10402] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 296] mkdir("./404", 0777 [pid 10402] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10400] <... clone3 resumed> => {parent_tid=[10404]}, 88) = 10404 [pid 296] <... mkdir resumed>) = 0 [pid 10400] rt_sigprocmask(SIG_SETMASK, [], [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] <... openat resumed>) = 3 [pid 10402] <... futex resumed>) = 1 [pid 10400] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10399] <... futex resumed>) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 10400] <... futex resumed>) = 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10400] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10399] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10402] memfd_create("syzkaller", 0 [pid 10399] <... futex resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10405 [pid 10399] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10402] <... memfd_create resumed>) = 3 [pid 10402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 ./strace-static-x86_64: Process 10404 attached [pid 10404] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10404] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10404] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10400] <... futex resumed>) = 0 [pid 10404] memfd_create("syzkaller", 0 [pid 10400] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10404] <... memfd_create resumed>) = 3 [pid 10400] <... futex resumed>) = 0 [pid 10404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10400] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10404] <... mmap resumed>) = 0x7fe453fca000 [pid 10402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10397] <... mount resumed>) = 0 [pid 10397] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10397] chdir("./file0") = 0 [pid 10397] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10397] ioctl(4, LOOP_CLR_FD [pid 10396] <... ioctl resumed>) = 0 [pid 10397] <... ioctl resumed>) = 0 [pid 10396] close(3 [pid 10397] close(4) = 0 [pid 10396] <... close resumed>) = 0 [pid 10397] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10396] close(4 [pid 10397] <... futex resumed>) = 1 [pid 10392] <... futex resumed>) = 0 [pid 10397] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10392] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10392] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10405 attached [pid 10397] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10392] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10397] <... openat resumed>) = 4 [pid 10397] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10405] set_robust_list(0x5555557b6760, 24 [pid 10397] <... futex resumed>) = 1 [pid 10392] <... futex resumed>) = 0 [pid 10397] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10392] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10405] <... set_robust_list resumed>) = 0 [pid 10397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10392] <... futex resumed>) = 0 [pid 10397] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [ 144.601434][T10396] loop2: detected capacity change from 0 to 2048 [pid 10392] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10405] chdir("./404" [pid 10397] <... write resumed>) = 16 [pid 10392] <... futex resumed>) = 0 [pid 10397] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10405] <... chdir resumed>) = 0 [pid 10397] <... futex resumed>) = 0 [pid 10392] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10405] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10397] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10392] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10405] <... prctl resumed>) = 0 [pid 10404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10392] <... mprotect resumed>) = 0 [pid 10392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10405] setpgid(0, 0 [pid 10392] <... clone3 resumed> => {parent_tid=[10406]}, 88) = 10406 [pid 10392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10405] <... setpgid resumed>) = 0 [pid 10392] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10392] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10406 attached [pid 10405] <... openat resumed>) = 3 [pid 10402] <... write resumed>) = 1048576 [pid 10405] write(3, "1000", 4 [pid 10402] munmap(0x7fe453fca000, 138412032 [pid 10405] <... write resumed>) = 4 [pid 10402] <... munmap resumed>) = 0 [pid 10405] close(3 [pid 10402] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10406] set_robust_list(0x7fe45c3c99a0, 24 [pid 10405] <... close resumed>) = 0 [pid 10402] <... openat resumed>) = 4 [pid 10406] <... set_robust_list resumed>) = 0 [pid 10405] symlink("/dev/binderfs", "./binderfs" [pid 10402] ioctl(4, LOOP_SET_FD, 3 [pid 10406] rt_sigprocmask(SIG_SETMASK, [], [pid 10405] <... symlink resumed>) = 0 [pid 10404] <... write resumed>) = 1048576 [pid 10404] munmap(0x7fe453fca000, 138412032) = 0 [pid 10404] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10404] ioctl(4, LOOP_SET_FD, 3 [pid 10406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10405] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10402] <... ioctl resumed>) = 0 [pid 10406] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10402] close(3 [pid 10406] <... write resumed>) = 16 [pid 10402] <... close resumed>) = 0 [pid 10406] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10402] close(4 [pid 10406] <... futex resumed>) = 1 [pid 10406] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10405] <... futex resumed>) = 0 [pid 10405] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10405] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10405] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10404] <... ioctl resumed>) = 0 [pid 10396] <... close resumed>) = 0 [pid 10392] <... futex resumed>) = 0 [pid 10405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10404] close(3 [pid 10396] mkdir("./file0", 0777 [pid 10392] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10397] <... futex resumed>) = 0 [pid 10392] <... futex resumed>) = 1 [pid 10404] <... close resumed>) = 0 [pid 10397] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10396] <... mkdir resumed>) = 0 [pid 10392] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10407 attached [pid 10404] close(4 [pid 10397] <... mmap resumed>) = 0x20000000 [pid 10396] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10405] <... clone3 resumed> => {parent_tid=[10407]}, 88) = 10407 [pid 10397] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10392] <... futex resumed>) = 0 [pid 10405] rt_sigprocmask(SIG_SETMASK, [], [pid 10397] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10392] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10407] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10392] <... futex resumed>) = 0 [pid 10407] <... set_robust_list resumed>) = 0 [pid 10405] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10407] rt_sigprocmask(SIG_SETMASK, [], [pid 10405] <... futex resumed>) = 0 [pid 10407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10405] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10407] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10407] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10405] <... futex resumed>) = 0 [pid 10407] memfd_create("syzkaller", 0 [pid 10405] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10407] <... memfd_create resumed>) = 3 [pid 10405] <... futex resumed>) = 0 [pid 10407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10405] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10407] <... mmap resumed>) = 0x7fe453fca000 [pid 10407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10407] munmap(0x7fe453fca000, 138412032) = 0 [pid 10407] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10407] ioctl(4, LOOP_SET_FD, 3 [pid 10392] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10397] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10397] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10397] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10392] <... futex resumed>) = 0 [pid 10392] exit_group(0 [pid 10406] <... futex resumed>) = ? [pid 10392] <... exit_group resumed>) = ? [pid 10406] +++ exited with 0 +++ [pid 10397] <... futex resumed>) = ? [pid 10397] +++ exited with 0 +++ [pid 10392] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10392, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./403", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./403", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [ 144.672783][T10402] loop0: detected capacity change from 0 to 2048 [ 144.673780][T10404] loop4: detected capacity change from 0 to 2048 [ 144.699057][T10397] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 298] umount2("./403/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./403/binderfs", [pid 10407] <... ioctl resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10407] close(3 [pid 298] unlink("./403/binderfs" [pid 10407] <... close resumed>) = 0 [pid 10407] close(4 [pid 10402] <... close resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 298] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10402] mkdir("./file0", 0777) = 0 [pid 10402] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10404] <... close resumed>) = 0 [pid 10404] mkdir("./file0", 0777) = 0 [pid 10404] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10396] <... mount resumed>) = 0 [pid 10396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10396] chdir("./file0") = 0 [pid 10396] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10396] ioctl(4, LOOP_CLR_FD) = 0 [pid 10396] close(4) = 0 [pid 10396] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10393] <... futex resumed>) = 0 [pid 10396] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10393] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10396] <... openat resumed>) = 4 [pid 10393] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10404] <... mount resumed>) = 0 [pid 10396] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10396] <... futex resumed>) = 1 [pid 10404] <... openat resumed>) = 3 [pid 10402] <... mount resumed>) = 0 [pid 10396] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10393] <... futex resumed>) = 0 [pid 10404] chdir("./file0" [pid 10402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10393] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10404] <... chdir resumed>) = 0 [pid 10393] <... futex resumed>) = 1 [pid 10402] <... openat resumed>) = 3 [pid 10396] <... futex resumed>) = 0 [pid 10393] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10393] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10393] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10396] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10404] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10402] chdir("./file0" [pid 10393] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10414]}, 88) = 10414 [pid 10393] rt_sigprocmask(SIG_SETMASK, [], [pid 10396] <... write resumed>) = 16 [pid 10393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10404] <... openat resumed>) = 4 [pid 10402] <... chdir resumed>) = 0 [pid 10396] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10393] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10404] ioctl(4, LOOP_CLR_FD [pid 10402] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10396] <... futex resumed>) = 0 [pid 10393] <... futex resumed>) = 0 [pid 10404] <... ioctl resumed>) = 0 [pid 10396] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10402] <... openat resumed>) = 4 [pid 10404] close(4 [pid 10393] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10404] <... close resumed>) = 0 [pid 10402] ioctl(4, LOOP_CLR_FD [pid 10404] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10414 attached ) = 1 [pid 10402] <... ioctl resumed>) = 0 [pid 10400] <... futex resumed>) = 0 [pid 10404] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10402] close(4 [pid 10404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10400] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10404] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10402] <... close resumed>) = 0 [pid 10400] <... futex resumed>) = 0 [pid 10414] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10414] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10400] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10404] <... openat resumed>) = 4 [pid 10402] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10404] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10402] <... futex resumed>) = 1 [pid 10399] <... futex resumed>) = 0 [pid 10404] <... futex resumed>) = 1 [pid 10400] <... futex resumed>) = 0 [pid 10399] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10404] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10402] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10400] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10399] <... futex resumed>) = 0 [pid 10404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10400] <... futex resumed>) = 0 [pid 10399] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10404] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10400] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10414] <... write resumed>) = 16 [pid 10404] <... write resumed>) = 16 [pid 10400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10404] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10402] <... openat resumed>) = 4 [pid 10404] <... futex resumed>) = 0 [pid 10400] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10404] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10402] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10400] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10414] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10402] <... futex resumed>) = 1 [pid 10400] <... mprotect resumed>) = 0 [pid 10399] <... futex resumed>) = 0 [pid 10400] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10393] <... futex resumed>) = 0 [pid 10399] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10414] <... futex resumed>) = 1 [pid 10402] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10400] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10399] <... futex resumed>) = 0 [pid 10407] <... close resumed>) = 0 [pid 10393] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10402] <... write resumed>) = 16 [pid 10400] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10399] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10402] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10399] <... futex resumed>) = 0 [pid 10402] <... futex resumed>) = 0 [pid 10400] <... clone3 resumed> => {parent_tid=[10415]}, 88) = 10415 [pid 10399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10402] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10400] rt_sigprocmask(SIG_SETMASK, [], [pid 10399] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10399] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10400] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10399] <... mprotect resumed>) = 0 [pid 10400] <... futex resumed>) = 0 [pid 10399] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10400] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10399] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10416]}, 88) = 10416 [pid 10399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10399] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10399] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10414] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 10415 attached ./strace-static-x86_64: Process 10416 attached [pid 10415] set_robust_list(0x7fe45c3c99a0, 24 [pid 10416] set_robust_list(0x7fe45c3c99a0, 24 [pid 10415] <... set_robust_list resumed>) = 0 [pid 10416] <... set_robust_list resumed>) = 0 [pid 10416] rt_sigprocmask(SIG_SETMASK, [], [pid 10415] rt_sigprocmask(SIG_SETMASK, [], [pid 10416] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10415] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10407] mkdir("./file0", 0777 [pid 10396] <... futex resumed>) = 0 [pid 10393] <... futex resumed>) = 1 [pid 10396] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10396] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 144.713596][T10407] loop1: detected capacity change from 0 to 2048 [pid 10396] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10416] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10415] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10407] <... mkdir resumed>) = 0 [pid 10393] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10407] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10393] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10396] <... futex resumed>) = 0 [pid 10393] <... futex resumed>) = 1 [pid 10416] <... write resumed>) = 16 [pid 10415] <... write resumed>) = 16 [pid 10416] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10415] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10416] <... futex resumed>) = 1 [pid 10415] <... futex resumed>) = 1 [pid 10416] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10415] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10393] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10400] <... futex resumed>) = 0 [pid 10400] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10400] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10399] <... futex resumed>) = 0 [pid 10399] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10399] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10404] <... futex resumed>) = 0 [pid 10404] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10404] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10400] <... futex resumed>) = 0 [pid 10404] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10400] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10400] <... futex resumed>) = 0 [pid 10402] <... futex resumed>) = 0 [pid 10400] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10402] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10402] <... mmap resumed>) = 0x20000000 [pid 10404] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10404] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10404] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10400] <... futex resumed>) = 0 [pid 10400] exit_group(0 [pid 10415] <... futex resumed>) = ? [pid 10400] <... exit_group resumed>) = ? [pid 10415] +++ exited with 0 +++ [pid 298] <... umount2 resumed>) = 0 [pid 10404] <... futex resumed>) = ? [pid 10396] sendfile(-1, -1, [0] [pid 10404] +++ exited with 0 +++ [pid 10400] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10400, si_uid=0, si_status=0, si_utime=1, si_stime=2} --- [pid 10402] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10399] <... futex resumed>) = 0 [ 144.769709][T10396] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 144.783658][T10404] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10402] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10399] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10399] <... futex resumed>) = 0 [pid 10399] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10396] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10393] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 298] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10396] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10393] exit_group(0 [pid 10414] <... futex resumed>) = ? [pid 10396] <... futex resumed>) = ? [pid 10393] <... exit_group resumed>) = ? [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10414] +++ exited with 0 +++ [pid 299] umount2("./399", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10396] +++ exited with 0 +++ [pid 10393] +++ exited with 0 +++ [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./403/file0", [pid 299] openat(AT_FDCWD, "./399", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10393, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 299] <... openat resumed>) = 3 [pid 298] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 299] newfstatat(3, "", [pid 297] <... restart_syscall resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./403", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./399/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./403", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] newfstatat(AT_FDCWD, "./399/binderfs", [pid 297] <... openat resumed>) = 3 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(3, "", [pid 299] unlink("./399/binderfs" [pid 298] openat(AT_FDCWD, "./403/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... unlink resumed>) = 0 [pid 298] <... openat resumed>) = 4 [pid 297] getdents64(3, [pid 299] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] newfstatat(4, "", [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./403/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./403/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./403/binderfs") = 0 [pid 297] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10402] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10402] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10399] <... futex resumed>) = 0 [pid 10402] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10399] exit_group(0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10416] <... futex resumed>) = ? [pid 10402] <... futex resumed>) = ? [pid 10399] <... exit_group resumed>) = ? [pid 298] getdents64(4, [pid 10416] +++ exited with 0 +++ [pid 10402] +++ exited with 0 +++ [pid 10399] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10399, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 298] getdents64(4, [pid 295] <... restart_syscall resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./403/file0" [pid 295] umount2("./402", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./402", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", [pid 298] <... rmdir resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] getdents64(3, [pid 298] close(3) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] rmdir("./403" [pid 295] umount2("./402/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... rmdir resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] mkdir("./404", 0777 [pid 295] newfstatat(AT_FDCWD, "./402/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 295] unlink("./402/binderfs" [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] <... unlink resumed>) = 0 [pid 298] close(3) = 0 [pid 295] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10419 ./strace-static-x86_64: Process 10419 attached [pid 10419] set_robust_list(0x5555557b6760, 24) = 0 [pid 10419] chdir("./404") = 0 [pid 10419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10419] setpgid(0, 0) = 0 [pid 10419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10419] write(3, "1000", 4 [pid 10407] <... mount resumed>) = 0 [pid 10419] <... write resumed>) = 4 [pid 10407] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10407] chdir("./file0") = 0 [pid 10407] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10407] ioctl(4, LOOP_CLR_FD) = 0 [pid 10407] close(4 [pid 10419] close(3 [pid 10407] <... close resumed>) = 0 [pid 10407] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10407] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10419] <... close resumed>) = 0 [pid 10419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10419] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10419] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10419] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10405] <... futex resumed>) = 0 [pid 10419] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10419] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10421]}, 88) = 10421 [pid 10419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10419] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10419] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10421 attached [pid 10421] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10421] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10421] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10419] <... futex resumed>) = 0 [pid 10419] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10419] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10405] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10407] <... futex resumed>) = 0 [pid 10405] <... futex resumed>) = 1 [pid 10421] <... futex resumed>) = 1 [pid 10407] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10405] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10421] memfd_create("syzkaller", 0) = 3 [pid 10421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10407] <... openat resumed>) = 4 [pid 10421] <... mmap resumed>) = 0x7fe453fca000 [pid 10407] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10405] <... futex resumed>) = 0 [pid 10407] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10405] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10407] <... write resumed>) = 16 [pid 10405] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10407] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10407] <... futex resumed>) = 0 [pid 10405] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10407] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10405] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10422]}, 88) = 10422 [pid 10405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10405] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10405] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10422 attached [pid 10422] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10422] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10422] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10405] <... futex resumed>) = 0 [pid 10405] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10407] <... futex resumed>) = 0 [pid 10405] <... futex resumed>) = 1 [pid 10407] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10405] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10407] <... mmap resumed>) = 0x20000000 [pid 10407] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10405] <... futex resumed>) = 0 [pid 10407] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10405] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10405] <... futex resumed>) = 0 [ 144.817566][T10402] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10422] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 299] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 299] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./399/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./399/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] getdents64(4, [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 297] newfstatat(AT_FDCWD, "./403/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] rmdir("./399/file0" [pid 297] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... rmdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./403/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] getdents64(3, [pid 297] close(4 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] <... close resumed>) = 0 [pid 297] rmdir("./403/file0" [pid 299] close(3 [pid 10405] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... close resumed>) = 0 [pid 299] rmdir("./399" [pid 297] <... rmdir resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 299] mkdir("./400", 0777 [pid 297] getdents64(3, [pid 299] <... mkdir resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./403") = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 297] mkdir("./404", 0777 [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] <... mkdir resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10423 attached [pid 10423] set_robust_list(0x5555557b6760, 24 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10423 [pid 10423] <... set_robust_list resumed>) = 0 [pid 10423] chdir("./400") = 0 [pid 10423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10423] setpgid(0, 0) = 0 [pid 10423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10423] write(3, "1000", 4) = 4 [pid 10423] close(3) = 0 [pid 10423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10423] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10423] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10423] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10424]}, 88) = 10424 [pid 10423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10423] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10423] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10425 [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./402/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./402/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./402/file0" [pid 10421] <... write resumed>) = 1048576 [pid 10421] munmap(0x7fe453fca000, 138412032 [pid 295] <... rmdir resumed>) = 0 [pid 295] getdents64(3, [pid 10407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10407] sendfile(-1, -1, [0] [pid 295] close(3 [pid 10407] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 295] <... close resumed>) = 0 [pid 10407] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] rmdir("./402" [pid 10421] <... munmap resumed>) = 0 [pid 10407] <... futex resumed>) = 1 [pid 10405] <... futex resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 10421] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10407] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10405] exit_group(0 [pid 295] mkdir("./403", 0777 [pid 10422] <... futex resumed>) = ? [pid 10421] <... openat resumed>) = 4 [pid 10407] <... futex resumed>) = ? [pid 10405] <... exit_group resumed>) = ? [ 144.876209][T10407] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10422] +++ exited with 0 +++ [pid 10421] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 10425 attached ./strace-static-x86_64: Process 10424 attached [pid 10407] +++ exited with 0 +++ [pid 10405] +++ exited with 0 +++ [pid 295] <... mkdir resumed>) = 0 [pid 10425] set_robust_list(0x5555557b6760, 24 [pid 10424] set_robust_list(0x7fe45c3ea9a0, 24 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10425] <... set_robust_list resumed>) = 0 [pid 10424] <... set_robust_list resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 10425] chdir("./404" [pid 10424] rt_sigprocmask(SIG_SETMASK, [], [pid 295] ioctl(3, LOOP_CLR_FD [pid 10425] <... chdir resumed>) = 0 [pid 10424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10425] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10424] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 295] close(3 [pid 10421] <... ioctl resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 10421] close(3 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10405, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10421] <... close resumed>) = 0 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 10421] close(4 [pid 296] <... restart_syscall resumed>) = 0 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10426 [pid 10424] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10425] <... prctl resumed>) = 0 [pid 10424] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./404", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10425] setpgid(0, 0 [pid 10424] <... futex resumed>) = 1 [pid 10423] <... futex resumed>) = 0 [pid 296] openat(AT_FDCWD, "./404", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10423] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... openat resumed>) = 3 [pid 10423] <... futex resumed>) = 0 [pid 296] newfstatat(3, "", [pid 10424] memfd_create("syzkaller", 0 [pid 10423] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10425] <... setpgid resumed>) = 0 [pid 10424] <... memfd_create resumed>) = 3 [pid 296] getdents64(3, [pid 10424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] umount2("./404/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10424] <... mmap resumed>) = 0x7fe453fca000 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10425] <... openat resumed>) = 3 [pid 296] newfstatat(AT_FDCWD, "./404/binderfs", [pid 10425] write(3, "1000", 4 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./404/binderfs") = 0 [pid 296] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10425] <... write resumed>) = 4 ./strace-static-x86_64: Process 10426 attached [pid 10426] set_robust_list(0x5555557b6760, 24) = 0 [pid 10426] chdir("./403" [pid 10425] close(3 [pid 10426] <... chdir resumed>) = 0 [pid 10426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10426] setpgid(0, 0) = 0 [pid 10425] <... close resumed>) = 0 [pid 10426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10426] write(3, "1000", 4) = 4 [pid 10425] symlink("/dev/binderfs", "./binderfs" [pid 10426] close(3) = 0 [pid 10425] <... symlink resumed>) = 0 [pid 10426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10425] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10426] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10425] <... futex resumed>) = 0 [pid 10426] <... futex resumed>) = 0 [pid 10426] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10426] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10426] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10425] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10426] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10425] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10426] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10425] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10426] <... clone3 resumed> => {parent_tid=[10427]}, 88) = 10427 [pid 10425] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10426] rt_sigprocmask(SIG_SETMASK, [], [pid 10425] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10425] <... mprotect resumed>) = 0 [pid 10426] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10425] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10426] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10425] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10428]}, 88) = 10428 [pid 10425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10425] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10425] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 10428 attached ./strace-static-x86_64: Process 10427 attached [pid 10428] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10428] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10428] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10427] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10425] <... futex resumed>) = 0 [pid 10428] memfd_create("syzkaller", 0 [pid 10427] <... set_robust_list resumed>) = 0 [pid 10425] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10428] <... memfd_create resumed>) = 3 [pid 10427] rt_sigprocmask(SIG_SETMASK, [], [pid 10425] <... futex resumed>) = 0 [pid 10428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10425] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10428] <... mmap resumed>) = 0x7fe453fca000 [pid 10427] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10427] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10424] <... write resumed>) = 1048576 [pid 10427] <... futex resumed>) = 1 [pid 10426] <... futex resumed>) = 0 [pid 10424] munmap(0x7fe453fca000, 138412032 [pid 10427] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10426] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10424] <... munmap resumed>) = 0 [pid 10427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10426] <... futex resumed>) = 0 [pid 10424] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10427] memfd_create("syzkaller", 0 [pid 10426] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10427] <... memfd_create resumed>) = 3 [pid 10424] <... openat resumed>) = 4 [pid 10427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10424] ioctl(4, LOOP_SET_FD, 3 [pid 10428] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10428] <... write resumed>) = 1048576 [pid 10424] <... ioctl resumed>) = 0 [pid 10424] close(3) = 0 [pid 10421] <... close resumed>) = 0 [pid 10424] close(4 [pid 10428] munmap(0x7fe453fca000, 138412032 [pid 10421] mkdir("./file0", 0777 [pid 10428] <... munmap resumed>) = 0 [pid 10428] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10421] <... mkdir resumed>) = 0 [pid 10428] <... openat resumed>) = 4 [pid 10428] ioctl(4, LOOP_SET_FD, 3 [ 144.924925][T10421] loop3: detected capacity change from 0 to 2048 [ 144.961495][T10424] loop4: detected capacity change from 0 to 2048 [pid 10427] <... write resumed>) = 1048576 [pid 10421] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10427] munmap(0x7fe453fca000, 138412032) = 0 [pid 10427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10427] ioctl(4, LOOP_SET_FD, 3 [pid 10428] <... ioctl resumed>) = 0 [pid 10428] close(3) = 0 [pid 10428] close(4 [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./404/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./404/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 10427] <... ioctl resumed>) = 0 [pid 296] newfstatat(4, "", [pid 10427] close(3 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, [pid 10427] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./404/file0" [pid 10427] close(4 [pid 296] <... rmdir resumed>) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./404") = 0 [pid 296] mkdir("./405", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10429 attached , child_tidptr=0x5555557b6750) = 10429 [pid 10429] set_robust_list(0x5555557b6760, 24) = 0 [pid 10429] chdir("./405") = 0 [pid 10429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10429] setpgid(0, 0) = 0 [pid 10429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10429] write(3, "1000", 4) = 4 [pid 10429] close(3) = 0 [pid 10429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10429] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10429] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10429] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10429] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10429] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 10430 attached => {parent_tid=[10430]}, 88) = 10430 [pid 10429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10429] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10430] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10429] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10430] <... set_robust_list resumed>) = 0 [pid 10430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10430] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10430] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10429] <... futex resumed>) = 0 [pid 10430] memfd_create("syzkaller", 0 [pid 10429] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10430] <... memfd_create resumed>) = 3 [pid 10429] <... futex resumed>) = 0 [pid 10430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10429] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10427] <... close resumed>) = 0 [pid 10424] <... close resumed>) = 0 [pid 10430] <... mmap resumed>) = 0x7fe453fca000 [pid 10424] mkdir("./file0", 0777 [pid 10430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10427] mkdir("./file0", 0777 [pid 10424] <... mkdir resumed>) = 0 [pid 10424] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10427] <... mkdir resumed>) = 0 [pid 10427] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10428] <... close resumed>) = 0 [pid 10428] mkdir("./file0", 0777) = 0 [pid 10428] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10430] <... write resumed>) = 1048576 [pid 10430] munmap(0x7fe453fca000, 138412032) = 0 [pid 10430] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10430] ioctl(4, LOOP_SET_FD, 3 [pid 10421] <... mount resumed>) = 0 [pid 10430] <... ioctl resumed>) = 0 [pid 10430] close(3) = 0 [pid 10430] close(4 [pid 10421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10421] chdir("./file0") = 0 [pid 10421] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10421] ioctl(4, LOOP_CLR_FD) = 0 [pid 10421] close(4) = 0 [pid 10421] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10421] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10419] <... futex resumed>) = 0 [pid 10419] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10419] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10421] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10428] <... mount resumed>) = 0 [pid 10428] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10428] chdir("./file0") = 0 [pid 10428] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10428] ioctl(4, LOOP_CLR_FD) = 0 [pid 10428] close(4) = 0 [pid 10428] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10425] <... futex resumed>) = 0 [pid 10428] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10425] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10428] <... openat resumed>) = 4 [pid 10425] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10421] <... openat resumed>) = 4 [pid 10428] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10425] <... futex resumed>) = 0 [pid 10421] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10428] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10425] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10428] <... write resumed>) = 16 [pid 10425] <... futex resumed>) = 0 [pid 10421] <... futex resumed>) = 1 [pid 10419] <... futex resumed>) = 0 [pid 10428] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10425] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10421] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10419] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10428] <... futex resumed>) = 0 [pid 10425] <... futex resumed>) = 0 [pid 10421] <... write resumed>) = 16 [pid 10419] <... futex resumed>) = 0 [pid 10428] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10421] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10419] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10425] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10421] <... futex resumed>) = 0 [pid 10419] <... futex resumed>) = 0 [pid 10425] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10421] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10425] <... mprotect resumed>) = 0 [pid 10419] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10425] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10419] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10425] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10419] <... mprotect resumed>) = 0 [pid 10425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10425] <... clone3 resumed> => {parent_tid=[10435]}, 88) = 10435 [pid 10419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10435 attached [pid 10425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10419] <... clone3 resumed> => {parent_tid=[10436]}, 88) = 10436 [pid 10425] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10419] rt_sigprocmask(SIG_SETMASK, [], [pid 10425] <... futex resumed>) = 0 [pid 10419] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10425] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10419] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10419] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10436 attached [pid 10436] set_robust_list(0x7fe45c3c99a0, 24 [pid 10435] set_robust_list(0x7fe45c3c99a0, 24 [pid 10427] <... mount resumed>) = 0 [pid 10427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10427] chdir("./file0") = 0 [pid 10427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10427] ioctl(4, LOOP_CLR_FD) = 0 [pid 10427] close(4) = 0 [pid 10427] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10426] <... futex resumed>) = 0 [pid 10427] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10426] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10427] <... openat resumed>) = 4 [pid 10426] <... futex resumed>) = 0 [pid 10427] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10426] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10427] <... futex resumed>) = 0 [pid 10426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10427] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10426] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10427] <... write resumed>) = 16 [pid 10426] <... futex resumed>) = 0 [pid 10427] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10426] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10427] <... futex resumed>) = 0 [pid 10426] <... futex resumed>) = 0 [pid 10427] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10426] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10439]}, 88) = 10439 [pid 10426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10426] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10426] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10436] <... set_robust_list resumed>) = 0 [pid 10436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10436] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10436] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10419] <... futex resumed>) = 0 [pid 10419] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10421] <... futex resumed>) = 0 [pid 10419] <... futex resumed>) = 1 [pid 10421] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10419] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10421] <... mmap resumed>) = 0x20000000 [pid 10421] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10419] <... futex resumed>) = 0 [pid 10421] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10419] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 144.973043][T10428] loop2: detected capacity change from 0 to 2048 [ 144.979732][T10427] loop0: detected capacity change from 0 to 2048 [ 145.016536][T10430] loop1: detected capacity change from 0 to 2048 [pid 10419] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10439 attached [pid 10436] <... futex resumed>) = 1 [pid 10435] <... set_robust_list resumed>) = 0 [pid 10435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10435] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10435] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10435] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10439] set_robust_list(0x7fe45c3c99a0, 24 [pid 10436] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10439] <... set_robust_list resumed>) = 0 [pid 10439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10439] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10439] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10439] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10419] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10425] <... futex resumed>) = 0 [pid 10425] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10425] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10426] <... futex resumed>) = 0 [pid 10426] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10426] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10428] <... futex resumed>) = 0 [pid 10428] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10427] <... futex resumed>) = 0 [pid 10428] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10427] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10425] <... futex resumed>) = 0 [pid 10428] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10427] <... mmap resumed>) = 0x20000000 [pid 10425] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10424] <... mount resumed>) = 0 [pid 10428] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10427] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10425] <... futex resumed>) = 0 [pid 10424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10421] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10427] <... futex resumed>) = 1 [pid 10424] <... openat resumed>) = 3 [pid 10426] <... futex resumed>) = 0 [pid 10427] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10426] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10425] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10424] chdir("./file0" [pid 10421] sendfile(-1, -1, [0] [pid 10427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10424] <... chdir resumed>) = 0 [pid 10424] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10421] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10424] <... openat resumed>) = 4 [pid 10424] ioctl(4, LOOP_CLR_FD [pid 10421] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10424] <... ioctl resumed>) = 0 [pid 10424] close(4 [pid 10421] <... futex resumed>) = 1 [pid 10424] <... close resumed>) = 0 [pid 10424] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10421] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10424] <... futex resumed>) = 1 [pid 10424] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10426] <... futex resumed>) = 0 [pid 10426] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10428] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10423] <... futex resumed>) = 0 [pid 10419] <... futex resumed>) = 0 [pid 10423] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10419] exit_group(0 [pid 10436] <... futex resumed>) = ? [pid 10424] <... futex resumed>) = 0 [pid 10423] <... futex resumed>) = 1 [pid 10421] <... futex resumed>) = ? [pid 10419] <... exit_group resumed>) = ? [pid 10436] +++ exited with 0 +++ [pid 10424] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10423] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10421] +++ exited with 0 +++ [pid 10419] +++ exited with 0 +++ [pid 10424] <... openat resumed>) = 4 [pid 10424] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10419, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 10424] <... futex resumed>) = 1 [pid 10423] <... futex resumed>) = 0 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 10424] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10423] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10424] <... write resumed>) = 16 [pid 10423] <... futex resumed>) = 0 [pid 10424] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10423] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10424] <... futex resumed>) = 0 [pid 10423] <... futex resumed>) = 0 [pid 298] <... restart_syscall resumed>) = 0 [pid 10424] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10423] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [ 145.040671][T10421] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 145.059738][T10428] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 298] umount2("./404", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10430] <... close resumed>) = 0 [pid 10423] <... mprotect resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10428] sendfile(-1, -1, [0] [pid 10430] mkdir("./file0", 0777 [pid 10428] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10423] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] openat(AT_FDCWD, "./404", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10430] <... mkdir resumed>) = 0 [pid 10428] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10423] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... openat resumed>) = 3 [pid 10430] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10428] <... futex resumed>) = 1 [pid 10427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10425] <... futex resumed>) = 0 [pid 10423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 298] newfstatat(3, "", [pid 10428] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10425] exit_group(0 [pid 10428] <... futex resumed>) = ? [pid 10425] <... exit_group resumed>) = ? [pid 10435] <... futex resumed>) = ? [pid 10428] +++ exited with 0 +++ [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10423] <... clone3 resumed> => {parent_tid=[10442]}, 88) = 10442 [pid 10427] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10427] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10426] <... futex resumed>) = 0 [pid 10427] <... futex resumed>) = 1 [pid 10426] exit_group(0) = ? [pid 10439] <... futex resumed>) = ? [pid 10435] +++ exited with 0 +++ [pid 10427] +++ exited with 0 +++ [pid 10425] +++ exited with 0 +++ [pid 10423] rt_sigprocmask(SIG_SETMASK, [], [pid 298] getdents64(3, [pid 10439] +++ exited with 0 +++ [pid 10426] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10425, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10426, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- ./strace-static-x86_64: Process 10442 attached [pid 10423] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./404/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./403", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10423] <... futex resumed>) = 0 [pid 10442] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10442] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10442] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10442] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10423] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./404", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] newfstatat(AT_FDCWD, "./404/binderfs", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./403", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10423] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] openat(AT_FDCWD, "./404", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... openat resumed>) = 3 [pid 10424] <... futex resumed>) = 0 [pid 10423] <... futex resumed>) = 1 [pid 298] unlink("./404/binderfs" [pid 297] <... openat resumed>) = 3 [pid 295] newfstatat(3, "", [pid 10424] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10423] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... unlink resumed>) = 0 [pid 297] newfstatat(3, "", [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10424] <... mmap resumed>) = 0x20000000 [pid 298] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, [pid 10424] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10423] <... futex resumed>) = 0 [pid 297] getdents64(3, [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [ 145.062040][T10427] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10423] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./403/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10423] <... futex resumed>) = 0 [pid 10423] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] umount2("./404/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./404/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./404/binderfs") = 0 [pid 297] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./403/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./403/binderfs") = 0 [pid 295] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10424] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10424] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10424] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10423] <... futex resumed>) = 0 [pid 10424] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10423] exit_group(0 [pid 10442] <... futex resumed>) = ? [pid 10424] <... futex resumed>) = ? [pid 10423] <... exit_group resumed>) = ? [pid 10442] +++ exited with 0 +++ [pid 10424] +++ exited with 0 +++ [pid 10423] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10423, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 299] umount2("./400", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./400", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./400/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./400/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./400/binderfs") = 0 [pid 299] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10430] <... mount resumed>) = 0 [pid 10430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10430] chdir("./file0") = 0 [pid 10430] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10430] ioctl(4, LOOP_CLR_FD) = 0 [pid 10430] close(4) = 0 [pid 10430] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10429] <... futex resumed>) = 0 [pid 10430] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10429] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10429] <... futex resumed>) = 0 [pid 10430] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10429] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10430] <... openat resumed>) = 4 [pid 10430] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10429] <... futex resumed>) = 0 [pid 10430] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10429] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10430] <... write resumed>) = 16 [pid 10429] <... futex resumed>) = 0 [pid 10430] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10429] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10430] <... futex resumed>) = 0 [pid 10429] <... futex resumed>) = 0 [pid 10430] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10429] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10429] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10445]}, 88) = 10445 [pid 10429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10429] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10429] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10445 attached [pid 10445] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10445] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10445] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10445] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10429] <... futex resumed>) = 0 [pid 10429] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10430] <... futex resumed>) = 0 [pid 10429] <... futex resumed>) = 1 [pid 10430] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10429] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10430] <... mmap resumed>) = 0x20000000 [pid 10430] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10429] <... futex resumed>) = 0 [pid 10445] <... futex resumed>) = 1 [pid 10429] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10445] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10429] <... futex resumed>) = 0 [ 145.123298][T10424] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10429] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10430] sendfile(-1, -1, [0] [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10430] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10430] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10429] <... futex resumed>) = 0 [pid 10429] exit_group(0) = ? [pid 10445] <... futex resumed>) = ? [pid 295] newfstatat(AT_FDCWD, "./403/file0", [pid 10445] +++ exited with 0 +++ [pid 10430] <... futex resumed>) = ? [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./403/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10430] +++ exited with 0 +++ [pid 10429] +++ exited with 0 +++ [pid 295] close(4) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10429, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] rmdir("./403/file0" [pid 296] umount2("./405", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... rmdir resumed>) = 0 [pid 299] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] openat(AT_FDCWD, "./405", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] getdents64(3, [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... openat resumed>) = 3 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] newfstatat(3, "", [pid 299] newfstatat(AT_FDCWD, "./400/file0", [pid 297] newfstatat(AT_FDCWD, "./404/file0", [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] close(3 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] getdents64(3, [pid 295] <... close resumed>) = 0 [pid 299] umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] rmdir("./403" [pid 296] umount2("./405/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... rmdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "./400/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] openat(AT_FDCWD, "./404/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] newfstatat(AT_FDCWD, "./405/binderfs", [pid 295] mkdir("./404", 0777 [pid 299] newfstatat(4, "", [pid 297] <... openat resumed>) = 4 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(4, "", [pid 296] unlink("./405/binderfs" [pid 299] getdents64(4, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, [pid 299] getdents64(4, [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] <... unlink resumed>) = 0 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] getdents64(4, [pid 299] close(4 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... mkdir resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 297] close(4 [pid 299] rmdir("./400/file0" [pid 297] <... close resumed>) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] <... rmdir resumed>) = 0 [pid 298] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] rmdir("./404/file0" [pid 295] <... openat resumed>) = 3 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] ioctl(3, LOOP_CLR_FD [pid 299] close(3) = 0 [pid 299] rmdir("./400") = 0 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] mkdir("./401", 0777 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... rmdir resumed>) = 0 [pid 295] close(3 [pid 299] <... mkdir resumed>) = 0 [pid 297] getdents64(3, [pid 295] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] close(3 [pid 298] newfstatat(AT_FDCWD, "./404/file0", [pid 297] <... close resumed>) = 0 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10446 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] rmdir("./404" [pid 299] <... openat resumed>) = 3 [pid 298] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... rmdir resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] mkdir("./405", 0777 [pid 299] ioctl(3, LOOP_CLR_FD [pid 298] openat(AT_FDCWD, "./404/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... mkdir resumed>) = 0 [pid 298] <... openat resumed>) = 4 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 298] newfstatat(4, "", [pid 297] <... openat resumed>) = 3 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] ioctl(3, LOOP_CLR_FD [pid 298] getdents64(4, [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] close(3 [pid 299] close(3 [pid 298] getdents64(4, [pid 297] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [ 145.159501][T10430] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... close resumed>) = 0 [pid 298] close(4) = 0 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10447 [pid 298] rmdir("./404/file0" [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... rmdir resumed>) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./404"./strace-static-x86_64: Process 10446 attached ) = 0 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10448 [pid 298] mkdir("./405", 0777 [pid 10446] set_robust_list(0x5555557b6760, 24 [pid 298] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10446] <... set_robust_list resumed>) = 0 [pid 10446] chdir("./404" [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10449 [pid 10446] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 10447 attached [pid 10446] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10447] set_robust_list(0x5555557b6760, 24) = 0 [pid 10447] chdir("./405" [pid 10446] <... prctl resumed>) = 0 [pid 10447] <... chdir resumed>) = 0 [pid 10447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10447] setpgid(0, 0 [pid 10446] setpgid(0, 0 [pid 10447] <... setpgid resumed>) = 0 [pid 10447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10447] write(3, "1000", 4) = 4 [pid 10447] close(3) = 0 [pid 10447] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10447] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10447] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10447] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10447] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10447] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10450]}, 88) = 10450 [pid 10447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10447] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 10449 attached [pid 296] <... umount2 resumed>) = 0 [pid 10447] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10449] set_robust_list(0x5555557b6760, 24) = 0 [pid 10449] chdir("./405" [pid 10446] <... setpgid resumed>) = 0 [pid 296] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10449] <... chdir resumed>) = 0 [pid 10449] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./405/file0", [pid 10449] <... prctl resumed>) = 0 [pid 10446] <... openat resumed>) = 3 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10449] setpgid(0, 0 [pid 10446] write(3, "1000", 4 [pid 296] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10449] <... setpgid resumed>) = 0 [pid 10446] <... write resumed>) = 4 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] openat(AT_FDCWD, "./405/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 10448 attached [pid 10449] <... openat resumed>) = 3 [pid 10446] close(3 [pid 10449] write(3, "1000", 4 [pid 10446] <... close resumed>) = 0 [pid 296] <... openat resumed>) = 4 [pid 10449] <... write resumed>) = 4 [pid 10446] symlink("/dev/binderfs", "./binderfs" [pid 296] newfstatat(4, "", [pid 10449] close(3 [pid 10448] set_robust_list(0x5555557b6760, 24 [pid 10449] <... close resumed>) = 0 [pid 10446] <... symlink resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10449] symlink("/dev/binderfs", "./binderfs" [pid 296] getdents64(4, [pid 10446] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10449] <... symlink resumed>) = 0 [pid 10446] <... futex resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10449] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10446] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 296] getdents64(4, [pid 10448] <... set_robust_list resumed>) = 0 [pid 10449] <... futex resumed>) = 0 [pid 10446] <... rt_sigaction resumed>NULL, 8) = 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10449] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10446] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 296] close(4 [pid 10449] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10448] chdir("./401" [pid 10446] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] <... close resumed>) = 0 [pid 10449] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] rmdir("./405/file0" [pid 10449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10448] <... chdir resumed>) = 0 [pid 10446] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 296] <... rmdir resumed>) = 0 [pid 10448] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10446] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 296] getdents64(3, [pid 10449] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10448] <... prctl resumed>) = 0 [pid 10446] <... mprotect resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10449] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10448] setpgid(0, 0 [pid 10446] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] close(3 [pid 10449] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10448] <... setpgid resumed>) = 0 [pid 10446] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] <... close resumed>) = 0 [pid 10446] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 296] rmdir("./405" [pid 10448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10449] <... clone3 resumed> => {parent_tid=[10451]}, 88) = 10451 [pid 10449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10449] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... rmdir resumed>) = 0 [pid 10449] <... futex resumed>) = 0 [pid 10446] <... clone3 resumed> => {parent_tid=[10452]}, 88) = 10452 [pid 296] mkdir("./406", 0777 [pid 10449] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10448] <... openat resumed>) = 3 [pid 10446] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 10451 attached [pid 10451] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10451] rt_sigprocmask(SIG_SETMASK, [], [pid 10448] write(3, "1000", 4 [pid 10446] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 10448] <... write resumed>) = 4 [pid 10446] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10448] close(3 [pid 10446] <... futex resumed>) = 0 [pid 10448] <... close resumed>) = 0 [pid 10446] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... openat resumed>) = 3 [pid 10448] symlink("/dev/binderfs", "./binderfs" [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 10448] <... symlink resumed>) = 0 [pid 296] close(3 [pid 10451] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] <... close resumed>) = 0 [pid 10448] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10451] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10451] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10449] <... futex resumed>) = 0 [pid 10449] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10449] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10448] <... futex resumed>) = 0 [pid 10448] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10453 [pid 10448] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10451] <... futex resumed>) = 1 [pid 10448] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10451] memfd_create("syzkaller", 0) = 3 [pid 10451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 ./strace-static-x86_64: Process 10453 attached ./strace-static-x86_64: Process 10452 attached ./strace-static-x86_64: Process 10450 attached [pid 10448] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10448] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10450] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10448] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10453] set_robust_list(0x5555557b6760, 24 [pid 10452] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10450] <... set_robust_list resumed>) = 0 [pid 10448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10453] <... set_robust_list resumed>) = 0 [pid 10452] <... set_robust_list resumed>) = 0 [pid 10450] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 10454 attached NULL, 8) = 0 [pid 10448] <... clone3 resumed> => {parent_tid=[10454]}, 88) = 10454 [pid 10453] chdir("./406" [pid 10450] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10448] rt_sigprocmask(SIG_SETMASK, [], [pid 10453] <... chdir resumed>) = 0 [pid 10452] rt_sigprocmask(SIG_SETMASK, [], [pid 10448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10450] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10453] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10448] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10453] <... prctl resumed>) = 0 [pid 10452] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10450] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10448] <... futex resumed>) = 0 [pid 10450] <... futex resumed>) = 1 [pid 10453] setpgid(0, 0 [pid 10448] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10452] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10447] <... futex resumed>) = 0 [pid 10454] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10453] <... setpgid resumed>) = 0 [pid 10452] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10450] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10447] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10454] <... set_robust_list resumed>) = 0 [pid 10453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10452] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10447] <... futex resumed>) = 0 [pid 10454] rt_sigprocmask(SIG_SETMASK, [], [pid 10453] <... openat resumed>) = 3 [pid 10452] <... futex resumed>) = 1 [pid 10451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10450] memfd_create("syzkaller", 0 [pid 10447] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10446] <... futex resumed>) = 0 [pid 10454] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10453] write(3, "1000", 4 [pid 10452] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10450] <... memfd_create resumed>) = 3 [pid 10446] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10454] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10453] <... write resumed>) = 4 [pid 10452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10446] <... futex resumed>) = 0 [pid 10454] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10453] close(3 [pid 10452] memfd_create("syzkaller", 0 [pid 10450] <... mmap resumed>) = 0x7fe453fca000 [pid 10446] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10454] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10453] <... close resumed>) = 0 [pid 10452] <... memfd_create resumed>) = 3 [pid 10454] <... futex resumed>) = 1 [pid 10454] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10453] symlink("/dev/binderfs", "./binderfs" [pid 10452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10448] <... futex resumed>) = 0 [pid 10453] <... symlink resumed>) = 0 [pid 10452] <... mmap resumed>) = 0x7fe453fca000 [pid 10448] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10453] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10448] <... futex resumed>) = 1 [pid 10454] <... futex resumed>) = 0 [pid 10448] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10454] memfd_create("syzkaller", 0 [pid 10453] <... futex resumed>) = 0 [pid 10451] <... write resumed>) = 1048576 [pid 10454] <... memfd_create resumed>) = 3 [pid 10451] munmap(0x7fe453fca000, 138412032 [pid 10454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10453] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10454] <... mmap resumed>) = 0x7fe453fca000 [pid 10453] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10451] <... munmap resumed>) = 0 [pid 10451] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10451] ioctl(4, LOOP_SET_FD, 3 [pid 10453] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10453] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10451] <... ioctl resumed>) = 0 [pid 10451] close(3) = 0 [pid 10451] close(4 [pid 10454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10453] <... mprotect resumed>) = 0 [pid 10452] <... write resumed>) = 1048576 [pid 10451] <... close resumed>) = 0 [pid 10450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10453] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10450] <... write resumed>) = 1048576 [pid 10453] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10452] munmap(0x7fe453fca000, 138412032) = 0 [pid 10452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10452] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 10455 attached [pid 10454] <... write resumed>) = 1048576 [pid 10451] mkdir("./file0", 0777 [pid 10450] munmap(0x7fe453fca000, 138412032 [pid 10453] <... clone3 resumed> => {parent_tid=[10455]}, 88) = 10455 [pid 10453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10453] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10453] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10450] <... munmap resumed>) = 0 [pid 10450] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10450] ioctl(4, LOOP_SET_FD, 3 [pid 10454] munmap(0x7fe453fca000, 138412032) = 0 [pid 10455] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10454] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10452] <... ioctl resumed>) = 0 [pid 10451] <... mkdir resumed>) = 0 [pid 10454] <... openat resumed>) = 4 [pid 10454] ioctl(4, LOOP_SET_FD, 3 [pid 10455] <... set_robust_list resumed>) = 0 [pid 10452] close(3 [pid 10451] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10450] <... ioctl resumed>) = 0 [pid 10450] close(3) = 0 [pid 10450] close(4 [pid 10455] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10455] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10455] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10453] <... futex resumed>) = 0 [pid 10453] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10453] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10455] <... futex resumed>) = 1 [pid 10455] memfd_create("syzkaller", 0 [pid 10452] <... close resumed>) = 0 [pid 10452] close(4 [pid 10455] <... memfd_create resumed>) = 3 [pid 10455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10454] <... ioctl resumed>) = 0 [pid 10454] close(3) = 0 [pid 10454] close(4 [pid 10455] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10455] munmap(0x7fe453fca000, 138412032) = 0 [pid 10455] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 145.263914][T10451] loop3: detected capacity change from 0 to 2048 [ 145.285490][T10452] loop0: detected capacity change from 0 to 2048 [ 145.292549][T10450] loop2: detected capacity change from 0 to 2048 [ 145.295929][T10454] loop4: detected capacity change from 0 to 2048 [pid 10455] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10455] close(3) = 0 [pid 10455] close(4 [pid 10451] <... mount resumed>) = 0 [pid 10451] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10451] chdir("./file0") = 0 [pid 10451] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10451] ioctl(4, LOOP_CLR_FD) = 0 [pid 10451] close(4) = 0 [pid 10451] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10449] <... futex resumed>) = 0 [pid 10451] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10449] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10451] <... futex resumed>) = 0 [pid 10449] <... futex resumed>) = 1 [pid 10451] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10449] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10451] <... openat resumed>) = 4 [pid 10451] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10449] <... futex resumed>) = 0 [pid 10451] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10449] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10449] <... futex resumed>) = 0 [pid 10451] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10449] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10451] <... write resumed>) = 16 [pid 10449] <... futex resumed>) = 0 [pid 10451] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10451] <... futex resumed>) = 0 [pid 10449] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10451] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10449] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10449] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10449] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10459 attached => {parent_tid=[10459]}, 88) = 10459 [pid 10459] set_robust_list(0x7fe45c3c99a0, 24 [pid 10449] rt_sigprocmask(SIG_SETMASK, [], [pid 10459] <... set_robust_list resumed>) = 0 [pid 10459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10459] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10449] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10449] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10459] <... futex resumed>) = 0 [pid 10459] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10459] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10449] <... futex resumed>) = 0 [pid 10449] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10451] <... futex resumed>) = 0 [pid 10449] <... futex resumed>) = 1 [pid 10451] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10449] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10451] <... mmap resumed>) = 0x20000000 [pid 10451] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10449] <... futex resumed>) = 0 [pid 10451] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10449] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10449] <... futex resumed>) = 0 [pid 10449] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10459] <... futex resumed>) = 1 [pid 10459] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10454] <... close resumed>) = 0 [pid 10452] <... close resumed>) = 0 [pid 10451] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10450] <... close resumed>) = 0 [pid 10454] mkdir("./file0", 0777 [pid 10452] mkdir("./file0", 0777 [pid 10451] sendfile(-1, -1, [0] [pid 10450] mkdir("./file0", 0777 [pid 10454] <... mkdir resumed>) = 0 [pid 10452] <... mkdir resumed>) = 0 [pid 10451] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10454] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10452] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10450] <... mkdir resumed>) = 0 [pid 10451] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10450] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10451] <... futex resumed>) = 1 [pid 10449] <... futex resumed>) = 0 [pid 10451] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10449] exit_group(0) = ? [pid 10459] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 10451] <... futex resumed>) = ? [pid 10459] +++ exited with 0 +++ [pid 10451] +++ exited with 0 +++ [pid 10449] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10449, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./405", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./405", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./405/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./405/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./405/binderfs") = 0 [pid 298] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10455] <... close resumed>) = 0 [pid 10455] mkdir("./file0", 0777) = 0 [pid 10455] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 10455] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10452] <... mount resumed>) = 0 [pid 10455] chdir("./file0" [pid 10452] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10455] <... chdir resumed>) = 0 [pid 10452] <... openat resumed>) = 3 [pid 10455] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10452] chdir("./file0" [pid 10455] <... openat resumed>) = 4 [pid 10454] <... mount resumed>) = 0 [pid 10452] <... chdir resumed>) = 0 [pid 10455] ioctl(4, LOOP_CLR_FD [pid 10452] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10455] <... ioctl resumed>) = 0 [pid 10454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10452] <... openat resumed>) = 4 [pid 10455] close(4 [pid 10454] <... openat resumed>) = 3 [pid 10452] ioctl(4, LOOP_CLR_FD [pid 10455] <... close resumed>) = 0 [pid 10454] chdir("./file0" [pid 10452] <... ioctl resumed>) = 0 [pid 10455] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10454] <... chdir resumed>) = 0 [pid 10452] close(4 [pid 10455] <... futex resumed>) = 1 [pid 10454] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10453] <... futex resumed>) = 0 [pid 10452] <... close resumed>) = 0 [pid 10455] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10454] <... openat resumed>) = 4 [pid 10453] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10452] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10455] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10454] ioctl(4, LOOP_CLR_FD [pid 10453] <... futex resumed>) = 0 [pid 10452] <... futex resumed>) = 1 [pid 10446] <... futex resumed>) = 0 [pid 10455] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10454] <... ioctl resumed>) = 0 [pid 10453] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10452] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10446] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10455] <... openat resumed>) = 4 [pid 10454] close(4 [pid 10452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10446] <... futex resumed>) = 0 [pid 10455] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10454] <... close resumed>) = 0 [pid 10452] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10446] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10455] <... futex resumed>) = 1 [pid 10454] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10453] <... futex resumed>) = 0 [pid 10452] <... openat resumed>) = 4 [pid 10455] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10454] <... futex resumed>) = 1 [pid 10453] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10452] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10448] <... futex resumed>) = 0 [pid 10455] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10454] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10453] <... futex resumed>) = 0 [pid 10452] <... futex resumed>) = 1 [pid 10448] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10446] <... futex resumed>) = 0 [pid 10455] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10453] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10452] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10448] <... futex resumed>) = 0 [pid 10446] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10455] <... write resumed>) = 16 [pid 10454] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10453] <... futex resumed>) = 0 [pid 10452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10448] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10446] <... futex resumed>) = 0 [pid 10455] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10452] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10446] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10455] <... futex resumed>) = 0 [pid 10454] <... openat resumed>) = 4 [pid 10453] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10452] <... write resumed>) = 16 [pid 10446] <... futex resumed>) = 0 [pid 10455] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10453] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10452] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10453] <... mprotect resumed>) = 0 [pid 10452] <... futex resumed>) = 0 [pid 10446] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10453] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10452] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10446] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10453] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10446] <... mprotect resumed>) = 0 [pid 10453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10446] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10453] <... clone3 resumed> => {parent_tid=[10468]}, 88) = 10468 [pid 10446] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10446] <... clone3 resumed> => {parent_tid=[10469]}, 88) = 10469 [pid 10453] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10446] rt_sigprocmask(SIG_SETMASK, [], [pid 10454] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10453] <... futex resumed>) = 0 [pid 10446] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 10454] <... futex resumed>) = 1 [pid 10453] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10448] <... futex resumed>) = 0 [pid 10446] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10454] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10448] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10446] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10448] <... futex resumed>) = 0 [pid 10446] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10454] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10448] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] newfstatat(AT_FDCWD, "./405/file0", [pid 10454] <... write resumed>) = 16 [pid 10448] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 145.318157][T10455] loop1: detected capacity change from 0 to 2048 [ 145.335088][T10451] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10454] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10454] <... futex resumed>) = 0 [pid 10448] <... mmap resumed>) = 0x7fe45c3a9000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10454] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10448] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 298] openat(AT_FDCWD, "./405/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10448] <... mprotect resumed>) = 0 [pid 298] <... openat resumed>) = 4 [pid 10448] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] newfstatat(4, "", [pid 10448] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 298] getdents64(4, [pid 10448] <... clone3 resumed> => {parent_tid=[10470]}, 88) = 10470 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10448] rt_sigprocmask(SIG_SETMASK, [], [pid 298] getdents64(4, [pid 10448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10448] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] close(4./strace-static-x86_64: Process 10470 attached [pid 10470] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10470] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10448] <... futex resumed>) = 0 [pid 10448] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10470] <... write resumed>) = 16 [pid 10470] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10470] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10448] <... futex resumed>) = 0 [pid 10448] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10454] <... futex resumed>) = 0 [pid 10448] <... futex resumed>) = 1 [pid 10454] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10448] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10454] <... mmap resumed>) = 0x20000000 [pid 10454] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10454] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10448] <... futex resumed>) = 0 [pid 10448] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10454] <... futex resumed>) = 0 [pid 10448] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10469 attached [pid 10469] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10469] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 298] <... close resumed>) = 0 [pid 298] rmdir("./405/file0" [pid 10469] <... write resumed>) = 16 [pid 10469] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10446] <... futex resumed>) = 0 [pid 10446] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10452] <... futex resumed>) = 0 [pid 10446] <... futex resumed>) = 1 [pid 10452] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10446] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10452] <... mmap resumed>) = 0x20000000 [pid 298] <... rmdir resumed>) = 0 [pid 10452] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] getdents64(3, [pid 10452] <... futex resumed>) = 1 [pid 10446] <... futex resumed>) = 0 [pid 10452] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10446] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10454] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10446] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10468 attached [pid 10454] sendfile(-1, -1, [0] [pid 10453] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10452] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10450] <... mount resumed>) = 0 [pid 10446] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] close(3 [pid 10469] <... futex resumed>) = 1 [pid 10468] set_robust_list(0x7fe45c3c99a0, 24 [pid 10454] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10453] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10452] sendfile(-1, -1, [0] [pid 10450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] <... close resumed>) = 0 [pid 10469] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10468] <... set_robust_list resumed>) = 0 [pid 10455] <... futex resumed>) = 0 [pid 10454] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10453] <... futex resumed>) = 1 [pid 10452] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10450] <... openat resumed>) = 3 [pid 298] rmdir("./405" [pid 10468] rt_sigprocmask(SIG_SETMASK, [], [pid 10455] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10454] <... futex resumed>) = 1 [pid 10453] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10452] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10450] chdir("./file0" [pid 10448] <... futex resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 10468] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 145.407263][T10454] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 145.427985][T10452] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10455] <... mmap resumed>) = 0x20000000 [pid 10454] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10452] <... futex resumed>) = 1 [pid 10450] <... chdir resumed>) = 0 [pid 10448] exit_group(0 [pid 10446] <... futex resumed>) = 0 [pid 298] mkdir("./406", 0777 [pid 10455] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10446] exit_group(0 [pid 10469] <... futex resumed>) = ? [pid 10455] <... futex resumed>) = 1 [pid 10453] <... futex resumed>) = 0 [pid 10446] <... exit_group resumed>) = ? [pid 10469] +++ exited with 0 +++ [pid 10455] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10453] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10455] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10453] <... futex resumed>) = 0 [pid 10453] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10452] +++ exited with 0 +++ [pid 10446] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10446, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] umount2("./404", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./404", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./404/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./404/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./404/binderfs") = 0 [pid 295] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10450] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10450] ioctl(4, LOOP_CLR_FD) = 0 [pid 10450] close(4 [pid 10470] <... futex resumed>) = ? [pid 10454] <... futex resumed>) = ? [pid 10450] <... close resumed>) = 0 [pid 10448] <... exit_group resumed>) = ? [pid 298] <... mkdir resumed>) = 0 [pid 10470] +++ exited with 0 +++ [pid 10454] +++ exited with 0 +++ [pid 10450] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10448] +++ exited with 0 +++ [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10450] <... futex resumed>) = 1 [pid 10447] <... futex resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 10468] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10450] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10447] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10448, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 298] ioctl(3, LOOP_CLR_FD [pid 10455] sendfile(-1, -1, [0] [pid 10447] <... futex resumed>) = 0 [pid 299] umount2("./401", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10468] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 10455] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10450] <... openat resumed>) = 4 [pid 10447] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] close(3 [pid 10468] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000088} --- [pid 10455] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10450] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] openat(AT_FDCWD, "./401", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... close resumed>) = 0 [pid 10455] <... futex resumed>) = 1 [pid 10453] <... futex resumed>) = 0 [pid 10450] <... futex resumed>) = 0 [pid 10447] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 3 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10455] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10450] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10447] <... futex resumed>) = 0 [pid 299] newfstatat(3, "", [pid 10450] <... write resumed>) = 16 [pid 10447] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10471 [pid 10450] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10447] <... futex resumed>) = 0 [pid 299] getdents64(3, [pid 10450] <... futex resumed>) = 0 [pid 10447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10450] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10447] <... mmap resumed>) = 0x7fe45c3a9000 [pid 299] umount2("./401/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10447] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10447] <... mprotect resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./401/binderfs", [pid 10447] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10447] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] unlink("./401/binderfs" [pid 10447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 299] <... unlink resumed>) = 0 [pid 299] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10472 attached [pid 10472] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10447] <... clone3 resumed> => {parent_tid=[10472]}, 88) = 10472 [pid 10472] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10472] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10468] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10447] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10447] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10468] <... write resumed>) = 16 [pid 10468] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10468] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 10471 attached [pid 10471] set_robust_list(0x5555557b6760, 24 [pid 10453] exit_group(0 [pid 10468] <... futex resumed>) = ? [pid 10455] <... futex resumed>) = ? [pid 10453] <... exit_group resumed>) = ? [pid 10468] +++ exited with 0 +++ [pid 10455] +++ exited with 0 +++ [pid 10471] <... set_robust_list resumed>) = 0 [pid 10471] chdir("./406" [pid 10453] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10453, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10471] <... chdir resumed>) = 0 [pid 10471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10471] setpgid(0, 0) = 0 [pid 10471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] umount2("./406", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10472] <... futex resumed>) = 0 [pid 296] openat(AT_FDCWD, "./406", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10471] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 10472] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10471] write(3, "1000", 4 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10472] <... write resumed>) = 16 [pid 10472] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10472] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10471] <... write resumed>) = 4 [pid 10471] close(3) = 0 [pid 10447] <... futex resumed>) = 0 [pid 296] getdents64(3, [pid 295] <... umount2 resumed>) = 0 [pid 10447] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10450] <... futex resumed>) = 0 [pid 10447] <... futex resumed>) = 1 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10471] symlink("/dev/binderfs", "./binderfs" [pid 10450] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10447] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] umount2("./406/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10450] <... mmap resumed>) = 0x20000000 [pid 10450] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10450] <... futex resumed>) = 1 [pid 10447] <... futex resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./406/binderfs", [pid 10450] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10447] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10447] <... futex resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10471] <... symlink resumed>) = 0 [pid 10471] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10471] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10471] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10471] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10471] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10473]}, 88) = 10473 [pid 10471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10471] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10471] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10473 attached [pid 10473] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10473] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10473] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10471] <... futex resumed>) = 0 [pid 10471] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10471] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10473] <... futex resumed>) = 1 [pid 10473] memfd_create("syzkaller", 0) = 3 [pid 10473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [ 145.455479][T10468] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10447] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] unlink("./406/binderfs") = 0 [pid 296] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./404/file0", [pid 10473] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./404/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./404/file0") = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./404") = 0 [pid 10450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 295] mkdir("./405", 0777) = 0 [pid 10450] sendfile(-1, -1, [0] [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10450] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 295] <... openat resumed>) = 3 [pid 10450] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] ioctl(3, LOOP_CLR_FD [pid 10450] <... futex resumed>) = 1 [pid 10447] <... futex resumed>) = 0 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10450] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10447] exit_group(0 [pid 295] close(3 [pid 10472] <... futex resumed>) = ? [pid 10447] <... exit_group resumed>) = ? [pid 295] <... close resumed>) = 0 [pid 10473] <... write resumed>) = 1048576 [pid 10473] munmap(0x7fe453fca000, 138412032) = 0 [pid 10473] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 145.495098][T10450] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10473] ioctl(4, LOOP_SET_FD, 3 [pid 10450] <... futex resumed>) = ? [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10472] +++ exited with 0 +++ [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10474 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./401/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./401/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./401/file0" [pid 10473] <... ioctl resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./401") = 0 [pid 10473] close(3./strace-static-x86_64: Process 10474 attached ) = 0 [pid 10450] +++ exited with 0 +++ [pid 10447] +++ exited with 0 +++ [pid 299] mkdir("./402", 0777 [pid 10473] close(4 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10447, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./405", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./405", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", [pid 296] <... umount2 resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10474] set_robust_list(0x5555557b6760, 24 [pid 299] <... mkdir resumed>) = 0 [pid 296] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./406/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./406/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] getdents64(4, [pid 299] <... openat resumed>) = 3 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] ioctl(3, LOOP_CLR_FD [pid 296] getdents64(4, [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(3 [pid 296] close(4 [pid 299] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] rmdir("./406/file0" [pid 297] getdents64(3, [pid 296] <... rmdir resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10475 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./406") = 0 [pid 296] mkdir("./407", 0777 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./405/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... openat resumed>) = 3 [pid 297] newfstatat(AT_FDCWD, "./405/binderfs", [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] close(3 [pid 297] unlink("./405/binderfs" [pid 296] <... close resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... unlink resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10476 [pid 10474] <... set_robust_list resumed>) = 0 [pid 297] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10474] chdir("./405"./strace-static-x86_64: Process 10476 attached ./strace-static-x86_64: Process 10475 attached [pid 10476] set_robust_list(0x5555557b6760, 24 [pid 10475] set_robust_list(0x5555557b6760, 24 [pid 10476] <... set_robust_list resumed>) = 0 [pid 10475] <... set_robust_list resumed>) = 0 [pid 10476] chdir("./407" [pid 10475] chdir("./402" [pid 10476] <... chdir resumed>) = 0 [pid 10474] <... chdir resumed>) = 0 [pid 10476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10476] setpgid(0, 0) = 0 [pid 10476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10475] <... chdir resumed>) = 0 [pid 10474] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10476] <... openat resumed>) = 3 [pid 10476] write(3, "1000", 4) = 4 [pid 10476] close(3) = 0 [pid 10476] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10475] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10474] <... prctl resumed>) = 0 [pid 10476] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10476] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10476] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10475] <... prctl resumed>) = 0 [pid 10476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10474] setpgid(0, 0 [pid 10476] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10476] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10476] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10475] setpgid(0, 0 [pid 10474] <... setpgid resumed>) = 0 [pid 10476] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10476] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10477]}, 88) = 10477 [pid 10476] rt_sigprocmask(SIG_SETMASK, [], [pid 10475] <... setpgid resumed>) = 0 [pid 10476] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10476] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10476] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10477 attached [pid 10477] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10477] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10477] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10476] <... futex resumed>) = 0 [pid 10476] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10476] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10475] <... openat resumed>) = 3 [pid 10477] <... futex resumed>) = 1 [pid 10475] write(3, "1000", 4 [pid 10474] <... openat resumed>) = 3 [pid 10477] memfd_create("syzkaller", 0 [pid 10475] <... write resumed>) = 4 [pid 10474] write(3, "1000", 4 [pid 10477] <... memfd_create resumed>) = 3 [pid 10477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10475] close(3 [pid 10474] <... write resumed>) = 4 [pid 10475] <... close resumed>) = 0 [pid 10475] symlink("/dev/binderfs", "./binderfs" [pid 10474] close(3 [pid 10475] <... symlink resumed>) = 0 [pid 10474] <... close resumed>) = 0 [pid 10475] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10474] symlink("/dev/binderfs", "./binderfs" [pid 10475] <... futex resumed>) = 0 [pid 10475] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10474] <... symlink resumed>) = 0 [pid 10475] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10475] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10474] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10475] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10474] <... futex resumed>) = 0 [pid 10475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10474] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10475] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10474] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10475] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10474] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10475] <... mprotect resumed>) = 0 [pid 10474] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10475] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10475] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10474] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10475] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10474] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10475] <... clone3 resumed> => {parent_tid=[10478]}, 88) = 10478 [pid 10475] rt_sigprocmask(SIG_SETMASK, [], [pid 10474] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10475] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10474] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10475] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 10478 attached [pid 10475] <... futex resumed>) = 0 [pid 10475] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10479 attached [pid 10478] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10474] <... clone3 resumed> => {parent_tid=[10479]}, 88) = 10479 [pid 10479] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10478] <... set_robust_list resumed>) = 0 [pid 10479] <... set_robust_list resumed>) = 0 [pid 10478] rt_sigprocmask(SIG_SETMASK, [], [pid 10474] rt_sigprocmask(SIG_SETMASK, [], [pid 10473] <... close resumed>) = 0 [pid 10473] mkdir("./file0", 0777 [pid 10479] rt_sigprocmask(SIG_SETMASK, [], [pid 10478] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10474] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10473] <... mkdir resumed>) = 0 [pid 10473] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10474] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10478] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10474] <... futex resumed>) = 0 [pid 10479] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10478] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10474] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10479] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10478] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10475] <... futex resumed>) = 0 [pid 10478] <... futex resumed>) = 1 [pid 10479] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10475] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10479] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10478] memfd_create("syzkaller", 0 [pid 10475] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10479] <... futex resumed>) = 1 [pid 10478] <... memfd_create resumed>) = 3 [pid 10474] <... futex resumed>) = 0 [pid 10478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10474] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10478] <... mmap resumed>) = 0x7fe453fca000 [pid 10474] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10477] <... write resumed>) = 1048576 [pid 10477] munmap(0x7fe453fca000, 138412032) = 0 [pid 10477] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 145.529245][T10473] loop3: detected capacity change from 0 to 2048 [pid 10477] ioctl(4, LOOP_SET_FD, 3 [pid 10479] memfd_create("syzkaller", 0 [pid 10478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10477] <... ioctl resumed>) = 0 [pid 10477] close(3) = 0 [pid 10477] close(4 [pid 10479] <... memfd_create resumed>) = 3 [pid 10479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./405/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./405/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./405/file0") = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./405") = 0 [pid 297] mkdir("./406", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10480 [pid 10478] <... write resumed>) = 1048576 ./strace-static-x86_64: Process 10480 attached [pid 10478] munmap(0x7fe453fca000, 138412032) = 0 [pid 10480] set_robust_list(0x5555557b6760, 24 [pid 10478] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10480] <... set_robust_list resumed>) = 0 [pid 10478] <... openat resumed>) = 4 [pid 10478] ioctl(4, LOOP_SET_FD, 3 [pid 10480] chdir("./406" [pid 10479] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10479] munmap(0x7fe453fca000, 138412032) = 0 [pid 10479] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10479] ioctl(4, LOOP_SET_FD, 3 [pid 10480] <... chdir resumed>) = 0 [pid 10478] <... ioctl resumed>) = 0 [pid 10480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10480] setpgid(0, 0) = 0 [pid 10480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10480] write(3, "1000", 4) = 4 [pid 10480] close(3) = 0 [pid 10480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10480] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10480] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10480] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10480] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10480] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10479] <... ioctl resumed>) = 0 [pid 10478] close(3) = 0 [pid 10478] close(4 [pid 10480] <... clone3 resumed> => {parent_tid=[10482]}, 88) = 10482 [pid 10480] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 10482 attached NULL, 8) = 0 [pid 10479] close(3) = 0 [pid 10479] close(4 [pid 10482] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10473] <... mount resumed>) = 0 [pid 10480] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10473] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10473] chdir("./file0") = 0 [pid 10473] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10473] ioctl(4, LOOP_CLR_FD) = 0 [pid 10473] close(4) = 0 [pid 10473] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10471] <... futex resumed>) = 0 [pid 10473] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10471] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10480] <... futex resumed>) = 0 [pid 10473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10471] <... futex resumed>) = 0 [pid 10480] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10473] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10471] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10482] rt_sigprocmask(SIG_SETMASK, [], [pid 10477] <... close resumed>) = 0 [pid 10477] mkdir("./file0", 0777) = 0 [pid 10477] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10482] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10482] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10482] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10482] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10480] <... futex resumed>) = 0 [pid 10480] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10473] <... openat resumed>) = 4 [pid 10482] <... futex resumed>) = 0 [pid 10480] <... futex resumed>) = 1 [pid 10473] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10482] memfd_create("syzkaller", 0 [pid 10480] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10473] <... futex resumed>) = 1 [pid 10471] <... futex resumed>) = 0 [pid 10482] <... memfd_create resumed>) = 3 [pid 10482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10477] <... mount resumed>) = 0 [pid 10473] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10471] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10482] <... mmap resumed>) = 0x7fe453fca000 [pid 10477] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10471] <... futex resumed>) = 0 [pid 10477] <... openat resumed>) = 3 [pid 10473] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10471] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10477] chdir("./file0" [pid 10473] <... write resumed>) = 16 [pid 10471] <... futex resumed>) = 0 [pid 10477] <... chdir resumed>) = 0 [pid 10471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10473] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10477] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10473] <... futex resumed>) = 0 [pid 10471] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10477] <... openat resumed>) = 4 [pid 10473] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10471] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10477] ioctl(4, LOOP_CLR_FD [pid 10471] <... mprotect resumed>) = 0 [pid 10477] <... ioctl resumed>) = 0 [pid 10477] close(4 [pid 10471] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10477] <... close resumed>) = 0 [pid 10471] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10477] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10477] <... futex resumed>) = 1 [pid 10476] <... futex resumed>) = 0 [pid 10477] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10476] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10471] <... clone3 resumed> => {parent_tid=[10486]}, 88) = 10486 [pid 10477] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10476] <... futex resumed>) = 0 [pid 10471] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 10486 attached [pid 10486] set_robust_list(0x7fe45c3c99a0, 24 [pid 10477] <... openat resumed>) = 4 [pid 10476] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10477] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10471] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10477] <... futex resumed>) = 0 [pid 10476] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10471] <... futex resumed>) = 0 [pid 10477] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10476] <... futex resumed>) = 0 [pid 10471] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10486] <... set_robust_list resumed>) = 0 [pid 10477] <... write resumed>) = 16 [pid 10476] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10486] rt_sigprocmask(SIG_SETMASK, [], [pid 10482] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10477] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10476] <... futex resumed>) = 0 [pid 10486] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10479] <... close resumed>) = 0 [pid 10478] <... close resumed>) = 0 [pid 10477] <... futex resumed>) = 0 [pid 10476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10479] mkdir("./file0", 0777 [pid 10478] mkdir("./file0", 0777 [pid 10477] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10476] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10486] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10479] <... mkdir resumed>) = 0 [pid 10486] <... write resumed>) = 16 [pid 10478] <... mkdir resumed>) = 0 [pid 10476] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10479] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10486] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10478] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10476] <... mprotect resumed>) = 0 [pid 10486] <... futex resumed>) = 1 [pid 10471] <... futex resumed>) = 0 [pid 10486] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10476] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10471] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10476] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10473] <... futex resumed>) = 0 [pid 10471] <... futex resumed>) = 1 [pid 10476] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10473] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10471] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10473] <... mmap resumed>) = 0x20000000 [pid 10476] <... clone3 resumed> => {parent_tid=[10487]}, 88) = 10487 [pid 10473] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10476] rt_sigprocmask(SIG_SETMASK, [], [pid 10473] <... futex resumed>) = 1 [pid 10471] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10487 attached [pid 10482] <... write resumed>) = 1048576 [pid 10476] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10473] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10471] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10487] set_robust_list(0x7fe45c3c99a0, 24 [pid 10482] munmap(0x7fe453fca000, 138412032 [pid 10476] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10471] <... futex resumed>) = 0 [pid 10487] <... set_robust_list resumed>) = 0 [pid 10482] <... munmap resumed>) = 0 [pid 10476] <... futex resumed>) = 0 [ 145.580572][T10477] loop1: detected capacity change from 0 to 2048 [ 145.600486][T10478] loop4: detected capacity change from 0 to 2048 [ 145.610836][T10479] loop0: detected capacity change from 0 to 2048 [pid 10471] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10487] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10487] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10487] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10482] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10482] ioctl(4, LOOP_SET_FD, 3 [pid 10479] <... mount resumed>) = 0 [pid 10476] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10473] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10479] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10473] sendfile(-1, -1, [0] [pid 10479] <... openat resumed>) = 3 [pid 10482] <... ioctl resumed>) = 0 [pid 10476] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10473] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10473] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10471] <... futex resumed>) = 0 [pid 10473] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10471] exit_group(0 [pid 10486] <... futex resumed>) = ? [pid 10479] chdir("./file0" [pid 10473] <... futex resumed>) = ? [pid 10471] <... exit_group resumed>) = ? [pid 10482] close(3 [pid 10477] <... futex resumed>) = 0 [pid 10476] <... futex resumed>) = 1 [pid 10486] +++ exited with 0 +++ [pid 10482] <... close resumed>) = 0 [pid 10479] <... chdir resumed>) = 0 [pid 10477] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10476] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10482] close(4 [pid 10479] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10473] +++ exited with 0 +++ [pid 10471] +++ exited with 0 +++ [pid 10479] <... openat resumed>) = 4 [pid 10477] <... mmap resumed>) = 0x20000000 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10471, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10479] ioctl(4, LOOP_CLR_FD) = 0 [pid 10477] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 10479] close(4 [pid 10477] <... futex resumed>) = 1 [pid 10476] <... futex resumed>) = 0 [pid 10479] <... close resumed>) = 0 [pid 10476] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... restart_syscall resumed>) = 0 [pid 10479] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10474] <... futex resumed>) = 0 [pid 10479] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10474] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./406", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10479] <... openat resumed>) = 4 [pid 10474] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10479] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10474] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] openat(AT_FDCWD, "./406", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10479] <... futex resumed>) = 0 [pid 10474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... openat resumed>) = 3 [pid 10479] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10474] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] newfstatat(3, "", [pid 10479] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10474] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10479] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10474] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] getdents64(3, [pid 10479] <... write resumed>) = 16 [pid 10474] <... futex resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10479] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] umount2("./406/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10479] <... futex resumed>) = 0 [pid 10474] <... mmap resumed>) = 0x7fe45c3a9000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10479] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10474] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 298] newfstatat(AT_FDCWD, "./406/binderfs", [pid 10474] <... mprotect resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10474] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] unlink("./406/binderfs" [pid 10474] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... unlink resumed>) = 0 [pid 10474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 298] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10474] <... clone3 resumed> => {parent_tid=[10490]}, 88) = 10490 [pid 10474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10474] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10474] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10476] <... futex resumed>) = 0 [pid 10476] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10490 attached [pid 10490] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10490] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10490] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10490] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10474] <... futex resumed>) = 0 [pid 10474] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10479] <... futex resumed>) = 0 [pid 10474] <... futex resumed>) = 1 [pid 10490] <... futex resumed>) = 1 [pid 10479] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10474] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10490] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10479] <... mmap resumed>) = 0x20000000 [pid 10479] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10474] <... futex resumed>) = 0 [pid 10479] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10474] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10479] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10474] <... futex resumed>) = 0 [pid 10474] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10477] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10477] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10477] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10476] <... futex resumed>) = 0 [pid 10477] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10476] exit_group(0 [pid 10487] <... futex resumed>) = ? [ 145.650497][T10473] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 145.654160][T10482] loop2: detected capacity change from 0 to 2048 [ 145.678554][T10477] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10477] <... futex resumed>) = ? [pid 10476] <... exit_group resumed>) = ? [pid 10487] +++ exited with 0 +++ [pid 10477] +++ exited with 0 +++ [pid 10476] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10476, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 296] umount2("./407", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./407", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./407/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./407/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./407/binderfs") = 0 [pid 296] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10479] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10479] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10479] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10474] <... futex resumed>) = 0 [pid 10479] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10474] exit_group(0 [pid 10490] <... futex resumed>) = ? [pid 10479] <... futex resumed>) = ? [pid 10474] <... exit_group resumed>) = ? [pid 10490] +++ exited with 0 +++ [pid 10479] +++ exited with 0 +++ [pid 10474] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10474, si_uid=0, si_status=0, si_utime=1, si_stime=1} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./405", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./405", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./405/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10478] <... mount resumed>) = 0 [pid 295] newfstatat(AT_FDCWD, "./405/binderfs", [pid 10478] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10478] <... openat resumed>) = 3 [pid 295] unlink("./405/binderfs" [pid 10478] chdir("./file0" [pid 295] <... unlink resumed>) = 0 [pid 10478] <... chdir resumed>) = 0 [pid 295] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10478] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10478] ioctl(4, LOOP_CLR_FD) = 0 [pid 10478] close(4) = 0 [pid 10478] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10475] <... futex resumed>) = 0 [pid 10478] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10475] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10475] <... futex resumed>) = 0 [pid 10478] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10475] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10478] <... openat resumed>) = 4 [pid 10478] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10475] <... futex resumed>) = 0 [pid 10478] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10475] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10478] <... write resumed>) = 16 [pid 10475] <... futex resumed>) = 0 [pid 10478] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10475] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10478] <... futex resumed>) = 0 [pid 10475] <... futex resumed>) = 0 [pid 10478] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10475] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10475] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10475] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10493 attached => {parent_tid=[10493]}, 88) = 10493 [pid 10475] rt_sigprocmask(SIG_SETMASK, [], [pid 10493] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10475] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10482] <... close resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 10475] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./407/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./407/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, [pid 10482] mkdir("./file0", 0777 [pid 10475] <... futex resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./407/file0") = 0 [pid 296] getdents64(3, [pid 10482] <... mkdir resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10475] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] close(3) = 0 [pid 296] rmdir("./407" [pid 10493] rt_sigprocmask(SIG_SETMASK, [], [pid 10482] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 296] <... rmdir resumed>) = 0 [pid 295] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] mkdir("./408", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10493] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10494 ./strace-static-x86_64: Process 10494 attached [pid 10493] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 295] newfstatat(AT_FDCWD, "./405/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10493] <... write resumed>) = 16 [pid 295] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10493] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10494] set_robust_list(0x5555557b6760, 24 [ 145.695063][T10479] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10493] <... futex resumed>) = 1 [pid 10475] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 295] openat(AT_FDCWD, "./405/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10493] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10482] <... mount resumed>) = 0 [pid 10475] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10478] <... futex resumed>) = 0 [pid 10475] <... futex resumed>) = 1 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... openat resumed>) = 4 [pid 10482] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10478] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10475] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] newfstatat(AT_FDCWD, "./406/file0", [pid 295] newfstatat(4, "", [pid 10478] <... mmap resumed>) = 0x20000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10478] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10478] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10478] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] openat(AT_FDCWD, "./406/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 10475] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] rmdir("./406/file0" [pid 10482] <... openat resumed>) = 3 [pid 10475] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... rmdir resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10478] <... futex resumed>) = 0 [pid 10475] <... futex resumed>) = 1 [pid 298] getdents64(3, [pid 295] getdents64(4, [pid 10494] <... set_robust_list resumed>) = 0 [pid 10482] chdir("./file0" [pid 10475] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10494] chdir("./408" [pid 10482] <... chdir resumed>) = 0 [pid 295] getdents64(4, [pid 10494] <... chdir resumed>) = 0 [pid 10482] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10494] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10482] <... openat resumed>) = 4 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./406" [pid 10494] <... prctl resumed>) = 0 [pid 10482] ioctl(4, LOOP_CLR_FD [pid 298] <... rmdir resumed>) = 0 [pid 295] close(4 [pid 10482] <... ioctl resumed>) = 0 [pid 298] mkdir("./407", 0777 [pid 10494] setpgid(0, 0 [pid 10482] close(4 [pid 298] <... mkdir resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 10494] <... setpgid resumed>) = 0 [pid 10482] <... close resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 295] rmdir("./405/file0" [pid 10482] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10482] <... futex resumed>) = 1 [pid 10480] <... futex resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 10482] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10480] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10498 [pid 10482] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10480] <... futex resumed>) = 0 [pid 295] getdents64(3, [pid 10482] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10480] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10494] <... openat resumed>) = 3 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10494] write(3, "1000", 4 [pid 10482] <... openat resumed>) = 4 [pid 295] close(3 [pid 10482] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10480] <... futex resumed>) = 0 [pid 10494] <... write resumed>) = 4 [pid 295] <... close resumed>) = 0 [pid 10482] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10480] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10494] close(3 [pid 295] rmdir("./405" [pid 10482] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10480] <... futex resumed>) = 0 [pid 10494] <... close resumed>) = 0 [pid 10482] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10480] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... rmdir resumed>) = 0 [pid 10482] <... write resumed>) = 16 [pid 10480] <... futex resumed>) = 0 [pid 10482] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] mkdir("./406", 0777 [pid 10494] symlink("/dev/binderfs", "./binderfs" [pid 10482] <... futex resumed>) = 0 [pid 10480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10494] <... symlink resumed>) = 0 [pid 10482] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10480] <... mmap resumed>) = 0x7fe45c3a9000 [pid 295] <... mkdir resumed>) = 0 [pid 10480] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10494] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10480] <... mprotect resumed>) = 0 [pid 10494] <... futex resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 10480] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10494] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10480] <... rt_sigprocmask resumed>[], 8) = 0 [pid 295] ioctl(3, LOOP_CLR_FD [pid 10494] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10494] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 295] close(3 [pid 10480] <... clone3 resumed> => {parent_tid=[10499]}, 88) = 10499 [pid 295] <... close resumed>) = 0 [pid 10480] rt_sigprocmask(SIG_SETMASK, [], [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10480] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 10499 attached [pid 10499] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10480] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10500 [pid 10480] <... futex resumed>) = 0 [pid 10480] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10499] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10499] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10480] <... futex resumed>) = 0 [pid 10499] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10480] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10482] <... futex resumed>) = 0 [pid 10480] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10482] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10482] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10480] <... futex resumed>) = 0 [pid 10482] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10480] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10482] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10480] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10500 attached [pid 10500] set_robust_list(0x5555557b6760, 24) = 0 [pid 10500] chdir("./406") = 0 [pid 10500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10500] setpgid(0, 0) = 0 [pid 10500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10500] write(3, "1000", 4) = 4 [pid 10500] close(3) = 0 [pid 10500] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10500] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10500] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10500] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10500] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10500] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10500] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10501]}, 88) = 10501 [pid 10500] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10500] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10500] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10501 attached [ 145.768688][T10478] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10501] set_robust_list(0x7fe45c3ea9a0, 24./strace-static-x86_64: Process 10498 attached [pid 10494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10478] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10501] <... set_robust_list resumed>) = 0 [pid 10478] sendfile(-1, -1, [0] [pid 10501] rt_sigprocmask(SIG_SETMASK, [], [pid 10478] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10501] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10478] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10501] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10478] <... futex resumed>) = 1 [pid 10501] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10478] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10501] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10500] <... futex resumed>) = 0 [pid 10501] memfd_create("syzkaller", 0 [pid 10500] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10501] <... memfd_create resumed>) = 3 [pid 10500] <... futex resumed>) = 0 [pid 10501] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10500] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10501] <... mmap resumed>) = 0x7fe453fca000 [pid 10475] <... futex resumed>) = 0 [pid 10475] exit_group(0 [pid 10493] <... futex resumed>) = ? [pid 10475] <... exit_group resumed>) = ? [pid 10478] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 10493] +++ exited with 0 +++ [pid 10478] +++ exited with 0 +++ [pid 10475] +++ exited with 0 +++ [pid 10480] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10475, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10498] set_robust_list(0x5555557b6760, 24) = 0 [pid 10501] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10498] chdir("./407") = 0 [pid 10498] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 299] umount2("./402", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10498] setpgid(0, 0 [pid 299] openat(AT_FDCWD, "./402", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 10498] <... setpgid resumed>) = 0 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./402/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10498] <... openat resumed>) = 3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10498] write(3, "1000", 4 [pid 299] newfstatat(AT_FDCWD, "./402/binderfs", [pid 10498] <... write resumed>) = 4 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10498] close(3 [pid 10494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] unlink("./402/binderfs" [pid 10498] <... close resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 10498] symlink("/dev/binderfs", "./binderfs" [pid 299] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10494] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10498] <... symlink resumed>) = 0 [pid 10501] <... write resumed>) = 1048576 [pid 10498] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10494] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10482] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10501] munmap(0x7fe453fca000, 138412032) = 0 [pid 10498] <... futex resumed>) = 0 [pid 10498] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10494] <... mprotect resumed>) = 0 [pid 10501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10498] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10494] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10501] ioctl(4, LOOP_SET_FD, 3 [pid 10498] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10494] <... rt_sigprocmask resumed>[], 8) = 0 [ 145.800353][T10482] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10482] sendfile(-1, -1, [0] [pid 10498] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10494] <... clone3 resumed> => {parent_tid=[10502]}, 88) = 10502 [pid 10498] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10494] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... umount2 resumed>) = 0 [pid 10498] <... mprotect resumed>) = 0 [pid 10494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10498] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10494] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10498] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10494] <... futex resumed>) = 0 [pid 10498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10494] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10498] <... clone3 resumed> => {parent_tid=[10503]}, 88) = 10503 ./strace-static-x86_64: Process 10503 attached ./strace-static-x86_64: Process 10502 attached [pid 10501] <... ioctl resumed>) = 0 [pid 10498] rt_sigprocmask(SIG_SETMASK, [], [pid 10482] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10503] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10502] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10501] close(3 [pid 10498] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10482] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10503] <... set_robust_list resumed>) = 0 [pid 10502] <... set_robust_list resumed>) = 0 [pid 10501] <... close resumed>) = 0 [pid 10498] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10482] <... futex resumed>) = 1 [pid 10480] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10503] rt_sigprocmask(SIG_SETMASK, [], [pid 10502] rt_sigprocmask(SIG_SETMASK, [], [pid 10501] close(4 [pid 10498] <... futex resumed>) = 0 [pid 10482] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10480] exit_group(0 [pid 299] newfstatat(AT_FDCWD, "./402/file0", [pid 10503] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10499] <... futex resumed>) = ? [pid 10498] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10482] <... futex resumed>) = ? [pid 10480] <... exit_group resumed>) = ? [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10503] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10502] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10499] +++ exited with 0 +++ [pid 10482] +++ exited with 0 +++ [pid 299] umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10503] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10502] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10503] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10502] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10480] +++ exited with 0 +++ [pid 299] openat(AT_FDCWD, "./402/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10503] <... futex resumed>) = 1 [pid 10502] <... futex resumed>) = 1 [pid 10498] <... futex resumed>) = 0 [pid 10494] <... futex resumed>) = 0 [pid 299] <... openat resumed>) = 4 [pid 10503] memfd_create("syzkaller", 0 [pid 10502] memfd_create("syzkaller", 0 [pid 10498] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10494] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(4, "", [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10480, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 10503] <... memfd_create resumed>) = 3 [pid 10502] <... memfd_create resumed>) = 3 [pid 10498] <... futex resumed>) = 0 [pid 10494] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10498] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10494] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 299] getdents64(4, [pid 10503] <... mmap resumed>) = 0x7fe453fca000 [pid 10502] <... mmap resumed>) = 0x7fe453fca000 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] umount2("./406", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./406", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./406/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./406/binderfs", [pid 299] getdents64(4, [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] unlink("./406/binderfs" [pid 299] close(4 [pid 297] <... unlink resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 297] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] rmdir("./402/file0") = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./402") = 0 [pid 299] mkdir("./403", 0777 [pid 10503] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 299] <... mkdir resumed>) = 0 [pid 10502] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10503] <... write resumed>) = 1048576 [pid 299] <... openat resumed>) = 3 [pid 10503] munmap(0x7fe453fca000, 138412032 [pid 299] ioctl(3, LOOP_CLR_FD [pid 10503] <... munmap resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10503] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 299] close(3 [pid 10503] <... openat resumed>) = 4 [pid 299] <... close resumed>) = 0 [pid 10503] ioctl(4, LOOP_SET_FD, 3 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10504 attached [pid 10502] <... write resumed>) = 1048576 [pid 10504] set_robust_list(0x5555557b6760, 24 [pid 10502] munmap(0x7fe453fca000, 138412032 [pid 10504] <... set_robust_list resumed>) = 0 [pid 10502] <... munmap resumed>) = 0 [pid 10504] chdir("./403" [pid 10502] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10504] <... chdir resumed>) = 0 [pid 10502] <... openat resumed>) = 4 [pid 10504] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10502] ioctl(4, LOOP_SET_FD, 3 [pid 10504] <... prctl resumed>) = 0 [pid 10503] <... ioctl resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10504 [pid 10503] close(3) = 0 [pid 10503] close(4 [pid 10504] setpgid(0, 0) = 0 [pid 10504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10504] write(3, "1000", 4) = 4 [pid 10504] close(3) = 0 [pid 10504] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10504] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10504] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10504] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10504] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10504] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10504] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10505]}, 88) = 10505 [pid 10504] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10504] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10504] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10505 attached [pid 10505] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10501] <... close resumed>) = 0 [pid 10505] rt_sigprocmask(SIG_SETMASK, [], [pid 10502] <... ioctl resumed>) = 0 [pid 10501] mkdir("./file0", 0777) = 0 [pid 10501] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10502] close(3 [pid 10505] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10502] <... close resumed>) = 0 [pid 10505] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10502] close(4 [pid 10505] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10505] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10505] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10504] <... futex resumed>) = 0 [pid 10504] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10504] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10503] <... close resumed>) = 0 [pid 10503] mkdir("./file0", 0777 [pid 10505] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10503] <... mkdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10503] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 297] newfstatat(AT_FDCWD, "./406/file0", [pid 10505] memfd_create("syzkaller", 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10505] <... memfd_create resumed>) = 3 [pid 297] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10505] <... mmap resumed>) = 0x7fe453fca000 [pid 297] openat(AT_FDCWD, "./406/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./406/file0") = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./406") = 0 [pid 297] mkdir("./407", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10506 ./strace-static-x86_64: Process 10506 attached [pid 10506] set_robust_list(0x5555557b6760, 24) = 0 [pid 10506] chdir("./407") = 0 [pid 10506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10506] setpgid(0, 0) = 0 [pid 10506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10506] write(3, "1000", 4) = 4 [pid 10506] close(3) = 0 [pid 10506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10506] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10506] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10506] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10506] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10506] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10506] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10507]}, 88) = 10507 [pid 10506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10506] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10506] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 10507 attached [pid 10507] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10507] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10507] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10506] <... futex resumed>) = 0 [pid 10506] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10506] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10507] <... futex resumed>) = 1 [pid 10507] memfd_create("syzkaller", 0) = 3 [pid 10507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10503] <... mount resumed>) = 0 [pid 10503] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10503] chdir("./file0") = 0 [pid 10503] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10503] ioctl(4, LOOP_CLR_FD) = 0 [pid 10503] close(4) = 0 [pid 10503] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10498] <... futex resumed>) = 0 [pid 10498] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10503] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10498] <... futex resumed>) = 0 [pid 10498] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10503] <... openat resumed>) = 4 [pid 10505] <... write resumed>) = 1048576 [pid 10503] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10505] munmap(0x7fe453fca000, 138412032 [pid 10503] <... futex resumed>) = 1 [pid 10498] <... futex resumed>) = 0 [pid 10498] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10498] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10503] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10498] <... mmap resumed>) = 0x7fe45c3a9000 [ 145.839685][T10501] loop0: detected capacity change from 0 to 2048 [ 145.868462][T10503] loop3: detected capacity change from 0 to 2048 [ 145.876132][T10502] loop1: detected capacity change from 0 to 2048 [pid 10498] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10503] <... write resumed>) = 16 [pid 10498] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10503] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10498] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10502] <... close resumed>) = 0 [pid 10503] <... futex resumed>) = 0 [pid 10502] mkdir("./file0", 0777 [pid 10498] <... clone3 resumed> => {parent_tid=[10512]}, 88) = 10512 [pid 10498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10498] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10498] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10503] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10502] <... mkdir resumed>) = 0 [pid 10502] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10505] <... munmap resumed>) = 0 [pid 10505] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10505] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 10512 attached [pid 10507] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10501] <... mount resumed>) = 0 [pid 10501] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10501] chdir("./file0") = 0 [pid 10501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10501] ioctl(4, LOOP_CLR_FD) = 0 [pid 10501] close(4) = 0 [pid 10501] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10500] <... futex resumed>) = 0 [pid 10501] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10500] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10500] <... futex resumed>) = 0 [pid 10512] set_robust_list(0x7fe45c3c99a0, 24 [pid 10505] <... ioctl resumed>) = 0 [pid 10501] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10500] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10501] <... openat resumed>) = 4 [pid 10512] <... set_robust_list resumed>) = 0 [pid 10501] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10512] rt_sigprocmask(SIG_SETMASK, [], [pid 10501] <... futex resumed>) = 1 [pid 10500] <... futex resumed>) = 0 [pid 10512] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10501] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10500] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10512] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10500] <... futex resumed>) = 0 [pid 10501] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10500] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10512] <... write resumed>) = 16 [pid 10501] <... write resumed>) = 16 [pid 10500] <... futex resumed>) = 0 [pid 10512] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10501] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10498] <... futex resumed>) = 0 [pid 10512] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10501] <... futex resumed>) = 0 [pid 10500] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10498] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10501] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10500] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10498] <... futex resumed>) = 1 [pid 10503] <... futex resumed>) = 0 [pid 10505] close(3 [pid 10503] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10500] <... mprotect resumed>) = 0 [pid 10498] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10505] <... close resumed>) = 0 [pid 10503] <... mmap resumed>) = 0x20000000 [pid 10500] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10505] close(4 [pid 10503] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10500] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10503] <... futex resumed>) = 1 [pid 10500] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10498] <... futex resumed>) = 0 [pid 10503] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 10498] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10500] <... clone3 resumed> => {parent_tid=[10513]}, 88) = 10513 ./strace-static-x86_64: Process 10513 attached [pid 10498] <... futex resumed>) = 0 [pid 10500] rt_sigprocmask(SIG_SETMASK, [], [pid 10513] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10507] <... write resumed>) = 1048576 [pid 10500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10498] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10500] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10500] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10513] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10513] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10500] <... futex resumed>) = 0 [pid 10500] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10500] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10513] <... futex resumed>) = 1 [pid 10513] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10507] munmap(0x7fe453fca000, 138412032) = 0 [pid 10507] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10507] ioctl(4, LOOP_SET_FD, 3 [pid 10503] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10501] <... futex resumed>) = 0 [pid 10501] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10501] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10500] <... futex resumed>) = 0 [pid 10501] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10500] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10500] <... futex resumed>) = 0 [pid 10507] <... ioctl resumed>) = 0 [pid 10503] sendfile(-1, -1, [0] [pid 10507] close(3) = 0 [pid 10507] close(4 [pid 10503] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10503] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10498] <... futex resumed>) = 0 [pid 10498] exit_group(0) = ? [pid 10503] <... futex resumed>) = ? [pid 10503] +++ exited with 0 +++ [pid 10500] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10512] <... futex resumed>) = ? [pid 10512] +++ exited with 0 +++ [pid 10498] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10498, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [ 145.923438][T10505] loop4: detected capacity change from 0 to 2048 [ 145.939870][T10503] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 145.957107][T10507] loop2: detected capacity change from 0 to 2048 [pid 298] umount2("./407", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./407", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./407/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./407/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./407/binderfs") = 0 [pid 298] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10501] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10501] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10501] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10500] <... futex resumed>) = 0 [pid 10501] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10500] exit_group(0 [pid 10513] <... futex resumed>) = ? [pid 10501] <... futex resumed>) = ? [pid 10500] <... exit_group resumed>) = ? [pid 10513] +++ exited with 0 +++ [pid 10501] +++ exited with 0 +++ [pid 10500] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10500, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./406", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./406", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10505] <... close resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 10505] mkdir("./file0", 0777 [pid 10502] <... mount resumed>) = 0 [pid 10502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 295] newfstatat(3, "", [pid 10502] <... openat resumed>) = 3 [pid 10502] chdir("./file0") = 0 [pid 10502] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10505] <... mkdir resumed>) = 0 [pid 10502] <... openat resumed>) = 4 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10505] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10502] ioctl(4, LOOP_CLR_FD) = 0 [pid 295] getdents64(3, [pid 10502] close(4) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10502] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] umount2("./406/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10502] <... futex resumed>) = 1 [pid 10494] <... futex resumed>) = 0 [pid 10502] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10494] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10494] <... futex resumed>) = 0 [pid 295] newfstatat(AT_FDCWD, "./406/binderfs", [pid 10502] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10494] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10502] <... openat resumed>) = 4 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10502] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] unlink("./406/binderfs" [pid 10502] <... futex resumed>) = 1 [pid 10494] <... futex resumed>) = 0 [pid 10502] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10494] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10494] <... futex resumed>) = 0 [pid 295] <... unlink resumed>) = 0 [pid 10502] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10494] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10502] <... write resumed>) = 16 [pid 10494] <... futex resumed>) = 0 [pid 295] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10502] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10502] <... futex resumed>) = 0 [pid 10494] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10502] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10494] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10494] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10516]}, 88) = 10516 ./strace-static-x86_64: Process 10516 attached [pid 10494] rt_sigprocmask(SIG_SETMASK, [], [pid 10516] set_robust_list(0x7fe45c3c99a0, 24 [pid 10494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10494] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10494] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10516] <... set_robust_list resumed>) = 0 [pid 10516] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10516] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10516] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10494] <... futex resumed>) = 0 [pid 10516] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10494] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10502] <... futex resumed>) = 0 [pid 10494] <... futex resumed>) = 1 [pid 10502] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10494] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10507] <... close resumed>) = 0 [pid 10502] <... mmap resumed>) = 0x20000000 [pid 10502] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10494] <... futex resumed>) = 0 [pid 10502] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10494] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10494] <... futex resumed>) = 0 [pid 10507] mkdir("./file0", 0777) = 0 [pid 10507] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10494] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10502] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10502] sendfile(-1, -1, [0] [pid 298] newfstatat(AT_FDCWD, "./407/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./406/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] openat(AT_FDCWD, "./407/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... openat resumed>) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./407/file0") = 0 [pid 295] openat(AT_FDCWD, "./406/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./407" [pid 295] <... openat resumed>) = 4 [pid 298] <... rmdir resumed>) = 0 [pid 298] mkdir("./408", 0777 [pid 295] newfstatat(4, "", [pid 298] <... mkdir resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 295] getdents64(4, [pid 298] <... openat resumed>) = 3 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] ioctl(3, LOOP_CLR_FD [pid 295] getdents64(4, [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(3 [pid 295] close(4 [pid 298] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... close resumed>) = 0 [pid 295] rmdir("./406/file0" [pid 10502] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10519 [pid 10502] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... rmdir resumed>) = 0 [pid 10502] <... futex resumed>) = 1 [pid 10494] <... futex resumed>) = 0 [pid 295] getdents64(3, [pid 10502] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10494] exit_group(0 [pid 10516] <... futex resumed>) = ? [pid 10502] <... futex resumed>) = ? [pid 10494] <... exit_group resumed>) = ? [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 10519 attached [pid 10516] +++ exited with 0 +++ [pid 295] close(3) = 0 [pid 295] rmdir("./406" [pid 10519] set_robust_list(0x5555557b6760, 24 [pid 10502] +++ exited with 0 +++ [pid 10494] +++ exited with 0 +++ [pid 295] <... rmdir resumed>) = 0 [pid 10519] <... set_robust_list resumed>) = 0 [pid 10505] <... mount resumed>) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10494, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 10519] chdir("./408" [pid 10507] <... mount resumed>) = 0 [ 145.959171][T10501] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 146.002724][T10502] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 295] mkdir("./407", 0777 [pid 10519] <... chdir resumed>) = 0 [pid 10507] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10505] <... openat resumed>) = 3 [pid 296] <... restart_syscall resumed>) = 0 [pid 10519] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10507] <... openat resumed>) = 3 [pid 10505] chdir("./file0" [pid 295] <... mkdir resumed>) = 0 [pid 10519] <... prctl resumed>) = 0 [pid 10507] chdir("./file0" [pid 10505] <... chdir resumed>) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10507] <... chdir resumed>) = 0 [pid 10505] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 295] <... openat resumed>) = 3 [pid 10507] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10505] <... openat resumed>) = 4 [pid 296] umount2("./408", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] ioctl(3, LOOP_CLR_FD [pid 10519] setpgid(0, 0 [pid 10507] <... openat resumed>) = 4 [pid 10505] ioctl(4, LOOP_CLR_FD [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10519] <... setpgid resumed>) = 0 [pid 10507] ioctl(4, LOOP_CLR_FD [pid 10505] <... ioctl resumed>) = 0 [pid 296] openat(AT_FDCWD, "./408", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] close(3 [pid 10519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10507] <... ioctl resumed>) = 0 [pid 10505] close(4 [pid 296] <... openat resumed>) = 3 [pid 295] <... close resumed>) = 0 [pid 10519] <... openat resumed>) = 3 [pid 10507] close(4 [pid 10505] <... close resumed>) = 0 [pid 296] newfstatat(3, "", [pid 10519] write(3, "1000", 4 [pid 10507] <... close resumed>) = 0 [pid 10505] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10519] <... write resumed>) = 4 [pid 10507] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10505] <... futex resumed>) = 1 [pid 10504] <... futex resumed>) = 0 [pid 296] getdents64(3, [pid 10519] close(3 [pid 10507] <... futex resumed>) = 1 [pid 10506] <... futex resumed>) = 0 [pid 10505] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10504] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10519] <... close resumed>) = 0 [pid 10507] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10506] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10504] <... futex resumed>) = 0 [pid 296] umount2("./408/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10519] symlink("/dev/binderfs", "./binderfs" [pid 10507] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10506] <... futex resumed>) = 0 [pid 10505] <... openat resumed>) = 4 [pid 10504] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10522 [pid 10519] <... symlink resumed>) = 0 [pid 10507] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10506] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10505] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10504] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] newfstatat(AT_FDCWD, "./408/binderfs", [pid 10519] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10504] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10519] <... futex resumed>) = 0 [pid 10504] <... futex resumed>) = 0 [pid 296] unlink("./408/binderfs" [pid 10519] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10507] <... openat resumed>) = 4 [pid 10505] <... futex resumed>) = 0 [pid 10504] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... unlink resumed>) = 0 [pid 10519] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10507] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10505] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10504] <... futex resumed>) = 0 [pid 296] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10519] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10507] <... futex resumed>) = 1 [pid 10506] <... futex resumed>) = 0 [pid 10505] <... write resumed>) = 16 [pid 10504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10507] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10506] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10504] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10507] <... write resumed>) = 16 [pid 10506] <... futex resumed>) = 0 [pid 10505] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10504] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10519] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10519] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10507] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10506] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10505] <... futex resumed>) = 0 [pid 10504] <... mprotect resumed>) = 0 [pid 10519] <... mprotect resumed>) = 0 [pid 10507] <... futex resumed>) = 0 [pid 10506] <... futex resumed>) = 0 [pid 10505] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10504] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10519] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10507] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10504] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10519] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10506] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10504] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10519] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10506] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10504] <... clone3 resumed> => {parent_tid=[10523]}, 88) = 10523 [pid 10519] <... clone3 resumed> => {parent_tid=[10524]}, 88) = 10524 [pid 10506] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10504] rt_sigprocmask(SIG_SETMASK, [], [pid 10519] rt_sigprocmask(SIG_SETMASK, [], [pid 10506] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10504] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10506] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10504] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10524 attached ./strace-static-x86_64: Process 10523 attached ./strace-static-x86_64: Process 10522 attached [pid 10519] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10504] <... futex resumed>) = 0 [pid 10519] <... futex resumed>) = 0 [pid 10506] <... clone3 resumed> => {parent_tid=[10525]}, 88) = 10525 [pid 10504] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10522] set_robust_list(0x5555557b6760, 24 [pid 10519] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10506] rt_sigprocmask(SIG_SETMASK, [], [pid 10522] <... set_robust_list resumed>) = 0 [pid 10506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10506] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10522] chdir("./407" [pid 10506] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10522] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 10525 attached [pid 10522] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10525] set_robust_list(0x7fe45c3c99a0, 24 [pid 10522] <... prctl resumed>) = 0 [pid 10525] <... set_robust_list resumed>) = 0 [pid 10525] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10525] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10522] setpgid(0, 0) = 0 [pid 10525] <... write resumed>) = 16 [pid 10522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10525] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10506] <... futex resumed>) = 0 [pid 10506] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10522] <... openat resumed>) = 3 [pid 10507] <... futex resumed>) = 0 [pid 10506] <... futex resumed>) = 1 [pid 10507] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10506] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10522] write(3, "1000", 4 [pid 10507] <... mmap resumed>) = 0x20000000 [pid 10507] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10522] <... write resumed>) = 4 [pid 10523] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10522] close(3 [pid 10507] <... futex resumed>) = 1 [pid 10506] <... futex resumed>) = 0 [pid 10507] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10506] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10522] <... close resumed>) = 0 [pid 10523] rt_sigprocmask(SIG_SETMASK, [], [pid 10522] symlink("/dev/binderfs", "./binderfs" [pid 10507] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10506] <... futex resumed>) = 0 [pid 10525] <... futex resumed>) = 1 [pid 10524] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10523] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10522] <... symlink resumed>) = 0 [pid 10524] <... set_robust_list resumed>) = 0 [pid 10523] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10522] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10524] rt_sigprocmask(SIG_SETMASK, [], [pid 10523] <... write resumed>) = 16 [pid 10522] <... futex resumed>) = 0 [pid 10524] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10523] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10522] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10524] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10523] <... futex resumed>) = 1 [pid 10522] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10524] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10523] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10522] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10524] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10524] <... futex resumed>) = 1 [pid 10522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10519] <... futex resumed>) = 0 [pid 10524] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10522] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10519] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10522] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10519] <... futex resumed>) = 0 [pid 10525] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10524] memfd_create("syzkaller", 0 [pid 10522] <... mprotect resumed>) = 0 [pid 10519] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10524] <... memfd_create resumed>) = 3 [pid 10522] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10522] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10524] <... mmap resumed>) = 0x7fe453fca000 [pid 10522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10524] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10522] <... clone3 resumed> => {parent_tid=[10526]}, 88) = 10526 [pid 10522] rt_sigprocmask(SIG_SETMASK, [], [pid 10504] <... futex resumed>) = 0 [pid 10522] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 10526 attached [pid 10522] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10507] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10506] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10504] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... umount2 resumed>) = 0 [pid 10526] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10522] <... futex resumed>) = 0 [pid 10507] sendfile(-1, -1, [0] [pid 10505] <... futex resumed>) = 0 [pid 10504] <... futex resumed>) = 1 [pid 296] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10526] <... set_robust_list resumed>) = 0 [pid 10522] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10507] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10505] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10504] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10526] rt_sigprocmask(SIG_SETMASK, [], [pid 10507] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10505] <... mmap resumed>) = 0x20000000 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10507] <... futex resumed>) = 1 [pid 10506] <... futex resumed>) = 0 [pid 10505] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] newfstatat(AT_FDCWD, "./408/file0", [pid 10526] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10507] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10506] exit_group(0 [pid 10505] <... futex resumed>) = 1 [pid 10504] <... futex resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10526] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10525] <... futex resumed>) = ? [pid 10507] <... futex resumed>) = ? [pid 10506] <... exit_group resumed>) = ? [pid 10505] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10504] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10526] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10525] +++ exited with 0 +++ [pid 10507] +++ exited with 0 +++ [pid 10506] +++ exited with 0 +++ [pid 10505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10504] <... futex resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10526] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10524] <... write resumed>) = 1048576 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10506, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 10526] <... futex resumed>) = 1 [pid 10524] munmap(0x7fe453fca000, 138412032 [pid 10522] <... futex resumed>) = 0 [pid 10526] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10524] <... munmap resumed>) = 0 [pid 10522] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10524] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10522] <... futex resumed>) = 0 [pid 297] umount2("./407", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10526] memfd_create("syzkaller", 0 [pid 10524] <... openat resumed>) = 4 [pid 10522] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 146.086955][T10507] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10526] <... memfd_create resumed>) = 3 [pid 10524] ioctl(4, LOOP_SET_FD, 3 [pid 297] openat(AT_FDCWD, "./407", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10504] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] openat(AT_FDCWD, "./408/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./408/file0") = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./408") = 0 [pid 296] mkdir("./409", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3 [pid 10526] <... mmap resumed>) = 0x7fe453fca000 [pid 10524] <... ioctl resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 296] <... close resumed>) = 0 [pid 10505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10505] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10527 [pid 10505] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10504] <... futex resumed>) = 0 [pid 10505] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10504] exit_group(0 [pid 10523] <... futex resumed>) = ? [pid 10505] <... futex resumed>) = ? [pid 10504] <... exit_group resumed>) = ? [pid 10523] +++ exited with 0 +++ [pid 10505] +++ exited with 0 +++ [pid 10504] +++ exited with 0 +++ ./strace-static-x86_64: Process 10527 attached [pid 10527] set_robust_list(0x5555557b6760, 24) = 0 [pid 10527] chdir("./409") = 0 [pid 10527] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10527] setpgid(0, 0) = 0 [pid 10527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10527] write(3, "1000", 4) = 4 [pid 10527] close(3) = 0 [pid 10527] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10527] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10527] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10527] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10527] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10524] close(3 [pid 297] newfstatat(3, "", [pid 10527] <... mprotect resumed>) = 0 [pid 10527] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10524] <... close resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10504, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10527] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10524] close(4 [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 297] getdents64(3, [pid 299] <... restart_syscall resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./407/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10527] <... clone3 resumed> => {parent_tid=[10528]}, 88) = 10528 [pid 10527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10527] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] umount2("./403", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./407/binderfs", [pid 10527] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] openat(AT_FDCWD, "./403", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 10528 attached [pid 10528] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 299] <... openat resumed>) = 3 [pid 297] unlink("./407/binderfs" [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... unlink resumed>) = 0 [pid 299] getdents64(3, [pid 297] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10528] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./403/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./403/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10528] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 299] unlink("./403/binderfs") = 0 [pid 299] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10528] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10526] <... write resumed>) = 1048576 [pid 10527] <... futex resumed>) = 0 [pid 10527] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10527] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10526] munmap(0x7fe453fca000, 138412032 [pid 10528] memfd_create("syzkaller", 0) = 3 [pid 10528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10526] <... munmap resumed>) = 0 [pid 10526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10526] ioctl(4, LOOP_SET_FD, 3 [pid 10524] <... close resumed>) = 0 [pid 10524] mkdir("./file0", 0777) = 0 [pid 10524] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10528] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10526] <... ioctl resumed>) = 0 [pid 10528] <... write resumed>) = 1048576 [pid 10526] close(3) = 0 [pid 10526] close(4 [pid 10528] munmap(0x7fe453fca000, 138412032) = 0 [pid 10528] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 146.121963][T10505] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 146.127708][T10524] loop3: detected capacity change from 0 to 2048 [ 146.173063][T10526] loop0: detected capacity change from 0 to 2048 [pid 10528] ioctl(4, LOOP_SET_FD, 3 [pid 299] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./407/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] newfstatat(AT_FDCWD, "./403/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./407/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] openat(AT_FDCWD, "./403/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] newfstatat(4, "", [pid 297] getdents64(4, [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4 [pid 299] close(4 [pid 297] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 299] rmdir("./403/file0" [pid 297] rmdir("./407/file0" [pid 299] <... rmdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] rmdir("./407") = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./403" [pid 10528] <... ioctl resumed>) = 0 [pid 297] mkdir("./408", 0777 [pid 299] <... rmdir resumed>) = 0 [pid 299] mkdir("./404", 0777) = 0 [pid 10528] close(3 [pid 297] <... mkdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10529 [pid 10528] <... close resumed>) = 0 [pid 10528] close(4 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10530 ./strace-static-x86_64: Process 10529 attached ./strace-static-x86_64: Process 10530 attached [pid 10529] set_robust_list(0x5555557b6760, 24) = 0 [pid 10529] chdir("./408") = 0 [pid 10529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10530] set_robust_list(0x5555557b6760, 24) = 0 [pid 10524] <... mount resumed>) = 0 [pid 10529] setpgid(0, 0 [pid 10524] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10529] <... setpgid resumed>) = 0 [pid 10529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10524] <... openat resumed>) = 3 [pid 10529] <... openat resumed>) = 3 [pid 10524] chdir("./file0" [pid 10529] write(3, "1000", 4 [pid 10524] <... chdir resumed>) = 0 [pid 10529] <... write resumed>) = 4 [pid 10524] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10529] close(3 [pid 10530] chdir("./404") = 0 [pid 10524] <... openat resumed>) = 4 [pid 10529] <... close resumed>) = 0 [pid 10530] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10529] symlink("/dev/binderfs", "./binderfs" [pid 10526] <... close resumed>) = 0 [pid 10524] ioctl(4, LOOP_CLR_FD [pid 10530] <... prctl resumed>) = 0 [pid 10529] <... symlink resumed>) = 0 [pid 10526] mkdir("./file0", 0777 [pid 10524] <... ioctl resumed>) = 0 [pid 10529] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10524] close(4 [pid 10529] <... futex resumed>) = 0 [pid 10524] <... close resumed>) = 0 [pid 10529] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10526] <... mkdir resumed>) = 0 [pid 10524] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10529] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10524] <... futex resumed>) = 1 [pid 10519] <... futex resumed>) = 0 [pid 10529] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10526] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10524] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10519] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10519] <... futex resumed>) = 0 [pid 10529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10524] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10519] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10530] setpgid(0, 0 [pid 10529] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10530] <... setpgid resumed>) = 0 [pid 10529] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10524] <... openat resumed>) = 4 [pid 10529] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10524] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10529] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10524] <... futex resumed>) = 1 [pid 10519] <... futex resumed>) = 0 [pid 10529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10524] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10519] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10519] <... futex resumed>) = 0 [pid 10529] <... clone3 resumed> => {parent_tid=[10533]}, 88) = 10533 [pid 10524] <... write resumed>) = 16 [pid 10519] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10533 attached [pid 10530] <... openat resumed>) = 3 [pid 10529] rt_sigprocmask(SIG_SETMASK, [], [pid 10524] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10519] <... futex resumed>) = 0 [pid 10529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10524] <... futex resumed>) = 0 [pid 10529] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10524] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10533] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10530] write(3, "1000", 4 [pid 10529] <... futex resumed>) = 0 [pid 10528] <... close resumed>) = 0 [pid 10519] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10533] <... set_robust_list resumed>) = 0 [pid 10533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10533] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10533] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10533] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10529] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10528] mkdir("./file0", 0777 [pid 10530] <... write resumed>) = 4 [pid 10529] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10519] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10530] close(3 [pid 10529] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10528] <... mkdir resumed>) = 0 [pid 10519] <... mprotect resumed>) = 0 [pid 10533] <... futex resumed>) = 0 [pid 10530] <... close resumed>) = 0 [pid 10529] <... futex resumed>) = 1 [pid 10528] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10519] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10533] memfd_create("syzkaller", 0 [pid 10530] symlink("/dev/binderfs", "./binderfs" [pid 10529] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10519] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10533] <... memfd_create resumed>) = 3 [pid 10530] <... symlink resumed>) = 0 [pid 10519] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [ 146.184239][T10528] loop1: detected capacity change from 0 to 2048 [pid 10519] <... clone3 resumed> => {parent_tid=[10534]}, 88) = 10534 [pid 10519] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10519] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10519] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10533] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10530] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10534 attached ) = 0 [pid 10534] set_robust_list(0x7fe45c3c99a0, 24 [pid 10530] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10534] <... set_robust_list resumed>) = 0 [pid 10530] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10534] rt_sigprocmask(SIG_SETMASK, [], [pid 10530] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10534] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10530] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10534] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10534] <... write resumed>) = 16 [pid 10530] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10534] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10530] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10534] <... futex resumed>) = 1 [pid 10530] <... mprotect resumed>) = 0 [pid 10519] <... futex resumed>) = 0 [pid 10534] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10530] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10519] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10530] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10524] <... futex resumed>) = 0 [pid 10519] <... futex resumed>) = 1 [pid 10533] <... write resumed>) = 1048576 [pid 10530] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10524] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10519] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10537 attached [pid 10533] munmap(0x7fe453fca000, 138412032 [pid 10524] <... mmap resumed>) = 0x20000000 [pid 10530] <... clone3 resumed> => {parent_tid=[10537]}, 88) = 10537 [pid 10524] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10530] rt_sigprocmask(SIG_SETMASK, [], [pid 10526] <... mount resumed>) = 0 [pid 10524] <... futex resumed>) = 1 [pid 10519] <... futex resumed>) = 0 [pid 10537] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10533] <... munmap resumed>) = 0 [pid 10530] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10526] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10524] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10519] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10537] <... set_robust_list resumed>) = 0 [pid 10533] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10530] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10526] <... openat resumed>) = 3 [pid 10524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10519] <... futex resumed>) = 0 [pid 10537] rt_sigprocmask(SIG_SETMASK, [], [pid 10533] <... openat resumed>) = 4 [pid 10530] <... futex resumed>) = 0 [pid 10526] chdir("./file0" [pid 10519] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10533] ioctl(4, LOOP_SET_FD, 3 [pid 10526] <... chdir resumed>) = 0 [pid 10537] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10530] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10526] ioctl(4, LOOP_CLR_FD) = 0 [pid 10526] close(4) = 0 [pid 10526] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10522] <... futex resumed>) = 0 [pid 10526] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10522] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10522] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10537] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10537] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10530] <... futex resumed>) = 0 [pid 10537] memfd_create("syzkaller", 0 [pid 10530] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10537] <... memfd_create resumed>) = 3 [pid 10530] <... futex resumed>) = 0 [pid 10537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10530] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10537] <... mmap resumed>) = 0x7fe453fca000 [pid 10533] <... ioctl resumed>) = 0 [pid 10533] close(3) = 0 [pid 10533] close(4 [pid 10526] <... openat resumed>) = 4 [pid 10526] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10522] <... futex resumed>) = 0 [pid 10522] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10526] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10524] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10522] <... futex resumed>) = 0 [pid 10526] <... write resumed>) = 16 [pid 10522] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10526] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10526] <... futex resumed>) = 0 [pid 10522] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10526] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10538 attached [pid 10524] sendfile(-1, -1, [0] [pid 10522] <... clone3 resumed> => {parent_tid=[10538]}, 88) = 10538 [pid 10522] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10522] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10538] set_robust_list(0x7fe45c3c99a0, 24 [pid 10537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10524] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10522] <... futex resumed>) = 0 [pid 10522] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10524] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10538] <... set_robust_list resumed>) = 0 [pid 10524] <... futex resumed>) = 1 [pid 10519] <... futex resumed>) = 0 [pid 10524] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10538] rt_sigprocmask(SIG_SETMASK, [], [pid 10519] exit_group(0 [pid 10534] <... futex resumed>) = ? [pid 10519] <... exit_group resumed>) = ? [pid 10534] +++ exited with 0 +++ [pid 10524] <... futex resumed>) = ? [pid 10538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10524] +++ exited with 0 +++ [pid 10519] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10519, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 10538] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10538] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10522] <... futex resumed>) = 0 [pid 10522] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... restart_syscall resumed>) = 0 [pid 10526] <... futex resumed>) = 0 [pid 10522] <... futex resumed>) = 1 [pid 10526] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10522] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10526] <... mmap resumed>) = 0x20000000 [pid 298] umount2("./408", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10526] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10526] <... futex resumed>) = 1 [pid 10522] <... futex resumed>) = 0 [pid 298] openat(AT_FDCWD, "./408", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10526] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10522] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... openat resumed>) = 3 [pid 10522] <... futex resumed>) = 0 [pid 10538] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10522] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] newfstatat(3, "", [pid 10537] <... write resumed>) = 1048576 [pid 10537] munmap(0x7fe453fca000, 138412032) = 0 [pid 10537] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 146.240218][T10524] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 146.240748][T10533] loop2: detected capacity change from 0 to 2048 [pid 10537] ioctl(4, LOOP_SET_FD, 3 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, [pid 10533] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10533] mkdir("./file0", 0777) = 0 [pid 10533] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] umount2("./408/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./408/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./408/binderfs") = 0 [pid 298] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10537] <... ioctl resumed>) = 0 [pid 10537] close(3) = 0 [pid 10537] close(4 [pid 10526] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10526] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10526] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10522] <... futex resumed>) = 0 [pid 10522] exit_group(0) = ? [pid 10538] <... futex resumed>) = ? [pid 10538] +++ exited with 0 +++ [pid 10526] +++ exited with 0 +++ [pid 10522] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10522, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 10533] <... mount resumed>) = 0 [pid 295] <... restart_syscall resumed>) = 0 [pid 10533] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 295] umount2("./407", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./407", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 10533] chdir("./file0" [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, [pid 10533] <... chdir resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./407/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./407/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./407/binderfs") = 0 [pid 295] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10533] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10533] ioctl(4, LOOP_CLR_FD) = 0 [pid 10533] close(4 [pid 298] <... umount2 resumed>) = 0 [pid 10533] <... close resumed>) = 0 [pid 10537] <... close resumed>) = 0 [pid 10533] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10537] mkdir("./file0", 0777) = 0 [pid 10537] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./408/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./408/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./408/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./408") = 0 [pid 298] mkdir("./409", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10541 ./strace-static-x86_64: Process 10541 attached [pid 10533] <... futex resumed>) = 1 [pid 10529] <... futex resumed>) = 0 [pid 10533] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10529] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10529] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10533] <... openat resumed>) = 4 [pid 10541] set_robust_list(0x5555557b6760, 24) = 0 [pid 10533] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10529] <... futex resumed>) = 0 [pid 10529] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10533] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10529] <... futex resumed>) = 0 [pid 10529] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10533] <... write resumed>) = 16 [pid 10529] <... futex resumed>) = 0 [pid 10533] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10533] <... futex resumed>) = 0 [pid 10529] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10533] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10529] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10543]}, 88) = 10543 [pid 10529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10529] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10529] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10541] chdir("./409") = 0 [pid 10541] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10541] setpgid(0, 0 [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10541] <... setpgid resumed>) = 0 [pid 10541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 146.278315][T10526] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 146.283486][T10537] loop4: detected capacity change from 0 to 2048 [pid 295] newfstatat(AT_FDCWD, "./407/file0", [pid 10541] write(3, "1000", 4 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 10543 attached [pid 295] openat(AT_FDCWD, "./407/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10543] set_robust_list(0x7fe45c3c99a0, 24 [pid 295] <... openat resumed>) = 4 [pid 10543] <... set_robust_list resumed>) = 0 [pid 295] newfstatat(4, "", [pid 10543] rt_sigprocmask(SIG_SETMASK, [], [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] getdents64(4, [pid 10543] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10543] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] getdents64(4, [pid 10543] <... futex resumed>) = 1 [pid 10529] <... futex resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10543] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10529] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] close(4 [pid 10533] <... futex resumed>) = 0 [pid 10529] <... futex resumed>) = 1 [pid 10533] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10529] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... close resumed>) = 0 [pid 10533] <... mmap resumed>) = 0x20000000 [pid 295] rmdir("./407/file0" [pid 10533] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10529] <... futex resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 10533] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10529] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] getdents64(3, [pid 10533] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10529] <... futex resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10537] <... mount resumed>) = 0 [pid 10528] <... mount resumed>) = 0 [pid 10537] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10528] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10541] <... write resumed>) = 4 [pid 10537] <... openat resumed>) = 3 [pid 10528] <... openat resumed>) = 3 [pid 10541] close(3 [pid 10537] chdir("./file0" [pid 10528] chdir("./file0" [pid 10541] <... close resumed>) = 0 [pid 10537] <... chdir resumed>) = 0 [pid 10528] <... chdir resumed>) = 0 [pid 10541] symlink("/dev/binderfs", "./binderfs" [pid 10537] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10528] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10541] <... symlink resumed>) = 0 [pid 10537] <... openat resumed>) = 4 [pid 10528] <... openat resumed>) = 4 [pid 10541] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10537] ioctl(4, LOOP_CLR_FD [pid 10528] ioctl(4, LOOP_CLR_FD [pid 10541] <... futex resumed>) = 0 [pid 10537] <... ioctl resumed>) = 0 [pid 10528] <... ioctl resumed>) = 0 [pid 10541] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10537] close(4 [pid 10528] close(4 [pid 10541] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10537] <... close resumed>) = 0 [pid 10528] <... close resumed>) = 0 [pid 10541] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10537] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10528] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10537] <... futex resumed>) = 1 [pid 10530] <... futex resumed>) = 0 [pid 10528] <... futex resumed>) = 1 [pid 10527] <... futex resumed>) = 0 [pid 10541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10537] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10530] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10528] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10527] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10541] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10530] <... futex resumed>) = 0 [pid 10528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10527] <... futex resumed>) = 0 [pid 10541] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10537] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10530] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10528] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10527] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10541] <... mprotect resumed>) = 0 [pid 10537] <... openat resumed>) = 4 [pid 10528] <... openat resumed>) = 4 [pid 10541] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10537] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10528] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10541] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10537] <... futex resumed>) = 1 [pid 10530] <... futex resumed>) = 0 [pid 10528] <... futex resumed>) = 1 [pid 10527] <... futex resumed>) = 0 [pid 10541] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10537] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10530] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10528] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10527] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10530] <... futex resumed>) = 0 [pid 10528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10527] <... futex resumed>) = 0 [pid 10541] <... clone3 resumed> => {parent_tid=[10547]}, 88) = 10547 [pid 10537] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10530] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10528] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10527] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10541] rt_sigprocmask(SIG_SETMASK, [], [pid 10537] <... write resumed>) = 16 [pid 10530] <... futex resumed>) = 0 [pid 10528] <... write resumed>) = 16 [pid 10527] <... futex resumed>) = 0 [pid 10541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10537] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10528] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10541] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10537] <... futex resumed>) = 0 [pid 10530] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10528] <... futex resumed>) = 0 [pid 10527] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10541] <... futex resumed>) = 0 [pid 10537] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10530] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10529] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10528] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10527] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 295] close(3 [pid 10541] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10530] <... mprotect resumed>) = 0 [pid 10527] <... mprotect resumed>) = 0 [pid 10530] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10527] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] <... close resumed>) = 0 [pid 10530] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10527] <... rt_sigprocmask resumed>[], 8) = 0 [pid 295] rmdir("./407" [pid 10530] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 295] <... rmdir resumed>) = 0 [pid 10530] <... clone3 resumed> => {parent_tid=[10548]}, 88) = 10548 [pid 10527] <... clone3 resumed> => {parent_tid=[10549]}, 88) = 10549 [pid 295] mkdir("./408", 0777 [pid 10530] rt_sigprocmask(SIG_SETMASK, [], [pid 10527] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 10547 attached [pid 10530] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10527] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 10547] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10530] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10527] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10547] <... set_robust_list resumed>) = 0 [pid 10530] <... futex resumed>) = 0 [pid 10527] <... futex resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 10547] rt_sigprocmask(SIG_SETMASK, [], [pid 10530] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10527] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10547] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10547] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10547] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10541] <... futex resumed>) = 0 [pid 10547] memfd_create("syzkaller", 0 [pid 10541] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] ioctl(3, LOOP_CLR_FD [pid 10547] <... memfd_create resumed>) = 3 [pid 10541] <... futex resumed>) = 0 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10541] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 10549 attached [pid 10547] <... mmap resumed>) = 0x7fe453fca000 [pid 10549] set_robust_list(0x7fe45c3c99a0, 24 [pid 295] close(3./strace-static-x86_64: Process 10548 attached [pid 10549] <... set_robust_list resumed>) = 0 [pid 10549] rt_sigprocmask(SIG_SETMASK, [], [pid 10548] set_robust_list(0x7fe45c3c99a0, 24 [pid 295] <... close resumed>) = 0 [pid 10549] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10548] <... set_robust_list resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10549] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10548] rt_sigprocmask(SIG_SETMASK, [], [pid 10549] <... write resumed>) = 16 [pid 10548] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10550 [pid 10549] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10548] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10549] <... futex resumed>) = 1 [pid 10548] <... write resumed>) = 16 [pid 10527] <... futex resumed>) = 0 [pid 10527] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10528] <... futex resumed>) = 0 [pid 10527] <... futex resumed>) = 1 [pid 10528] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10527] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10528] <... mmap resumed>) = 0x20000000 [pid 10528] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10527] <... futex resumed>) = 0 [pid 10549] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10548] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10547] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10533] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10528] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10527] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10548] <... futex resumed>) = 1 [pid 10533] sendfile(-1, -1, [0] [pid 10530] <... futex resumed>) = 0 [pid 10528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 146.360201][T10533] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10527] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10550 attached [pid 10548] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10533] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10530] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10527] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10537] <... futex resumed>) = 0 [pid 10533] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10530] <... futex resumed>) = 1 [pid 10550] set_robust_list(0x5555557b6760, 24 [pid 10537] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10533] <... futex resumed>) = 1 [pid 10530] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10529] <... futex resumed>) = 0 [pid 10550] <... set_robust_list resumed>) = 0 [pid 10537] <... mmap resumed>) = 0x20000000 [pid 10533] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10529] exit_group(0 [pid 10543] <... futex resumed>) = ? [pid 10537] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10533] <... futex resumed>) = ? [pid 10529] <... exit_group resumed>) = ? [pid 10550] chdir("./408" [pid 10543] +++ exited with 0 +++ [pid 10537] <... futex resumed>) = 1 [pid 10533] +++ exited with 0 +++ [pid 10530] <... futex resumed>) = 0 [pid 10529] +++ exited with 0 +++ [pid 10550] <... chdir resumed>) = 0 [pid 10537] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10530] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10529, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10550] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10530] <... futex resumed>) = 0 [pid 10550] <... prctl resumed>) = 0 [pid 10547] <... write resumed>) = 1048576 [pid 10550] setpgid(0, 0 [pid 10547] munmap(0x7fe453fca000, 138412032 [pid 10550] <... setpgid resumed>) = 0 [pid 10547] <... munmap resumed>) = 0 [pid 10550] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10547] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10550] <... openat resumed>) = 3 [pid 10547] <... openat resumed>) = 4 [pid 10550] write(3, "1000", 4 [pid 10547] ioctl(4, LOOP_SET_FD, 3 [pid 10550] <... write resumed>) = 4 [pid 10537] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10530] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10537] sendfile(-1, -1, [0] [pid 297] umount2("./408", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10537] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10537] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] openat(AT_FDCWD, "./408", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10537] <... futex resumed>) = 1 [pid 10530] <... futex resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 10537] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10530] exit_group(0 [pid 297] newfstatat(3, "", [pid 10548] <... futex resumed>) = ? [pid 10537] <... futex resumed>) = ? [pid 10530] <... exit_group resumed>) = ? [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10548] +++ exited with 0 +++ [pid 10537] +++ exited with 0 +++ [pid 10530] +++ exited with 0 +++ [pid 297] getdents64(3, [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10530, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./408/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] umount2("./404", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./408/binderfs", [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] openat(AT_FDCWD, "./404", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] unlink("./408/binderfs" [pid 299] <... openat resumed>) = 3 [pid 297] <... unlink resumed>) = 0 [pid 299] newfstatat(3, "", [pid 297] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./404/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./404/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./404/binderfs") = 0 [pid 299] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10528] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10528] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10528] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10527] <... futex resumed>) = 0 [pid 10528] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10527] exit_group(0 [pid 10549] <... futex resumed>) = ? [pid 10528] <... futex resumed>) = ? [pid 10527] <... exit_group resumed>) = ? [pid 10550] close(3 [pid 10549] +++ exited with 0 +++ [pid 10547] <... ioctl resumed>) = 0 [pid 10550] <... close resumed>) = 0 [pid 10547] close(3 [pid 10550] symlink("/dev/binderfs", "./binderfs" [pid 10547] <... close resumed>) = 0 [pid 10550] <... symlink resumed>) = 0 [pid 10550] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10547] close(4 [pid 10550] <... futex resumed>) = 0 [pid 10550] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10528] +++ exited with 0 +++ [pid 10527] +++ exited with 0 +++ [pid 10550] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10527, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 10550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 10550] <... mmap resumed>) = 0x7fe45c3ca000 [pid 296] <... restart_syscall resumed>) = 0 [pid 10550] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 296] umount2("./409", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10550] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./409", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, [pid 10550] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10550] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 296] umount2("./409/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10550] <... clone3 resumed> => {parent_tid=[10551]}, 88) = 10551 [pid 10550] rt_sigprocmask(SIG_SETMASK, [], [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10550] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] newfstatat(AT_FDCWD, "./409/binderfs", [pid 10550] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10550] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] unlink("./409/binderfs"./strace-static-x86_64: Process 10551 attached [pid 10551] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10551] rt_sigprocmask(SIG_SETMASK, [], [pid 296] <... unlink resumed>) = 0 [pid 296] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10551] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10551] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10551] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10550] <... futex resumed>) = 0 [pid 10550] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10550] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10551] <... futex resumed>) = 1 [pid 10551] memfd_create("syzkaller", 0) = 3 [pid 10551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10551] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10551] munmap(0x7fe453fca000, 138412032) = 0 [pid 10551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 146.416486][T10528] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 146.436217][T10537] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 146.442264][T10547] loop3: detected capacity change from 0 to 2048 [pid 10551] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10551] close(3) = 0 [pid 10551] close(4 [pid 299] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 299] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./404/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./404/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] <... umount2 resumed>) = 0 [pid 297] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./404/file0" [pid 10547] <... close resumed>) = 0 [pid 296] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10547] mkdir("./file0", 0777 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10547] <... mkdir resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10547] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 299] getdents64(3, [pid 297] newfstatat(AT_FDCWD, "./408/file0", [pid 296] newfstatat(AT_FDCWD, "./409/file0", [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./408/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./409/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] close(3 [pid 297] <... openat resumed>) = 4 [pid 296] <... openat resumed>) = 4 [pid 299] <... close resumed>) = 0 [pid 297] newfstatat(4, "", [pid 296] newfstatat(4, "", [pid 299] rmdir("./404" [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, [pid 296] getdents64(4, [pid 299] <... rmdir resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, [pid 296] getdents64(4, [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4 [pid 296] close(4 [pid 297] <... close resumed>) = 0 [pid 299] mkdir("./405", 0777 [pid 296] <... close resumed>) = 0 [pid 297] rmdir("./408/file0" [pid 296] rmdir("./409/file0" [pid 299] <... mkdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 296] close(3 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] <... close resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 297] close(3 [pid 296] rmdir("./409" [pid 297] <... close resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] rmdir("./408" [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... rmdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 297] mkdir("./409", 0777 [pid 299] close(3 [pid 296] mkdir("./410", 0777 [pid 299] <... close resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... openat resumed>) = 3 [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] ioctl(3, LOOP_CLR_FD [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10552 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10553 [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10552 attached [pid 10552] set_robust_list(0x5555557b6760, 24) = 0 [pid 10552] chdir("./405" [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10554 [pid 10552] <... chdir resumed>) = 0 [pid 10552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10552] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 10554 attached ./strace-static-x86_64: Process 10553 attached [pid 10552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10553] set_robust_list(0x5555557b6760, 24 [pid 10552] <... openat resumed>) = 3 [pid 10553] <... set_robust_list resumed>) = 0 [pid 10552] write(3, "1000", 4 [pid 10553] chdir("./410" [pid 10552] <... write resumed>) = 4 [pid 10553] <... chdir resumed>) = 0 [pid 10553] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10553] setpgid(0, 0) = 0 [pid 10553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10552] close(3 [pid 10553] write(3, "1000", 4) = 4 [pid 10553] close(3) = 0 [pid 10552] <... close resumed>) = 0 [pid 10553] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10552] symlink("/dev/binderfs", "./binderfs" [pid 10553] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10553] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10553] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10553] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10554] set_robust_list(0x5555557b6760, 24 [pid 10553] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10554] <... set_robust_list resumed>) = 0 [pid 10553] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10554] chdir("./409" [pid 10553] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10554] <... chdir resumed>) = 0 [pid 10554] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10553] <... clone3 resumed> => {parent_tid=[10555]}, 88) = 10555 [pid 10554] <... prctl resumed>) = 0 [pid 10554] setpgid(0, 0 [pid 10553] rt_sigprocmask(SIG_SETMASK, [], [pid 10554] <... setpgid resumed>) = 0 [pid 10553] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10553] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10555 attached [pid 10554] <... openat resumed>) = 3 [pid 10553] <... futex resumed>) = 0 [pid 10552] <... symlink resumed>) = 0 [pid 10554] write(3, "1000", 4 [pid 10553] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10554] <... write resumed>) = 4 [pid 10554] close(3) = 0 [pid 10554] symlink("/dev/binderfs", "./binderfs" [pid 10555] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10554] <... symlink resumed>) = 0 [pid 10552] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10554] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10554] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10554] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10554] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10554] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10552] <... futex resumed>) = 0 [pid 10555] <... set_robust_list resumed>) = 0 [pid 10554] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10554] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10555] rt_sigprocmask(SIG_SETMASK, [], [pid 10552] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10554] <... clone3 resumed> => {parent_tid=[10556]}, 88) = 10556 [pid 10554] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10554] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10552] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10554] <... futex resumed>) = 0 [pid 10554] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10552] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], ./strace-static-x86_64: Process 10556 attached [pid 10556] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10552] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10556] <... set_robust_list resumed>) = 0 [pid 10552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10556] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10552] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10552] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10556] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10552] <... mprotect resumed>) = 0 [pid 10556] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10554] <... futex resumed>) = 0 [pid 10554] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10554] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10552] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10556] <... futex resumed>) = 1 [pid 10552] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10556] memfd_create("syzkaller", 0) = 3 [pid 10556] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10552] <... clone3 resumed> => {parent_tid=[10557]}, 88) = 10557 ./strace-static-x86_64: Process 10557 attached [pid 10555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10552] rt_sigprocmask(SIG_SETMASK, [], [pid 10551] <... close resumed>) = 0 [pid 10551] mkdir("./file0", 0777 [pid 10557] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10555] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10552] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10551] <... mkdir resumed>) = 0 [pid 10551] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10557] <... set_robust_list resumed>) = 0 [pid 10555] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10552] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10557] rt_sigprocmask(SIG_SETMASK, [], [pid 10556] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10555] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10552] <... futex resumed>) = 0 [pid 10552] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10557] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10555] <... futex resumed>) = 1 [pid 10553] <... futex resumed>) = 0 [pid 10553] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10553] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10555] memfd_create("syzkaller", 0 [pid 10557] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10555] <... memfd_create resumed>) = 3 [pid 10557] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10557] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10555] <... mmap resumed>) = 0x7fe453fca000 [pid 10557] <... futex resumed>) = 1 [pid 10552] <... futex resumed>) = 0 [pid 10552] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10552] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10556] <... write resumed>) = 1048576 [pid 10556] munmap(0x7fe453fca000, 138412032) = 0 [pid 10556] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10556] ioctl(4, LOOP_SET_FD, 3 [pid 10557] memfd_create("syzkaller", 0) = 3 [pid 10557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [ 146.476389][T10551] loop0: detected capacity change from 0 to 2048 [pid 10555] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10551] <... mount resumed>) = 0 [pid 10555] munmap(0x7fe453fca000, 138412032 [pid 10551] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10551] chdir("./file0") = 0 [pid 10551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10551] ioctl(4, LOOP_CLR_FD) = 0 [pid 10551] close(4) = 0 [pid 10551] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10550] <... futex resumed>) = 0 [pid 10551] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10550] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10550] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10551] <... openat resumed>) = 4 [pid 10551] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10550] <... futex resumed>) = 0 [pid 10551] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10550] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10551] <... write resumed>) = 16 [pid 10550] <... futex resumed>) = 0 [pid 10551] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10550] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10551] <... futex resumed>) = 0 [pid 10550] <... futex resumed>) = 0 [pid 10551] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10550] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10550] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10550] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10557] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10555] <... munmap resumed>) = 0 [pid 10550] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10550] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10561]}, 88) = 10561 [pid 10550] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10550] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10550] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10555] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 ./strace-static-x86_64: Process 10561 attached [pid 10555] ioctl(4, LOOP_SET_FD, 3 [pid 10556] <... ioctl resumed>) = 0 [pid 10556] close(3) = 0 [pid 10556] close(4) = 0 [pid 10556] mkdir("./file0", 0777) = 0 [pid 10556] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10557] <... write resumed>) = 1048576 [pid 10557] munmap(0x7fe453fca000, 138412032) = 0 [pid 10557] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10557] ioctl(4, LOOP_SET_FD, 3 [pid 10547] <... mount resumed>) = 0 [pid 10547] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10547] chdir("./file0") = 0 [pid 10547] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10547] ioctl(4, LOOP_CLR_FD) = 0 [pid 10547] close(4) = 0 [pid 10547] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10541] <... futex resumed>) = 0 [pid 10541] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10547] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10541] <... futex resumed>) = 0 [pid 10557] <... ioctl resumed>) = 0 [pid 10557] close(3 [pid 10541] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10547] <... openat resumed>) = 4 [pid 10547] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10547] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10557] <... close resumed>) = 0 [pid 10557] close(4 [pid 10561] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10561] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10561] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10541] <... futex resumed>) = 0 [pid 10561] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10541] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10547] <... futex resumed>) = 0 [pid 10550] <... futex resumed>) = 0 [pid 10550] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10551] <... futex resumed>) = 0 [pid 10550] <... futex resumed>) = 1 [pid 10551] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10550] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10551] <... mmap resumed>) = 0x20000000 [pid 10551] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10550] <... futex resumed>) = 0 [ 146.530466][T10556] loop2: detected capacity change from 0 to 2048 [ 146.566388][T10555] loop1: detected capacity change from 0 to 2048 [ 146.569916][T10557] loop4: detected capacity change from 0 to 2048 [pid 10561] <... futex resumed>) = 1 [pid 10555] <... ioctl resumed>) = 0 [pid 10550] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10547] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10541] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10550] <... futex resumed>) = 0 [pid 10547] <... write resumed>) = 16 [pid 10541] <... futex resumed>) = 0 [pid 10550] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10547] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10547] <... futex resumed>) = 0 [pid 10541] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10547] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10541] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10541] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10541] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10563]}, 88) = 10563 [pid 10541] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10541] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10541] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10561] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10555] close(3) = 0 [pid 10555] close(4./strace-static-x86_64: Process 10563 attached [pid 10563] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10563] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10563] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10563] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10541] <... futex resumed>) = 0 [pid 10551] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10541] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10551] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10551] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10551] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10550] <... futex resumed>) = 0 [pid 10541] <... futex resumed>) = 1 [pid 10541] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10550] exit_group(0 [pid 10547] <... futex resumed>) = 0 [pid 10561] <... futex resumed>) = ? [pid 10556] <... mount resumed>) = 0 [pid 10551] <... futex resumed>) = ? [pid 10550] <... exit_group resumed>) = ? [pid 10556] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10556] chdir("./file0") = 0 [pid 10547] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10556] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10547] <... mmap resumed>) = 0x20000000 [pid 10556] ioctl(4, LOOP_CLR_FD [pid 10547] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10556] <... ioctl resumed>) = 0 [pid 10556] close(4) = 0 [pid 10547] <... futex resumed>) = 1 [pid 10541] <... futex resumed>) = 0 [pid 10556] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10547] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10541] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10556] <... futex resumed>) = 1 [pid 10554] <... futex resumed>) = 0 [pid 10547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10541] <... futex resumed>) = 0 [pid 10556] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10554] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10554] <... futex resumed>) = 0 [pid 10556] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10554] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10561] +++ exited with 0 +++ [pid 10551] +++ exited with 0 +++ [pid 10550] +++ exited with 0 +++ [pid 10541] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10556] <... openat resumed>) = 4 [pid 10556] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10554] <... futex resumed>) = 0 [pid 10556] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10554] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10554] <... futex resumed>) = 0 [pid 10556] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10554] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10556] <... write resumed>) = 16 [pid 10554] <... futex resumed>) = 0 [pid 10556] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10556] <... futex resumed>) = 0 [pid 10554] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10556] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10554] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10554] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10554] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10566]}, 88) = 10566 [pid 10554] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10554] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10554] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10550, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./408", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./408", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./408/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./408/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./408/binderfs") = 0 [pid 295] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10566 attached [pid 10566] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10566] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10566] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10554] <... futex resumed>) = 0 [pid 10566] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10554] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10556] <... futex resumed>) = 0 [pid 10554] <... futex resumed>) = 1 [pid 10556] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10554] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10556] <... mmap resumed>) = 0x20000000 [pid 10556] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10554] <... futex resumed>) = 0 [pid 10556] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10554] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10554] <... futex resumed>) = 0 [pid 10554] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10547] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10547] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10547] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10541] <... futex resumed>) = 0 [pid 10547] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10541] exit_group(0 [pid 10563] <... futex resumed>) = ? [pid 10547] <... futex resumed>) = ? [pid 10541] <... exit_group resumed>) = ? [pid 10563] +++ exited with 0 +++ [pid 10547] +++ exited with 0 +++ [pid 10541] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10541, si_uid=0, si_status=0, si_utime=1, si_stime=2} --- [pid 298] umount2("./409", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./409", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./409/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./409/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./409/binderfs") = 0 [ 146.585669][T10551] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 146.605202][T10547] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 298] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10556] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10556] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10556] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10554] <... futex resumed>) = 0 [pid 10556] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10554] exit_group(0 [pid 10566] <... futex resumed>) = ? [pid 10554] <... exit_group resumed>) = ? [pid 10566] +++ exited with 0 +++ [pid 10556] <... futex resumed>) = ? [pid 10557] <... close resumed>) = 0 [pid 10555] <... close resumed>) = 0 [pid 10557] mkdir("./file0", 0777 [pid 10555] mkdir("./file0", 0777 [pid 10557] <... mkdir resumed>) = 0 [pid 10556] +++ exited with 0 +++ [pid 10554] +++ exited with 0 +++ [pid 10557] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10555] <... mkdir resumed>) = 0 [pid 10555] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10554, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 297] umount2("./409", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./409", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./409/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./409/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./409/binderfs") = 0 [pid 297] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10555] <... mount resumed>) = 0 [pid 10555] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10555] chdir("./file0") = 0 [pid 10555] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10555] ioctl(4, LOOP_CLR_FD) = 0 [pid 10555] close(4) = 0 [pid 10555] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10553] <... futex resumed>) = 0 [pid 10553] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10553] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10555] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10555] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10553] <... futex resumed>) = 0 [pid 10553] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10553] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10553] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10555] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10553] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10555] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10553] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10555] <... futex resumed>) = 0 [pid 10553] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10555] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10557] <... mount resumed>) = 0 [pid 10557] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 10571 attached [pid 10553] <... clone3 resumed> => {parent_tid=[10571]}, 88) = 10571 [pid 10557] <... openat resumed>) = 3 [pid 10553] rt_sigprocmask(SIG_SETMASK, [], [pid 10571] set_robust_list(0x7fe45c3c99a0, 24 [pid 10557] chdir("./file0" [pid 10553] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10571] <... set_robust_list resumed>) = 0 [pid 10553] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10557] <... chdir resumed>) = 0 [pid 10553] <... futex resumed>) = 0 [pid 10571] rt_sigprocmask(SIG_SETMASK, [], [pid 10557] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10553] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10557] <... openat resumed>) = 4 [pid 10557] ioctl(4, LOOP_CLR_FD [pid 10571] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10557] <... ioctl resumed>) = 0 [pid 10557] close(4 [pid 10571] <... write resumed>) = 16 [pid 10557] <... close resumed>) = 0 [pid 10571] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10557] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10553] <... futex resumed>) = 0 [pid 10552] <... futex resumed>) = 0 [pid 10557] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10553] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10552] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10555] <... futex resumed>) = 0 [pid 10553] <... futex resumed>) = 1 [pid 10552] <... futex resumed>) = 1 [pid 10557] <... futex resumed>) = 0 [pid 10555] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10553] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10552] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10555] <... mmap resumed>) = 0x20000000 [pid 10571] <... futex resumed>) = 1 [pid 10557] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10571] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10555] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10553] <... futex resumed>) = 0 [pid 10555] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10553] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10553] <... futex resumed>) = 0 [ 146.618825][T10556] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10553] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./409/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./409/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./409/file0") = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./409") = 0 [pid 297] mkdir("./410", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10572 ./strace-static-x86_64: Process 10572 attached [pid 10572] set_robust_list(0x5555557b6760, 24) = 0 [pid 10572] chdir("./410") = 0 [pid 10572] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10572] setpgid(0, 0) = 0 [pid 10572] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10572] write(3, "1000", 4) = 4 [pid 10572] close(3) = 0 [pid 10572] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10572] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10572] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10572] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10572] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10572] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10572] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10573]}, 88) = 10573 [pid 10572] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10572] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10572] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10573 attached [pid 10573] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10573] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10573] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10572] <... futex resumed>) = 0 [pid 10572] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10572] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10573] <... futex resumed>) = 1 [pid 10573] memfd_create("syzkaller", 0) = 3 [pid 10573] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 295] <... umount2 resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 10573] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10557] <... openat resumed>) = 4 [pid 298] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10557] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10557] <... futex resumed>) = 1 [pid 10552] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10557] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10552] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] newfstatat(AT_FDCWD, "./409/file0", [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10552] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10557] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10552] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] newfstatat(AT_FDCWD, "./408/file0", [pid 298] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10557] <... write resumed>) = 16 [pid 10552] <... futex resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10557] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10557] <... futex resumed>) = 0 [pid 10552] <... mmap resumed>) = 0x7fe45c3a9000 [pid 298] openat(AT_FDCWD, "./409/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10557] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10552] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... openat resumed>) = 4 [pid 10552] <... mprotect resumed>) = 0 [pid 295] openat(AT_FDCWD, "./408/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] newfstatat(4, "", [pid 10552] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] <... openat resumed>) = 4 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10552] <... rt_sigprocmask resumed>[], 8) = 0 [pid 295] newfstatat(4, "", [pid 10552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 298] getdents64(4, [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, [pid 10552] <... clone3 resumed> => {parent_tid=[10574]}, 88) = 10574 [pid 298] getdents64(4, [pid 10552] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10552] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] close(4 [pid 10552] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... close resumed>) = 0 [pid 295] getdents64(4, [pid 10552] <... futex resumed>) = 0 [pid 298] rmdir("./409/file0" [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10552] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... rmdir resumed>) = 0 [pid 295] close(4 [pid 298] getdents64(3, [pid 295] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3 [pid 295] rmdir("./408/file0" [pid 298] <... close resumed>) = 0 [pid 298] rmdir("./409" [pid 295] <... rmdir resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 10574 attached [pid 298] mkdir("./410", 0777 [pid 295] close(3 [pid 10574] set_robust_list(0x7fe45c3c99a0, 24 [pid 298] <... mkdir resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 10574] <... set_robust_list resumed>) = 0 [pid 295] rmdir("./408" [pid 10574] rt_sigprocmask(SIG_SETMASK, [], [pid 295] <... rmdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 295] mkdir("./409", 0777 [pid 10574] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... openat resumed>) = 3 [pid 295] <... mkdir resumed>) = 0 [pid 10574] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 298] ioctl(3, LOOP_CLR_FD [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10574] <... write resumed>) = 16 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... openat resumed>) = 3 [pid 10574] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] close(3 [pid 295] ioctl(3, LOOP_CLR_FD [pid 10574] <... futex resumed>) = 1 [pid 10552] <... futex resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 146.667665][T10555] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10574] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10552] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] close(3 [pid 10573] <... write resumed>) = 1048576 [pid 10557] <... futex resumed>) = 0 [pid 10552] <... futex resumed>) = 1 [pid 295] <... close resumed>) = 0 [pid 10573] munmap(0x7fe453fca000, 138412032 [pid 10557] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10552] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10575 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10573] <... munmap resumed>) = 0 [pid 10557] <... mmap resumed>) = 0x20000000 [pid 10555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- ./strace-static-x86_64: Process 10575 attached [pid 10573] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10557] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10555] sendfile(-1, -1, [0] [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10576 [pid 10575] set_robust_list(0x5555557b6760, 24 [pid 10573] <... openat resumed>) = 4 [pid 10557] <... futex resumed>) = 1 [pid 10555] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10552] <... futex resumed>) = 0 [pid 10575] <... set_robust_list resumed>) = 0 [pid 10573] ioctl(4, LOOP_SET_FD, 3 [pid 10557] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10555] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10552] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10555] <... futex resumed>) = 1 [pid 10553] <... futex resumed>) = 0 [pid 10552] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10576 attached [pid 10573] <... ioctl resumed>) = 0 [pid 10576] set_robust_list(0x5555557b6760, 24 [pid 10573] close(3 [pid 10576] <... set_robust_list resumed>) = 0 [pid 10573] <... close resumed>) = 0 [pid 10576] chdir("./409" [pid 10573] close(4 [pid 10576] <... chdir resumed>) = 0 [pid 10573] <... close resumed>) = 0 [pid 10576] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10573] mkdir("./file0", 0777 [pid 10576] <... prctl resumed>) = 0 [pid 10573] <... mkdir resumed>) = 0 [pid 10576] setpgid(0, 0 [pid 10573] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10576] <... setpgid resumed>) = 0 [pid 10576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10576] write(3, "1000", 4) = 4 [pid 10576] close(3) = 0 [pid 10576] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10576] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10576] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10576] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10576] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10577]}, 88) = 10577 [pid 10576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10576] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10576] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10577 attached [pid 10577] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10577] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10577] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10576] <... futex resumed>) = 0 [pid 10576] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10576] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10577] <... futex resumed>) = 1 [pid 10577] memfd_create("syzkaller", 0) = 3 [pid 10577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10577] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10577] munmap(0x7fe453fca000, 138412032) = 0 [pid 10577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10577] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10575] chdir("./410" [pid 10557] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10555] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10553] exit_group(0 [pid 10552] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10577] close(3) = 0 [pid 10577] close(4 [pid 10575] <... chdir resumed>) = 0 [pid 10575] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10553] <... exit_group resumed>) = ? [pid 10571] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 10555] <... futex resumed>) = ? [pid 10575] <... prctl resumed>) = 0 [pid 10571] +++ exited with 0 +++ [pid 10575] setpgid(0, 0) = 0 [pid 10575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10555] +++ exited with 0 +++ [pid 10553] +++ exited with 0 +++ [pid 10575] <... openat resumed>) = 3 [pid 10575] write(3, "1000", 4) = 4 [pid 10575] close(3 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10553, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10575] <... close resumed>) = 0 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 10575] symlink("/dev/binderfs", "./binderfs" [pid 296] <... restart_syscall resumed>) = 0 [pid 10575] <... symlink resumed>) = 0 [pid 10575] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] umount2("./410", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10575] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10575] <... rt_sigaction resumed>NULL, 8) = 0 [pid 296] openat(AT_FDCWD, "./410", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10575] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 296] <... openat resumed>) = 3 [pid 10575] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10575] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10575] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10578]}, 88) = 10578 [pid 10575] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10575] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10575] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10557] sendfile(-1, -1, [0] [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./410/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10578 attached ) = -1 EINVAL (Invalid argument) [pid 10557] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 296] newfstatat(AT_FDCWD, "./410/binderfs", [pid 10578] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10573] <... mount resumed>) = 0 [pid 10557] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10557] <... futex resumed>) = 1 [pid 10552] <... futex resumed>) = 0 [pid 296] unlink("./410/binderfs" [pid 10573] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10578] <... set_robust_list resumed>) = 0 [pid 10557] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10552] exit_group(0 [pid 296] <... unlink resumed>) = 0 [pid 10552] <... exit_group resumed>) = ? [pid 10574] <... futex resumed>) = 0 [pid 10557] <... futex resumed>) = ? [pid 296] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10573] <... openat resumed>) = 3 [pid 10574] +++ exited with 0 +++ [pid 10573] chdir("./file0" [pid 10557] +++ exited with 0 +++ [pid 10573] <... chdir resumed>) = 0 [pid 10573] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10573] ioctl(4, LOOP_CLR_FD) = 0 [pid 10573] close(4) = 0 [pid 10573] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10572] <... futex resumed>) = 0 [pid 10573] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10572] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10552] +++ exited with 0 +++ [pid 10578] rt_sigprocmask(SIG_SETMASK, [], [pid 10573] <... openat resumed>) = 4 [pid 10572] <... futex resumed>) = 0 [pid 10572] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10552, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 299] umount2("./405", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./405", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", [pid 10573] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10578] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10573] <... futex resumed>) = 1 [pid 10572] <... futex resumed>) = 0 [pid 299] getdents64(3, [pid 10578] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10573] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10572] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10578] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10573] <... write resumed>) = 16 [pid 10572] <... futex resumed>) = 0 [pid 299] umount2("./405/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10578] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10573] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10572] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./405/binderfs", [pid 10573] <... futex resumed>) = 0 [pid 10572] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10573] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] unlink("./405/binderfs" [pid 10572] <... mmap resumed>) = 0x7fe45c3a9000 [pid 299] <... unlink resumed>) = 0 [pid 10572] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 299] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10572] <... mprotect resumed>) = 0 [pid 10578] <... futex resumed>) = 1 [pid 10575] <... futex resumed>) = 0 [pid 10572] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10575] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10572] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10578] memfd_create("syzkaller", 0) = 3 [pid 10575] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10572] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10578] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10572] <... clone3 resumed> => {parent_tid=[10582]}, 88) = 10582 [pid 10572] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 10582 attached NULL, 8) = 0 [pid 10572] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10582] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10572] <... futex resumed>) = 0 [pid 10582] rt_sigprocmask(SIG_SETMASK, [], [pid 10572] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10582] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10582] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10582] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10572] <... futex resumed>) = 0 [pid 10582] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10572] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10573] <... futex resumed>) = 0 [pid 10572] <... futex resumed>) = 1 [pid 10573] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10572] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10573] <... mmap resumed>) = 0x20000000 [ 146.738663][T10573] loop2: detected capacity change from 0 to 2048 [ 146.739320][T10557] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 146.765512][T10577] loop0: detected capacity change from 0 to 2048 [pid 10573] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10572] <... futex resumed>) = 0 [pid 10573] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10572] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10573] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10572] <... futex resumed>) = 0 [pid 10578] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10577] <... close resumed>) = 0 [pid 10577] mkdir("./file0", 0777) = 0 [pid 10577] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10578] <... write resumed>) = 1048576 [pid 10578] munmap(0x7fe453fca000, 138412032) = 0 [pid 10578] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10578] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10578] close(3) = 0 [pid 10578] close(4 [pid 10572] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10573] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10573] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10573] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10572] <... futex resumed>) = 0 [pid 10572] exit_group(0) = ? [pid 10573] <... futex resumed>) = ? [pid 10573] +++ exited with 0 +++ [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./410/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./410/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 10582] <... futex resumed>) = 230 [pid 296] rmdir("./410/file0") = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./410") = 0 [pid 10582] +++ exited with 0 +++ [pid 10572] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10572, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 296] mkdir("./411", 0777) = 0 [pid 297] <... restart_syscall resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 297] umount2("./410", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./410", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 10578] <... close resumed>) = 0 [pid 297] newfstatat(3, "", [pid 296] <... openat resumed>) = 3 [pid 10578] mkdir("./file0", 0777 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./410/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./410/binderfs", [pid 10578] <... mkdir resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10578] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 297] unlink("./410/binderfs") = 0 [pid 10577] <... mount resumed>) = 0 [pid 297] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] ioctl(3, LOOP_CLR_FD [pid 10577] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10577] chdir("./file0") = 0 [pid 10577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10577] ioctl(4, LOOP_CLR_FD) = 0 [pid 10577] close(4) = 0 [pid 10577] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10576] <... futex resumed>) = 0 [pid 10577] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10576] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10576] <... futex resumed>) = 0 [pid 296] close(3 [pid 10577] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10576] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10577] <... openat resumed>) = 4 [pid 296] <... close resumed>) = 0 [pid 10577] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10576] <... futex resumed>) = 0 [pid 10577] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10576] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10576] <... futex resumed>) = 0 [pid 10577] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10576] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10577] <... write resumed>) = 16 [pid 10576] <... futex resumed>) = 0 [pid 10577] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10577] <... futex resumed>) = 0 [pid 10576] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10577] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10576] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10585 [pid 10576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10586 attached => {parent_tid=[10586]}, 88) = 10586 [pid 10576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10576] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10576] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10585 attached [pid 10585] set_robust_list(0x5555557b6760, 24) = 0 [pid 10586] set_robust_list(0x7fe45c3c99a0, 24 [pid 10585] chdir("./411" [pid 10586] <... set_robust_list resumed>) = 0 [pid 10585] <... chdir resumed>) = 0 [pid 10585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10585] setpgid(0, 0) = 0 [pid 10586] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./405/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./405/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, [pid 10585] <... openat resumed>) = 3 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10586] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 299] close(4 [pid 10586] <... write resumed>) = 16 [pid 299] <... close resumed>) = 0 [pid 10586] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] rmdir("./405/file0" [pid 10576] <... futex resumed>) = 0 [pid 10576] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10577] <... futex resumed>) = 0 [pid 10576] <... futex resumed>) = 1 [pid 10577] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10576] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10577] <... mmap resumed>) = 0x20000000 [pid 299] <... rmdir resumed>) = 0 [pid 10577] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] getdents64(3, [pid 10577] <... futex resumed>) = 1 [pid 10576] <... futex resumed>) = 0 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10577] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10576] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 146.806720][T10573] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 146.817630][T10578] loop3: detected capacity change from 0 to 2048 [pid 10576] <... futex resumed>) = 0 [pid 299] close(3 [pid 10586] <... futex resumed>) = 1 [pid 10585] write(3, "1000", 4 [pid 299] <... close resumed>) = 0 [pid 10586] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10576] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... umount2 resumed>) = 0 [pid 10577] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 297] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10585] <... write resumed>) = 4 [pid 10577] sendfile(-1, -1, [0] [pid 299] rmdir("./405" [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10577] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 297] newfstatat(AT_FDCWD, "./410/file0", [pid 10577] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10577] <... futex resumed>) = 1 [pid 10576] <... futex resumed>) = 0 [pid 297] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10585] close(3 [pid 10577] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10576] exit_group(0 [pid 299] <... rmdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10586] <... futex resumed>) = ? [pid 10577] <... futex resumed>) = ? [pid 10576] <... exit_group resumed>) = ? [pid 297] openat(AT_FDCWD, "./410/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10586] +++ exited with 0 +++ [pid 10585] <... close resumed>) = 0 [pid 10577] +++ exited with 0 +++ [pid 10576] +++ exited with 0 +++ [pid 299] mkdir("./406", 0777 [pid 297] <... openat resumed>) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10585] symlink("/dev/binderfs", "./binderfs" [pid 297] getdents64(4, [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10576, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10585] <... symlink resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./410/file0" [pid 10585] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] <... rmdir resumed>) = 0 [pid 10585] <... futex resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 297] getdents64(3, [pid 10585] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10585] <... rt_sigaction resumed>NULL, 8) = 0 [pid 297] close(3 [pid 10585] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... close resumed>) = 0 [pid 295] umount2("./409", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10585] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] rmdir("./410" [pid 10585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] close(3 [pid 297] <... rmdir resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] mkdir("./411", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10589 ./strace-static-x86_64: Process 10589 attached [pid 10589] set_robust_list(0x5555557b6760, 24) = 0 [pid 10589] chdir("./411") = 0 [pid 10589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10589] setpgid(0, 0) = 0 [pid 10589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] openat(AT_FDCWD, "./409", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10585] <... mmap resumed>) = 0x7fe45c3ca000 [pid 299] <... close resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 10585] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] newfstatat(3, "", [pid 10585] <... mprotect resumed>) = 0 [pid 10589] <... openat resumed>) = 3 [pid 10589] write(3, "1000", 4 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10589] <... write resumed>) = 4 [pid 10589] close(3 [pid 10585] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10590 [pid 295] getdents64(3, [pid 10585] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10589] <... close resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10585] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 295] umount2("./409/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10585] <... clone3 resumed> => {parent_tid=[10591]}, 88) = 10591 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10585] rt_sigprocmask(SIG_SETMASK, [], [pid 295] newfstatat(AT_FDCWD, "./409/binderfs", [pid 10585] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10585] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] unlink("./409/binderfs" [pid 10585] <... futex resumed>) = 0 [pid 10589] symlink("/dev/binderfs", "./binderfs" [pid 10585] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10578] <... mount resumed>) = 0 [pid 295] <... unlink resumed>) = 0 [pid 10578] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 295] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10578] <... openat resumed>) = 3 [pid 10578] chdir("./file0") = 0 [pid 10578] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 ./strace-static-x86_64: Process 10590 attached [pid 10578] ioctl(4, LOOP_CLR_FD) = 0 [pid 10578] close(4) = 0 [pid 10590] set_robust_list(0x5555557b6760, 24 [pid 10578] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10575] <... futex resumed>) = 0 [pid 10578] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10575] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10575] <... futex resumed>) = 0 [pid 10578] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10575] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10590] <... set_robust_list resumed>) = 0 [pid 10578] <... openat resumed>) = 4 [pid 10578] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10590] chdir("./406" [pid 10589] <... symlink resumed>) = 0 [pid 10578] <... futex resumed>) = 1 [pid 10575] <... futex resumed>) = 0 [pid 10590] <... chdir resumed>) = 0 [pid 10589] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10578] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10575] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10589] <... futex resumed>) = 0 [pid 10578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10575] <... futex resumed>) = 0 [pid 10589] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10578] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10575] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10589] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10578] <... write resumed>) = 16 [pid 10575] <... futex resumed>) = 0 [pid 10589] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10578] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10578] <... futex resumed>) = 0 [pid 10575] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10578] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10575] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10589] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10575] <... mprotect resumed>) = 0 [pid 10589] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10575] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10589] <... mprotect resumed>) = 0 [pid 10575] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10589] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10589] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10589] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10575] <... clone3 resumed> => {parent_tid=[10592]}, 88) = 10592 [pid 10575] rt_sigprocmask(SIG_SETMASK, [], [pid 10589] <... clone3 resumed> => {parent_tid=[10593]}, 88) = 10593 [pid 10575] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10589] rt_sigprocmask(SIG_SETMASK, [], [pid 10575] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10575] <... futex resumed>) = 0 [pid 10589] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10575] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10589] <... futex resumed>) = 0 [pid 10589] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10593 attached ./strace-static-x86_64: Process 10592 attached ./strace-static-x86_64: Process 10591 attached [pid 10590] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] <... umount2 resumed>) = 0 [pid 10590] <... prctl resumed>) = 0 [pid 295] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10591] set_robust_list(0x7fe45c3ea9a0, 24 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10591] <... set_robust_list resumed>) = 0 [pid 10590] setpgid(0, 0 [pid 295] newfstatat(AT_FDCWD, "./409/file0", [pid 10591] rt_sigprocmask(SIG_SETMASK, [], [pid 10590] <... setpgid resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 146.857798][T10577] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10591] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10590] <... openat resumed>) = 3 [pid 295] openat(AT_FDCWD, "./409/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10591] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10590] write(3, "1000", 4 [pid 295] <... openat resumed>) = 4 [pid 10590] <... write resumed>) = 4 [pid 10591] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10590] close(3 [pid 295] newfstatat(4, "", [pid 10590] <... close resumed>) = 0 [pid 10591] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10590] symlink("/dev/binderfs", "./binderfs" [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10590] <... symlink resumed>) = 0 [pid 295] getdents64(4, [pid 10590] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10585] <... futex resumed>) = 0 [pid 10591] <... futex resumed>) = 1 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10590] <... futex resumed>) = 0 [pid 10585] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10591] memfd_create("syzkaller", 0 [pid 10590] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10585] <... futex resumed>) = 0 [pid 295] getdents64(4, [pid 10585] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10591] <... memfd_create resumed>) = 3 [pid 10590] <... rt_sigaction resumed>NULL, 8) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4 [pid 10590] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 295] <... close resumed>) = 0 [pid 10591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 295] rmdir("./409/file0" [pid 10591] <... mmap resumed>) = 0x7fe453fca000 [pid 10590] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10590] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 295] <... rmdir resumed>) = 0 [pid 10590] <... mprotect resumed>) = 0 [pid 295] getdents64(3, [pid 10590] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10590] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 295] close(3 [pid 10592] set_robust_list(0x7fe45c3c99a0, 24 [pid 295] <... close resumed>) = 0 [pid 10590] <... clone3 resumed> => {parent_tid=[10594]}, 88) = 10594 ./strace-static-x86_64: Process 10594 attached [pid 10594] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10594] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10594] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10592] <... set_robust_list resumed>) = 0 [pid 10590] rt_sigprocmask(SIG_SETMASK, [], [pid 295] rmdir("./409" [pid 10592] rt_sigprocmask(SIG_SETMASK, [], [pid 10590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10590] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10592] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 10590] <... futex resumed>) = 1 [pid 10592] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 295] mkdir("./410", 0777 [pid 10590] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... mkdir resumed>) = 0 [pid 10592] <... write resumed>) = 16 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10592] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... openat resumed>) = 3 [pid 295] ioctl(3, LOOP_CLR_FD [pid 10592] <... futex resumed>) = 1 [pid 10593] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10575] <... futex resumed>) = 0 [pid 10594] <... futex resumed>) = 0 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10592] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10575] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] close(3 [pid 10578] <... futex resumed>) = 0 [pid 10575] <... futex resumed>) = 1 [pid 295] <... close resumed>) = 0 [pid 10578] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10575] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10578] <... mmap resumed>) = 0x20000000 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10594] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10578] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10575] <... futex resumed>) = 0 [pid 10578] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10575] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10575] <... futex resumed>) = 0 [pid 10575] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10593] <... set_robust_list resumed>) = 0 [pid 10593] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10593] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10593] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10589] <... futex resumed>) = 0 [pid 10593] memfd_create("syzkaller", 0 [pid 10591] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10589] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10593] <... memfd_create resumed>) = 3 [pid 10589] <... futex resumed>) = 0 [pid 10593] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10589] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10593] <... mmap resumed>) = 0x7fe453fca000 [pid 10591] <... write resumed>) = 1048576 [pid 10594] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 10595 attached [pid 10595] set_robust_list(0x5555557b6760, 24) = 0 [pid 10595] chdir("./410" [pid 10594] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10595 [pid 10594] <... futex resumed>) = 1 [pid 10590] <... futex resumed>) = 0 [pid 10590] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10594] memfd_create("syzkaller", 0 [pid 10590] <... futex resumed>) = 0 [pid 10590] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10594] <... memfd_create resumed>) = 3 [pid 10595] <... chdir resumed>) = 0 [pid 10595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10595] setpgid(0, 0) = 0 [pid 10594] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10591] munmap(0x7fe453fca000, 138412032 [pid 10595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10594] <... mmap resumed>) = 0x7fe453fca000 [pid 10595] <... openat resumed>) = 3 [pid 10595] write(3, "1000", 4) = 4 [pid 10595] close(3) = 0 [pid 10595] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10595] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10595] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10595] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10595] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10595] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10595] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10595] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10596]}, 88) = 10596 [pid 10595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10591] <... munmap resumed>) = 0 [pid 10595] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10595] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10596 attached [pid 10596] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10596] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10596] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10596] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10595] <... futex resumed>) = 0 [pid 10593] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10595] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10595] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10591] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10596] <... futex resumed>) = 1 [pid 10596] memfd_create("syzkaller", 0) = 3 [pid 10596] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10591] ioctl(4, LOOP_SET_FD, 3 [pid 10596] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10594] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10593] <... write resumed>) = 1048576 [pid 10596] <... write resumed>) = 1048576 [pid 10593] munmap(0x7fe453fca000, 138412032 [pid 10596] munmap(0x7fe453fca000, 138412032) = 0 [pid 10596] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10593] <... munmap resumed>) = 0 [pid 10596] <... openat resumed>) = 4 [pid 10593] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10596] ioctl(4, LOOP_SET_FD, 3 [pid 10593] <... openat resumed>) = 4 [ 146.939790][T10578] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 146.969009][T10591] loop1: detected capacity change from 0 to 2048 [pid 10575] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10594] <... write resumed>) = 1048576 [pid 10591] <... ioctl resumed>) = 0 [pid 10591] close(3) = 0 [pid 10591] close(4 [pid 10594] munmap(0x7fe453fca000, 138412032) = 0 [pid 10594] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10593] ioctl(4, LOOP_SET_FD, 3 [pid 10596] <... ioctl resumed>) = 0 [pid 10594] ioctl(4, LOOP_SET_FD, 3 [pid 10596] close(3 [pid 10593] <... ioctl resumed>) = 0 [pid 10594] <... ioctl resumed>) = 0 [pid 10594] close(3) = 0 [pid 10594] close(4 [pid 10596] <... close resumed>) = 0 [pid 10593] close(3 [pid 10578] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10596] close(4 [pid 10593] <... close resumed>) = 0 [pid 10578] sendfile(-1, -1, [0] [pid 10593] close(4 [pid 10578] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10578] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10578] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10575] exit_group(0) = ? [pid 10592] <... futex resumed>) = ? [pid 10592] +++ exited with 0 +++ [pid 10578] <... futex resumed>) = ? [pid 10578] +++ exited with 0 +++ [pid 10575] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10575, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./410", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./410", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./410/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./410/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./410/binderfs") = 0 [pid 298] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10594] <... close resumed>) = 0 [pid 10591] <... close resumed>) = 0 [pid 10594] mkdir("./file0", 0777 [pid 10591] mkdir("./file0", 0777 [pid 10594] <... mkdir resumed>) = 0 [pid 10591] <... mkdir resumed>) = 0 [pid 10594] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10591] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10596] <... close resumed>) = 0 [pid 10596] mkdir("./file0", 0777) = 0 [pid 10596] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10593] <... close resumed>) = 0 [pid 10593] mkdir("./file0", 0777) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 10593] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./410/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./410/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./410/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./410") = 0 [pid 298] mkdir("./411", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 146.988000][T10596] loop0: detected capacity change from 0 to 2048 [ 146.997625][T10593] loop2: detected capacity change from 0 to 2048 [ 146.998100][T10594] loop4: detected capacity change from 0 to 2048 [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10602 [pid 10596] <... mount resumed>) = 0 [pid 10596] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10593] <... mount resumed>) = 0 [pid 10593] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10596] chdir("./file0" [pid 10593] chdir("./file0" [pid 10596] <... chdir resumed>) = 0 [pid 10593] <... chdir resumed>) = 0 [pid 10593] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10596] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10593] <... openat resumed>) = 4 [pid 10593] ioctl(4, LOOP_CLR_FD) = 0 [pid 10593] close(4 [pid 10596] <... openat resumed>) = 4 [pid 10593] <... close resumed>) = 0 [pid 10593] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10589] <... futex resumed>) = 0 [pid 10596] ioctl(4, LOOP_CLR_FD [pid 10593] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10589] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10593] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10589] <... futex resumed>) = 0 [pid 10593] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10589] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10596] <... ioctl resumed>) = 0 [pid 10593] <... openat resumed>) = 4 [pid 10593] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10596] close(4 [pid 10593] <... futex resumed>) = 1 [pid 10589] <... futex resumed>) = 0 [pid 10593] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10589] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10596] <... close resumed>) = 0 [pid 10593] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10589] <... futex resumed>) = 0 [pid 10593] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10589] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10596] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10593] <... write resumed>) = 16 [pid 10589] <... futex resumed>) = 0 [pid 10593] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10596] <... futex resumed>) = 1 [pid 10595] <... futex resumed>) = 0 [pid 10593] <... futex resumed>) = 0 [pid 10589] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10595] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10593] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10589] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 10602 attached [pid 10595] <... futex resumed>) = 0 [pid 10594] <... mount resumed>) = 0 [pid 10589] <... mprotect resumed>) = 0 [pid 10596] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10602] set_robust_list(0x5555557b6760, 24 [pid 10595] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10589] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10602] <... set_robust_list resumed>) = 0 [pid 10589] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10602] chdir("./411" [pid 10589] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10604 attached [pid 10602] <... chdir resumed>) = 0 [pid 10596] <... openat resumed>) = 4 [pid 10594] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10602] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10589] <... clone3 resumed> => {parent_tid=[10604]}, 88) = 10604 [pid 10604] set_robust_list(0x7fe45c3c99a0, 24 [pid 10602] <... prctl resumed>) = 0 [pid 10596] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10594] <... openat resumed>) = 3 [pid 10589] rt_sigprocmask(SIG_SETMASK, [], [pid 10604] <... set_robust_list resumed>) = 0 [pid 10602] setpgid(0, 0 [pid 10589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10604] rt_sigprocmask(SIG_SETMASK, [], [pid 10602] <... setpgid resumed>) = 0 [pid 10589] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10604] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10596] <... futex resumed>) = 1 [pid 10595] <... futex resumed>) = 0 [pid 10594] chdir("./file0" [pid 10589] <... futex resumed>) = 0 [pid 10604] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10602] <... openat resumed>) = 3 [pid 10596] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10595] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10594] <... chdir resumed>) = 0 [pid 10589] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10604] <... write resumed>) = 16 [pid 10602] write(3, "1000", 4 [pid 10595] <... futex resumed>) = 0 [pid 10604] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10602] <... write resumed>) = 4 [pid 10595] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10604] <... futex resumed>) = 1 [pid 10602] close(3 [pid 10596] <... write resumed>) = 16 [pid 10595] <... futex resumed>) = 0 [pid 10594] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10589] <... futex resumed>) = 0 [pid 10604] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10602] <... close resumed>) = 0 [pid 10596] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10595] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10594] <... openat resumed>) = 4 [pid 10589] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10602] symlink("/dev/binderfs", "./binderfs" [pid 10596] <... futex resumed>) = 0 [pid 10595] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10594] ioctl(4, LOOP_CLR_FD [pid 10593] <... futex resumed>) = 0 [pid 10589] <... futex resumed>) = 1 [pid 10602] <... symlink resumed>) = 0 [pid 10596] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10595] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10594] <... ioctl resumed>) = 0 [pid 10593] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10589] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10602] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10595] <... mprotect resumed>) = 0 [pid 10594] close(4 [pid 10593] <... mmap resumed>) = 0x20000000 [pid 10602] <... futex resumed>) = 0 [pid 10595] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10594] <... close resumed>) = 0 [pid 10593] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10602] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10595] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10594] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10593] <... futex resumed>) = 1 [pid 10589] <... futex resumed>) = 0 [pid 10602] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10595] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10594] <... futex resumed>) = 1 [pid 10593] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10590] <... futex resumed>) = 0 [pid 10589] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10605 attached [pid 10602] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10593] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10589] <... futex resumed>) = 0 [pid 10605] set_robust_list(0x7fe45c3c99a0, 24 [pid 10602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10595] <... clone3 resumed> => {parent_tid=[10605]}, 88) = 10605 [pid 10594] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10590] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10605] <... set_robust_list resumed>) = 0 [pid 10602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10594] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10590] <... futex resumed>) = 0 [pid 10605] rt_sigprocmask(SIG_SETMASK, [], [pid 10602] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10594] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10590] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10605] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10602] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10594] <... openat resumed>) = 4 [pid 10605] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10602] <... mprotect resumed>) = 0 [pid 10594] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10602] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10594] <... futex resumed>) = 1 [pid 10590] <... futex resumed>) = 0 [pid 10602] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10594] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10590] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10602] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10594] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10590] <... futex resumed>) = 0 [pid 10594] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10590] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10602] <... clone3 resumed> => {parent_tid=[10606]}, 88) = 10606 [pid 10594] <... write resumed>) = 16 [pid 10590] <... futex resumed>) = 0 [pid 10602] rt_sigprocmask(SIG_SETMASK, [], [pid 10594] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10594] <... futex resumed>) = 0 [pid 10590] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10602] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10594] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10590] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10602] <... futex resumed>) = 0 [pid 10590] <... mprotect resumed>) = 0 [pid 10602] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10590] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10607]}, 88) = 10607 [pid 10595] rt_sigprocmask(SIG_SETMASK, [], [pid 10590] rt_sigprocmask(SIG_SETMASK, [], [pid 10589] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10607 attached ./strace-static-x86_64: Process 10606 attached [pid 10595] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10593] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10607] set_robust_list(0x7fe45c3c99a0, 24 [pid 10606] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10595] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10590] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10607] <... set_robust_list resumed>) = 0 [pid 10606] <... set_robust_list resumed>) = 0 [pid 10605] <... futex resumed>) = 0 [pid 10595] <... futex resumed>) = 1 [pid 10590] <... futex resumed>) = 0 [pid 10607] rt_sigprocmask(SIG_SETMASK, [], [pid 10606] rt_sigprocmask(SIG_SETMASK, [], [pid 10605] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10590] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10607] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10605] <... write resumed>) = 16 [pid 10595] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10607] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10606] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10605] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10607] <... write resumed>) = 16 [pid 10593] sendfile(-1, -1, [0] [pid 10607] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10606] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10605] <... futex resumed>) = 0 [pid 10595] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10607] <... futex resumed>) = 1 [pid 10606] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10605] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10595] <... futex resumed>) = 1 [pid 10590] <... futex resumed>) = 0 [pid 10596] <... futex resumed>) = 0 [pid 10607] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10606] <... futex resumed>) = 1 [pid 10602] <... futex resumed>) = 0 [pid 10596] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10595] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10590] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10606] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10602] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10590] <... futex resumed>) = 1 [pid 10594] <... futex resumed>) = 0 [pid 10596] <... mmap resumed>) = 0x20000000 [pid 10606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10602] <... futex resumed>) = 0 [pid 10594] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10590] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10606] memfd_create("syzkaller", 0 [pid 10596] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10602] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10594] <... mmap resumed>) = 0x20000000 [pid 10606] <... memfd_create resumed>) = 3 [pid 10596] <... futex resumed>) = 1 [pid 10595] <... futex resumed>) = 0 [pid 10594] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10606] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10596] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10595] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10594] <... futex resumed>) = 1 [pid 10590] <... futex resumed>) = 0 [pid 10606] <... mmap resumed>) = 0x7fe453fca000 [pid 10596] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10595] <... futex resumed>) = 0 [pid 10594] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10590] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10595] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10594] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10590] <... futex resumed>) = 0 [pid 10590] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10593] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10593] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10593] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10606] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10594] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10589] <... futex resumed>) = 0 [pid 10589] exit_group(0 [pid 10604] <... futex resumed>) = ? [pid 10593] <... futex resumed>) = ? [pid 10589] <... exit_group resumed>) = ? [pid 10604] +++ exited with 0 +++ [pid 10593] +++ exited with 0 +++ [pid 10589] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10589, si_uid=0, si_status=0, si_utime=1, si_stime=4} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 10606] <... write resumed>) = 1048576 [pid 10606] munmap(0x7fe453fca000, 138412032 [pid 297] <... restart_syscall resumed>) = 0 [pid 297] umount2("./411", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./411", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./411/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./411/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./411/binderfs") = 0 [pid 297] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10606] <... munmap resumed>) = 0 [pid 10606] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10606] ioctl(4, LOOP_SET_FD, 3 [pid 10596] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10594] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [ 147.068154][T10593] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 147.088088][T10594] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 147.091822][T10596] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10596] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10594] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10594] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10596] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10596] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10590] <... futex resumed>) = 0 [pid 10590] exit_group(0) = ? [pid 10594] <... futex resumed>) = ? [pid 10594] +++ exited with 0 +++ [pid 10595] <... futex resumed>) = 0 [pid 10595] exit_group(0 [pid 10607] <... futex resumed>) = ? [pid 10595] <... exit_group resumed>) = ? [pid 10605] <... futex resumed>) = ? [pid 10607] +++ exited with 0 +++ [pid 10606] <... ioctl resumed>) = 0 [pid 10605] +++ exited with 0 +++ [pid 10596] <... futex resumed>) = ? [pid 10590] +++ exited with 0 +++ [pid 10606] close(3 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10590, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 299] umount2("./406", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./406", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./406/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./406/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./406/binderfs") = 0 [pid 10606] <... close resumed>) = 0 [pid 10596] +++ exited with 0 +++ [pid 10595] +++ exited with 0 +++ [pid 10606] close(4 [pid 10591] <... mount resumed>) = 0 [pid 299] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10595, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10591] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10591] chdir("./file0") = 0 [pid 10591] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10591] ioctl(4, LOOP_CLR_FD [pid 295] umount2("./410", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10591] <... ioctl resumed>) = 0 [pid 10591] close(4) = 0 [pid 10591] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10585] <... futex resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10591] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10585] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10591] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10585] <... futex resumed>) = 0 [pid 10591] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10585] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10591] <... openat resumed>) = 4 [pid 295] openat(AT_FDCWD, "./410", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10591] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10585] <... futex resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 10591] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10585] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10591] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10585] <... futex resumed>) = 0 [pid 10591] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10585] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10591] <... write resumed>) = 16 [pid 10585] <... futex resumed>) = 0 [pid 10591] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10591] <... futex resumed>) = 0 [pid 10585] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10591] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10585] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 295] newfstatat(3, "", [pid 10585] <... mprotect resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10585] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 295] getdents64(3, [pid 10585] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 10610 attached [pid 10585] <... clone3 resumed> => {parent_tid=[10610]}, 88) = 10610 [pid 10585] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10585] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10585] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] umount2("./410/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10610] set_robust_list(0x7fe45c3c99a0, 24 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./410/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./410/binderfs" [pid 10610] <... set_robust_list resumed>) = 0 [pid 295] <... unlink resumed>) = 0 [pid 295] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10610] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10610] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10610] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10585] <... futex resumed>) = 0 [pid 10610] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10585] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10591] <... futex resumed>) = 0 [pid 10585] <... futex resumed>) = 1 [pid 10591] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10585] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10591] <... mmap resumed>) = 0x20000000 [pid 10591] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10585] <... futex resumed>) = 0 [pid 10591] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10585] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10591] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 147.116966][T10606] loop3: detected capacity change from 0 to 2048 [pid 10585] <... futex resumed>) = 0 [pid 10585] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10591] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10591] sendfile(-1, -1, [0] [pid 297] <... umount2 resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 297] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./411/file0", [pid 10591] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 299] newfstatat(AT_FDCWD, "./406/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./406/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./406/file0" [pid 10591] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... rmdir resumed>) = 0 [pid 297] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10591] <... futex resumed>) = 1 [pid 10585] <... futex resumed>) = 0 [pid 297] openat(AT_FDCWD, "./411/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", [pid 10585] exit_group(0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] close(3 [pid 10591] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10606] <... close resumed>) = 0 [pid 10585] <... exit_group resumed>) = ? [pid 10606] mkdir("./file0", 0777 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4 [pid 10606] <... mkdir resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 297] rmdir("./411/file0" [pid 10606] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10591] <... futex resumed>) = -1 (errno 18446744073709551451) [pid 299] <... close resumed>) = 0 [pid 10610] <... futex resumed>) = ? [pid 297] <... rmdir resumed>) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./411") = 0 [pid 297] mkdir("./412", 0777 [pid 10610] +++ exited with 0 +++ [pid 299] rmdir("./406") = 0 [pid 297] <... mkdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3 [pid 299] mkdir("./407", 0777 [pid 297] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... mkdir resumed>) = 0 [pid 10591] +++ exited with 0 +++ [pid 10585] +++ exited with 0 +++ [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10611 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10585, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- ./strace-static-x86_64: Process 10611 attached [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 299] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 10611] set_robust_list(0x5555557b6760, 24 [pid 296] <... restart_syscall resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] umount2("./411", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] close(3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... close resumed>) = 0 [pid 296] openat(AT_FDCWD, "./411", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... openat resumed>) = 3 [pid 10611] <... set_robust_list resumed>) = 0 [pid 296] newfstatat(3, "", ./strace-static-x86_64: Process 10612 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10612 [pid 296] getdents64(3, [pid 10612] set_robust_list(0x5555557b6760, 24 [pid 10611] chdir("./412" [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./411/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10612] <... set_robust_list resumed>) = 0 [pid 10611] <... chdir resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./411/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./411/binderfs" [pid 10612] chdir("./407" [pid 10611] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 296] <... unlink resumed>) = 0 [pid 10612] <... chdir resumed>) = 0 [pid 296] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10612] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10611] <... prctl resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./410/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10612] <... prctl resumed>) = 0 [pid 10611] setpgid(0, 0 [pid 10606] <... mount resumed>) = 0 [pid 295] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10612] setpgid(0, 0 [pid 10611] <... setpgid resumed>) = 0 [pid 10606] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10612] <... setpgid resumed>) = 0 [pid 10611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10606] <... openat resumed>) = 3 [pid 295] openat(AT_FDCWD, "./410/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10606] chdir("./file0" [pid 10611] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 4 [pid 10612] <... openat resumed>) = 3 [pid 10611] write(3, "1000", 4 [pid 10606] <... chdir resumed>) = 0 [pid 295] newfstatat(4, "", [pid 10612] write(3, "1000", 4 [pid 10611] <... write resumed>) = 4 [pid 10606] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10612] <... write resumed>) = 4 [pid 10611] close(3 [pid 10606] <... openat resumed>) = 4 [pid 295] getdents64(4, [pid 10612] close(3 [pid 10611] <... close resumed>) = 0 [pid 10606] ioctl(4, LOOP_CLR_FD [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10612] <... close resumed>) = 0 [pid 10611] symlink("/dev/binderfs", "./binderfs" [pid 10606] <... ioctl resumed>) = 0 [pid 295] getdents64(4, [pid 10612] symlink("/dev/binderfs", "./binderfs" [pid 10611] <... symlink resumed>) = 0 [pid 10606] close(4 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10612] <... symlink resumed>) = 0 [pid 10611] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10606] <... close resumed>) = 0 [pid 295] close(4 [pid 10612] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10611] <... futex resumed>) = 0 [pid 10606] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... close resumed>) = 0 [pid 10612] <... futex resumed>) = 0 [pid 10611] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10606] <... futex resumed>) = 1 [pid 10602] <... futex resumed>) = 0 [pid 295] rmdir("./410/file0" [pid 10612] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10611] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10606] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10602] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... rmdir resumed>) = 0 [pid 10612] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10611] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10602] <... futex resumed>) = 0 [pid 295] getdents64(3, [pid 10612] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10611] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10606] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10602] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10606] <... openat resumed>) = 4 [pid 295] close(3 [pid 10612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10611] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10606] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... close resumed>) = 0 [pid 10612] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10611] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10606] <... futex resumed>) = 1 [pid 10602] <... futex resumed>) = 0 [pid 295] rmdir("./410" [pid 10612] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10611] <... mprotect resumed>) = 0 [pid 10606] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10602] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... rmdir resumed>) = 0 [pid 10612] <... mprotect resumed>) = 0 [pid 10611] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10602] <... futex resumed>) = 0 [pid 295] mkdir("./411", 0777 [pid 10612] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10611] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10606] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10602] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... mkdir resumed>) = 0 [pid 10612] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10611] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10606] <... write resumed>) = 16 [pid 10602] <... futex resumed>) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10606] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 295] <... openat resumed>) = 3 [pid 10606] <... futex resumed>) = 0 [pid 10602] <... mmap resumed>) = 0x7fe45c3a9000 [pid 295] ioctl(3, LOOP_CLR_FD [pid 10611] <... clone3 resumed> => {parent_tid=[10615]}, 88) = 10615 [pid 10612] <... clone3 resumed> => {parent_tid=[10616]}, 88) = 10616 [pid 10611] rt_sigprocmask(SIG_SETMASK, [], [pid 10606] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10602] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 10616 attached [pid 10612] rt_sigprocmask(SIG_SETMASK, [], [pid 10611] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10602] <... mprotect resumed>) = 0 [pid 295] close(3 [pid 10612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10611] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10602] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] <... close resumed>) = 0 [pid 10612] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10611] <... futex resumed>) = 0 [pid 10602] <... rt_sigprocmask resumed>[], 8) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10616] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10612] <... futex resumed>) = 0 [pid 10611] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10602] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10617 attached [pid 10612] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10617 ./strace-static-x86_64: Process 10618 attached [pid 10617] set_robust_list(0x5555557b6760, 24 [pid 10602] <... clone3 resumed> => {parent_tid=[10618]}, 88) = 10618 [pid 10602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10618] set_robust_list(0x7fe45c3c99a0, 24 [pid 10617] <... set_robust_list resumed>) = 0 [pid 10602] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10602] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10616] <... set_robust_list resumed>) = 0 [pid 10616] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10616] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10616] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10612] <... futex resumed>) = 0 [pid 10612] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10612] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10618] <... set_robust_list resumed>) = 0 [pid 10617] chdir("./411" [pid 10616] <... futex resumed>) = 1 [pid 10617] <... chdir resumed>) = 0 [pid 10618] rt_sigprocmask(SIG_SETMASK, [], [pid 10616] memfd_create("syzkaller", 0 [pid 10617] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10616] <... memfd_create resumed>) = 3 [pid 10616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [ 147.147320][T10591] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10618] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10617] <... prctl resumed>) = 0 [pid 10616] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 10615 attached [pid 10615] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10615] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10615] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10615] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10611] <... futex resumed>) = 0 [pid 10611] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10611] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10618] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10617] setpgid(0, 0 [pid 10615] <... futex resumed>) = 1 [pid 10615] memfd_create("syzkaller", 0 [pid 10617] <... setpgid resumed>) = 0 [pid 10615] <... memfd_create resumed>) = 3 [pid 10615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10615] <... mmap resumed>) = 0x7fe453fca000 [pid 10618] <... write resumed>) = 16 [pid 10617] <... openat resumed>) = 3 [pid 10616] <... write resumed>) = 1048576 [pid 10618] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10617] write(3, "1000", 4 [pid 10616] munmap(0x7fe453fca000, 138412032 [pid 10618] <... futex resumed>) = 1 [pid 10617] <... write resumed>) = 4 [pid 10616] <... munmap resumed>) = 0 [pid 10602] <... futex resumed>) = 0 [pid 10618] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10617] close(3 [pid 10616] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10615] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10617] <... close resumed>) = 0 [pid 10616] <... openat resumed>) = 4 [pid 10602] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10617] symlink("/dev/binderfs", "./binderfs" [pid 10616] ioctl(4, LOOP_SET_FD, 3 [pid 10602] <... futex resumed>) = 1 [pid 10615] <... write resumed>) = 1048576 [pid 10606] <... futex resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 10617] <... symlink resumed>) = 0 [pid 10615] munmap(0x7fe453fca000, 138412032 [pid 10606] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 296] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10617] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10615] <... munmap resumed>) = 0 [pid 10606] <... mmap resumed>) = 0x20000000 [pid 10602] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10617] <... futex resumed>) = 0 [pid 10615] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10606] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] newfstatat(AT_FDCWD, "./411/file0", [pid 10617] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10615] <... openat resumed>) = 4 [pid 10606] <... futex resumed>) = 0 [pid 10602] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10617] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10615] ioctl(4, LOOP_SET_FD, 3 [pid 296] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10616] <... ioctl resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10616] close(3) = 0 [pid 10616] close(4 [pid 10617] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10617] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10617] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10617] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10619]}, 88) = 10619 [pid 10617] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10617] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10617] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10602] <... futex resumed>) = 0 [pid 10602] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10606] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10606] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10606] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10602] <... futex resumed>) = 0 [pid 10606] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10602] exit_group(0 [pid 10618] <... futex resumed>) = ? [pid 10606] <... futex resumed>) = ? [pid 10602] <... exit_group resumed>) = ? [pid 10618] +++ exited with 0 +++ [pid 10606] +++ exited with 0 +++ [pid 10602] +++ exited with 0 +++ [pid 296] openat(AT_FDCWD, "./411/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10602, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] umount2("./411", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./411", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./411/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... openat resumed>) = 4 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(4, "", [pid 298] newfstatat(AT_FDCWD, "./411/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] unlink("./411/binderfs") = 0 [pid 296] getdents64(4, [pid 298] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10615] <... ioctl resumed>) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./411/file0") = 0 [pid 296] getdents64(3, [pid 10615] close(3) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./411") = 0 [pid 296] mkdir("./412", 0777 [pid 10615] close(4 [pid 296] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10619 attached [pid 10619] set_robust_list(0x7fe45c3ea9a0, 24 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10620 [pid 10619] <... set_robust_list resumed>) = 0 [pid 10619] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 10620 attached [pid 10620] set_robust_list(0x5555557b6760, 24 [pid 10619] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10620] <... set_robust_list resumed>) = 0 [pid 10619] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10620] chdir("./412") = 0 [pid 10620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10620] setpgid(0, 0) = 0 [pid 10620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10620] write(3, "1000", 4) = 4 [pid 10620] close(3) = 0 [pid 10620] symlink("/dev/binderfs", "./binderfs" [pid 10619] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10620] <... symlink resumed>) = 0 [pid 10619] <... futex resumed>) = 1 [pid 10620] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10619] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10617] <... futex resumed>) = 0 [pid 10620] <... futex resumed>) = 0 [pid 10619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10617] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10620] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10617] <... futex resumed>) = 0 [pid 10619] memfd_create("syzkaller", 0 [pid 10617] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10619] <... memfd_create resumed>) = 3 [pid 10620] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10620] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10620] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10619] <... mmap resumed>) = 0x7fe453fca000 [pid 10620] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10620] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10621]}, 88) = 10621 [pid 10620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10620] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10620] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10621 attached [pid 10621] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10621] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10621] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10620] <... futex resumed>) = 0 [pid 10620] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10620] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10621] <... futex resumed>) = 1 [pid 10621] memfd_create("syzkaller", 0) = 3 [pid 10621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10616] <... close resumed>) = 0 [pid 10615] <... close resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 10616] mkdir("./file0", 0777 [pid 10615] mkdir("./file0", 0777 [pid 298] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./411/file0", [pid 10616] <... mkdir resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./411/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10615] <... mkdir resumed>) = 0 [pid 10616] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10615] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] <... openat resumed>) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./411/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./411" [pid 10619] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 298] <... rmdir resumed>) = 0 [pid 298] mkdir("./412", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [ 147.228609][T10606] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 147.231352][T10616] loop4: detected capacity change from 0 to 2048 [ 147.244994][T10615] loop2: detected capacity change from 0 to 2048 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10621] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10619] <... write resumed>) = 1048576 [pid 10615] <... mount resumed>) = 0 [pid 10619] munmap(0x7fe453fca000, 138412032 [pid 10615] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10625 [pid 10615] <... openat resumed>) = 3 [pid 10615] chdir("./file0") = 0 [pid 10619] <... munmap resumed>) = 0 [pid 10615] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10619] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10615] <... openat resumed>) = 4 [pid 10615] ioctl(4, LOOP_CLR_FD [pid 10619] <... openat resumed>) = 4 [pid 10615] <... ioctl resumed>) = 0 [pid 10619] ioctl(4, LOOP_SET_FD, 3 [pid 10615] close(4) = 0 [pid 10615] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10611] <... futex resumed>) = 0 [pid 10611] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10611] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10625 attached [pid 10625] set_robust_list(0x5555557b6760, 24) = 0 [pid 10625] chdir("./412") = 0 [pid 10625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10625] setpgid(0, 0) = 0 [pid 10625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10625] write(3, "1000", 4) = 4 [pid 10625] close(3) = 0 [pid 10625] symlink("/dev/binderfs", "./binderfs" [pid 10615] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10625] <... symlink resumed>) = 0 [pid 10615] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10625] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10615] <... futex resumed>) = 1 [pid 10611] <... futex resumed>) = 0 [pid 10611] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10611] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10615] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10615] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10611] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10615] <... futex resumed>) = 0 [pid 10615] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10611] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10611] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10611] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10626]}, 88) = 10626 [pid 10611] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10611] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10611] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10625] <... futex resumed>) = 0 [pid 10625] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10625] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10625] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10625] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10625] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10627]}, 88) = 10627 [pid 10625] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10625] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10625] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10621] <... write resumed>) = 1048576 [pid 10621] munmap(0x7fe453fca000, 138412032) = 0 [pid 10621] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10621] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 10627 attached ./strace-static-x86_64: Process 10626 attached [pid 10619] <... ioctl resumed>) = 0 [pid 10627] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10626] set_robust_list(0x7fe45c3c99a0, 24 [pid 10619] close(3 [pid 10627] <... set_robust_list resumed>) = 0 [pid 10626] <... set_robust_list resumed>) = 0 [pid 10619] <... close resumed>) = 0 [pid 10626] rt_sigprocmask(SIG_SETMASK, [], [pid 10627] rt_sigprocmask(SIG_SETMASK, [], [pid 10621] <... ioctl resumed>) = 0 [pid 10619] close(4 [pid 10627] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10626] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10621] close(3 [pid 10619] <... close resumed>) = 0 [pid 10627] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10626] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10621] <... close resumed>) = 0 [pid 10619] mkdir("./file0", 0777 [pid 10627] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10626] <... write resumed>) = 16 [pid 10621] close(4 [pid 10619] <... mkdir resumed>) = 0 [pid 10627] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10626] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10621] <... close resumed>) = 0 [pid 10619] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10627] <... futex resumed>) = 1 [pid 10626] <... futex resumed>) = 1 [pid 10621] mkdir("./file0", 0777 [pid 10611] <... futex resumed>) = 0 [pid 10627] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10626] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10625] <... futex resumed>) = 0 [pid 10621] <... mkdir resumed>) = 0 [pid 10616] <... mount resumed>) = 0 [pid 10611] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10625] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10616] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10615] <... futex resumed>) = 0 [pid 10611] <... futex resumed>) = 1 [pid 10627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10621] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10625] <... futex resumed>) = 0 [pid 10616] <... openat resumed>) = 3 [pid 10615] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10611] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10627] memfd_create("syzkaller", 0 [pid 10625] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10616] chdir("./file0" [pid 10615] <... mmap resumed>) = 0x20000000 [pid 10627] <... memfd_create resumed>) = 3 [pid 10616] <... chdir resumed>) = 0 [pid 10615] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10616] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10615] <... futex resumed>) = 1 [pid 10611] <... futex resumed>) = 0 [pid 10627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10616] <... openat resumed>) = 4 [pid 10615] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10611] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10616] ioctl(4, LOOP_CLR_FD [pid 10615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 147.316958][T10619] loop0: detected capacity change from 0 to 2048 [ 147.335881][T10621] loop1: detected capacity change from 0 to 2048 [pid 10627] <... mmap resumed>) = 0x7fe453fca000 [pid 10611] <... futex resumed>) = 0 [pid 10616] <... ioctl resumed>) = 0 [pid 10611] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10616] close(4) = 0 [pid 10616] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10612] <... futex resumed>) = 0 [pid 10616] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10612] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10616] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10612] <... futex resumed>) = 0 [pid 10616] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10612] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10616] <... openat resumed>) = 4 [pid 10616] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10612] <... futex resumed>) = 0 [pid 10616] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10612] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10616] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10612] <... futex resumed>) = 0 [pid 10616] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10612] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10616] <... write resumed>) = 16 [pid 10612] <... futex resumed>) = 0 [pid 10616] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10616] <... futex resumed>) = 0 [pid 10612] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10616] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10612] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10631]}, 88) = 10631 [pid 10612] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10612] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10612] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10619] <... mount resumed>) = 0 [pid 10619] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10619] chdir("./file0") = 0 [pid 10619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10619] ioctl(4, LOOP_CLR_FD) = 0 [pid 10619] close(4) = 0 [pid 10619] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10617] <... futex resumed>) = 0 [pid 10619] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10617] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10617] <... futex resumed>) = 0 [pid 10619] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10617] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10619] <... openat resumed>) = 4 [pid 10627] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10619] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10617] <... futex resumed>) = 0 [pid 10619] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10617] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10617] <... futex resumed>) = 0 [pid 10619] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10617] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10619] <... write resumed>) = 16 [pid 10617] <... futex resumed>) = 0 [pid 10619] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10619] <... futex resumed>) = 0 [pid 10617] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10619] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10617] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10617] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10617] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10632]}, 88) = 10632 [pid 10617] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 10631 attached [pid 10617] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10631] set_robust_list(0x7fe45c3c99a0, 24 [pid 10617] <... futex resumed>) = 0 [pid 10631] <... set_robust_list resumed>) = 0 [pid 10617] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10631] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10631] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10631] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10612] <... futex resumed>) = 0 [pid 10631] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10612] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10616] <... futex resumed>) = 0 [pid 10612] <... futex resumed>) = 1 [pid 10616] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10612] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10616] <... mmap resumed>) = 0x20000000 [pid 10616] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10612] <... futex resumed>) = 0 [pid 10616] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10612] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10616] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10612] <... futex resumed>) = 0 [pid 10612] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10616] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10616] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10616] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10612] <... futex resumed>) = 0 [pid 10612] exit_group(0 [pid 10616] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10631] <... futex resumed>) = -1 (errno 18446744073709551414) [pid 10612] <... exit_group resumed>) = ? [pid 10631] +++ exited with 0 +++ [pid 10616] <... futex resumed>) = ? [pid 10616] +++ exited with 0 +++ [pid 10612] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10612, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] umount2("./407", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10627] <... write resumed>) = 1048576 [pid 10627] munmap(0x7fe453fca000, 138412032 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10627] <... munmap resumed>) = 0 [pid 299] openat(AT_FDCWD, "./407", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10627] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 299] getdents64(3, [pid 10627] <... openat resumed>) = 4 [pid 10627] ioctl(4, LOOP_SET_FD, 3 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 10632 attached [pid 299] umount2("./407/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10632] set_robust_list(0x7fe45c3c99a0, 24 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./407/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10615] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10632] <... set_robust_list resumed>) = 0 [pid 10615] sendfile(-1, -1, [0] [pid 299] unlink("./407/binderfs") = 0 [ 147.386237][T10615] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 147.412310][T10616] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 299] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10627] <... ioctl resumed>) = 0 [pid 10615] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10627] close(3) = 0 [pid 10627] close(4 [pid 10632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10632] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10632] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10617] <... futex resumed>) = 0 [pid 10632] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10617] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10619] <... futex resumed>) = 0 [pid 10617] <... futex resumed>) = 1 [pid 10619] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10617] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10619] <... mmap resumed>) = 0x20000000 [pid 10619] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10617] <... futex resumed>) = 0 [pid 10619] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10617] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10615] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10617] <... futex resumed>) = 0 [pid 10617] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10615] <... futex resumed>) = 1 [pid 10611] <... futex resumed>) = 0 [pid 10611] exit_group(0 [pid 10626] <... futex resumed>) = ? [pid 10611] <... exit_group resumed>) = ? [pid 10626] +++ exited with 0 +++ [pid 10619] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10619] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10619] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10615] +++ exited with 0 +++ [pid 10611] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10611, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 10617] <... futex resumed>) = 0 [pid 10617] exit_group(0 [pid 297] <... restart_syscall resumed>) = 0 [pid 10632] <... futex resumed>) = ? [pid 10617] <... exit_group resumed>) = ? [pid 297] umount2("./412", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10632] +++ exited with 0 +++ [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./412", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./412/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./412/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./412/binderfs") = 0 [pid 297] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10619] <... futex resumed>) = ? [pid 10619] +++ exited with 0 +++ [pid 10617] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10617, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./411", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./411", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./411/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./411/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./411/binderfs") = 0 [pid 295] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10621] <... mount resumed>) = 0 [pid 10621] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10621] chdir("./file0") = 0 [pid 10621] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10621] ioctl(4, LOOP_CLR_FD) = 0 [pid 10621] close(4) = 0 [pid 10621] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10620] <... futex resumed>) = 0 [pid 10621] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10620] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10620] <... futex resumed>) = 0 [pid 10621] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10620] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10621] <... openat resumed>) = 4 [pid 10621] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10620] <... futex resumed>) = 0 [pid 10621] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10620] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10620] <... futex resumed>) = 0 [pid 10621] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10620] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10621] <... write resumed>) = 16 [pid 10620] <... futex resumed>) = 0 [pid 10621] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10621] <... futex resumed>) = 0 [pid 10620] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10621] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10620] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10620] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10620] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10635]}, 88) = 10635 [pid 10620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10620] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10620] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10635 attached [pid 10635] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10635] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10635] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10635] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10620] <... futex resumed>) = 0 [pid 10620] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10621] <... futex resumed>) = 0 [pid 10620] <... futex resumed>) = 1 [pid 10621] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10620] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10621] <... mmap resumed>) = 0x20000000 [pid 10621] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10620] <... futex resumed>) = 0 [pid 10621] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10620] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10620] <... futex resumed>) = 0 [pid 10635] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 147.443402][T10627] loop3: detected capacity change from 0 to 2048 [ 147.452510][T10619] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10620] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10627] <... close resumed>) = 0 [pid 10627] mkdir("./file0", 0777) = 0 [pid 10627] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./412/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./412/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./412/file0") = 0 [pid 297] getdents64(3, [pid 299] <... umount2 resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] close(3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... close resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./407/file0", [pid 297] rmdir("./412" [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 299] umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] mkdir("./413", 0777 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... mkdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 299] openat(AT_FDCWD, "./407/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... openat resumed>) = 4 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10637 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, ./strace-static-x86_64: Process 10637 attached 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4 [pid 10637] set_robust_list(0x5555557b6760, 24) = 0 [pid 10637] chdir("./413") = 0 [pid 10637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10637] setpgid(0, 0) = 0 [pid 10637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 299] <... close resumed>) = 0 [pid 10637] write(3, "1000", 4) = 4 [pid 299] rmdir("./407/file0" [pid 10637] close(3) = 0 [pid 10637] symlink("/dev/binderfs", "./binderfs" [pid 299] <... rmdir resumed>) = 0 [pid 10637] <... symlink resumed>) = 0 [pid 299] getdents64(3, [pid 10637] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10637] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10637] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10637] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10637] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] close(3 [pid 10637] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] <... close resumed>) = 0 [pid 10637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 299] rmdir("./407" [pid 10637] <... clone3 resumed> => {parent_tid=[10639]}, 88) = 10639 [pid 10637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 10637] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] mkdir("./408", 0777 [pid 10637] <... futex resumed>) = 0 [pid 10637] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 10639 attached [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10639] set_robust_list(0x7fe45c3ea9a0, 24 [pid 299] <... openat resumed>) = 3 [pid 10639] <... set_robust_list resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 10639] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10639] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] close(3 [pid 10639] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10627] <... mount resumed>) = 0 [pid 10621] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 299] <... close resumed>) = 0 [pid 10639] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10639] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10627] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10621] sendfile(-1, -1, [0] [pid 10639] <... futex resumed>) = 1 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10640 [pid 10639] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10637] <... futex resumed>) = 0 [pid 10627] <... openat resumed>) = 3 [pid 10621] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10627] chdir("./file0" [pid 10637] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10621] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10640 attached [pid 10640] set_robust_list(0x5555557b6760, 24) = 0 [pid 10639] <... futex resumed>) = 0 [pid 10637] <... futex resumed>) = 1 [pid 10627] <... chdir resumed>) = 0 [pid 10621] <... futex resumed>) = 1 [pid 10620] <... futex resumed>) = 0 [pid 10627] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10640] chdir("./408" [pid 10620] exit_group(0 [pid 10627] <... openat resumed>) = 4 [pid 10635] <... futex resumed>) = ? [pid 10627] ioctl(4, LOOP_CLR_FD [pid 10620] <... exit_group resumed>) = ? [pid 10635] +++ exited with 0 +++ [pid 10637] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10627] <... ioctl resumed>) = 0 [pid 10640] <... chdir resumed>) = 0 [pid 10640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10627] close(4 [pid 10640] setpgid(0, 0) = 0 [pid 10639] memfd_create("syzkaller", 0 [pid 10627] <... close resumed>) = 0 [pid 10640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10627] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10640] <... openat resumed>) = 3 [pid 10640] write(3, "1000", 4) = 4 [pid 10640] close(3) = 0 [pid 10640] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10627] <... futex resumed>) = 1 [pid 10625] <... futex resumed>) = 0 [pid 10621] +++ exited with 0 +++ [pid 10620] +++ exited with 0 +++ [pid 10639] <... memfd_create resumed>) = 3 [pid 10639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10627] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10625] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10620, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 10625] <... futex resumed>) = 0 [pid 10640] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10625] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10640] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10627] <... openat resumed>) = 4 [pid 10639] <... mmap resumed>) = 0x7fe453fca000 [pid 10640] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10640] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [ 147.490129][T10621] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10627] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10640] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10640] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10641]}, 88) = 10641 [pid 10640] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10640] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10640] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10641 attached [pid 10641] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10641] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10641] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10641] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10640] <... futex resumed>) = 0 [pid 10640] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10640] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10641] <... futex resumed>) = 1 [pid 10641] memfd_create("syzkaller", 0) = 3 [pid 10641] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10627] <... futex resumed>) = 1 [pid 10625] <... futex resumed>) = 0 [pid 10625] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10627] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10625] <... futex resumed>) = 0 [pid 10627] <... write resumed>) = 16 [pid 10625] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10627] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10625] <... futex resumed>) = 0 [pid 296] umount2("./412", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10627] <... futex resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10625] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10627] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10625] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 296] openat(AT_FDCWD, "./412", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10625] <... mprotect resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 10625] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] newfstatat(3, "", [pid 10625] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10625] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10625] <... clone3 resumed> => {parent_tid=[10642]}, 88) = 10642 [pid 10625] rt_sigprocmask(SIG_SETMASK, [], [pid 296] umount2("./412/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10625] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10625] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10625] <... futex resumed>) = 0 [pid 10625] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] newfstatat(AT_FDCWD, "./412/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./412/binderfs") = 0 [pid 296] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10641] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10639] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10641] <... write resumed>) = 1048576 [pid 10641] munmap(0x7fe453fca000, 138412032./strace-static-x86_64: Process 10642 attached ) = 0 [pid 10642] set_robust_list(0x7fe45c3c99a0, 24 [pid 10639] <... write resumed>) = 1048576 [pid 10641] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10642] <... set_robust_list resumed>) = 0 [pid 10641] <... openat resumed>) = 4 [pid 10641] ioctl(4, LOOP_SET_FD, 3 [pid 10642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10642] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10642] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10625] <... futex resumed>) = 0 [pid 10642] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10625] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10627] <... futex resumed>) = 0 [pid 10625] <... futex resumed>) = 1 [pid 10639] munmap(0x7fe453fca000, 138412032 [pid 10627] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10625] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10627] <... mmap resumed>) = 0x20000000 [pid 10639] <... munmap resumed>) = 0 [pid 10639] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10627] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10625] <... futex resumed>) = 0 [pid 10627] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10625] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10639] ioctl(4, LOOP_SET_FD, 3 [pid 10627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10625] <... futex resumed>) = 0 [pid 10641] <... ioctl resumed>) = 0 [pid 10641] close(3) = 0 [pid 10641] close(4 [pid 10639] <... ioctl resumed>) = 0 [pid 10639] close(3) = 0 [pid 10639] close(4 [pid 10625] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10627] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10627] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10627] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10625] <... futex resumed>) = 0 [pid 10625] exit_group(0 [pid 10642] <... futex resumed>) = ? [pid 10625] <... exit_group resumed>) = ? [pid 10642] +++ exited with 0 +++ [pid 10627] <... futex resumed>) = ? [pid 10627] +++ exited with 0 +++ [pid 10625] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10625, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 298] umount2("./412", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./412", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./412/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./412/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./412/binderfs") = 0 [pid 298] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10641] <... close resumed>) = 0 [pid 10639] <... close resumed>) = 0 [pid 10641] mkdir("./file0", 0777 [pid 10639] mkdir("./file0", 0777 [pid 298] <... umount2 resumed>) = 0 [ 147.580237][T10641] loop4: detected capacity change from 0 to 2048 [ 147.589687][T10639] loop2: detected capacity change from 0 to 2048 [ 147.589826][T10627] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10641] <... mkdir resumed>) = 0 [pid 10639] <... mkdir resumed>) = 0 [pid 298] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 10641] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10639] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 296] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./412/file0", [pid 295] newfstatat(AT_FDCWD, "./411/file0", [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./412/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] openat(AT_FDCWD, "./411/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... openat resumed>) = 4 [pid 295] <... openat resumed>) = 4 [pid 296] newfstatat(4, "", [pid 295] newfstatat(4, "", [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, [pid 295] getdents64(4, [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, [pid 295] getdents64(4, [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4 [pid 295] close(4 [pid 296] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 296] rmdir("./412/file0" [pid 295] rmdir("./411/file0" [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... rmdir resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 296] getdents64(3, [pid 295] getdents64(3, [pid 298] newfstatat(AT_FDCWD, "./412/file0", [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3 [pid 295] close(3 [pid 296] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] rmdir("./412" [pid 295] rmdir("./411" [pid 298] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... rmdir resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 296] mkdir("./413", 0777 [pid 295] mkdir("./412", 0777 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... mkdir resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "./412/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 296] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 298] <... openat resumed>) = 4 [pid 296] ioctl(3, LOOP_CLR_FD [pid 295] ioctl(3, LOOP_CLR_FD [pid 298] newfstatat(4, "", [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] close(3 [pid 295] close(3 [pid 296] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10643 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10644 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 10644 attached [pid 10644] set_robust_list(0x5555557b6760, 24) = 0 [pid 10644] chdir("./412") = 0 [pid 298] getdents64(4, [pid 10644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10644] setpgid(0, 0) = 0 [pid 10644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, [pid 10644] <... openat resumed>) = 3 [pid 10644] write(3, "1000", 4) = 4 [pid 10644] close(3) = 0 [pid 10644] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10644] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10644] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10644] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./412/file0" [pid 10644] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10644] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 10643 attached ) = 0 [pid 10644] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10643] set_robust_list(0x5555557b6760, 24 [pid 298] <... rmdir resumed>) = 0 [pid 10643] <... set_robust_list resumed>) = 0 [pid 10643] chdir("./413" [pid 298] getdents64(3, [pid 10644] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10644] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10643] <... chdir resumed>) = 0 [pid 10643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10643] setpgid(0, 0) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 10645 attached [pid 10643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] close(3 [pid 10645] set_robust_list(0x7fe45c3ea9a0, 24 [pid 298] <... close resumed>) = 0 [pid 10644] <... clone3 resumed> => {parent_tid=[10645]}, 88) = 10645 [pid 10643] <... openat resumed>) = 3 [pid 298] rmdir("./412" [pid 10644] rt_sigprocmask(SIG_SETMASK, [], [pid 10643] write(3, "1000", 4 [pid 10644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10643] <... write resumed>) = 4 [pid 10644] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10643] close(3 [pid 10644] <... futex resumed>) = 0 [pid 10643] <... close resumed>) = 0 [pid 10644] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10643] symlink("/dev/binderfs", "./binderfs" [pid 10645] <... set_robust_list resumed>) = 0 [pid 10643] <... symlink resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 10643] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] mkdir("./413", 0777 [pid 10643] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10643] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10643] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 10643] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10643] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 298] <... openat resumed>) = 3 [pid 10643] <... clone3 resumed> => {parent_tid=[10646]}, 88) = 10646 [pid 10643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 10643] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10643] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] close(3./strace-static-x86_64: Process 10646 attached [pid 10646] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10646] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10646] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10646] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10643] <... futex resumed>) = 0 [pid 10643] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10643] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10646] <... futex resumed>) = 1 [pid 10646] memfd_create("syzkaller", 0 [pid 298] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10646] <... memfd_create resumed>) = 3 [pid 10646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10648 [pid 10645] rt_sigprocmask(SIG_SETMASK, [], [pid 10639] <... mount resumed>) = 0 [pid 10639] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10639] chdir("./file0") = 0 [pid 10639] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10639] ioctl(4, LOOP_CLR_FD) = 0 [pid 10639] close(4 [pid 10645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10639] <... close resumed>) = 0 [pid 10639] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10645] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10639] <... futex resumed>) = 1 [pid 10637] <... futex resumed>) = 0 [pid 10637] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10637] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10639] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10645] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 10648 attached [pid 10645] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10639] <... openat resumed>) = 4 [pid 10645] <... futex resumed>) = 1 [pid 10644] <... futex resumed>) = 0 [pid 10639] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10644] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10639] <... futex resumed>) = 1 [pid 10637] <... futex resumed>) = 0 [pid 10648] set_robust_list(0x5555557b6760, 24 [pid 10645] memfd_create("syzkaller", 0 [pid 10644] <... futex resumed>) = 0 [pid 10639] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10637] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10648] <... set_robust_list resumed>) = 0 [pid 10645] <... memfd_create resumed>) = 3 [pid 10644] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10637] <... futex resumed>) = 0 [pid 10639] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10637] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10639] <... write resumed>) = 16 [pid 10637] <... futex resumed>) = 0 [pid 10645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10639] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10639] <... futex resumed>) = 0 [pid 10637] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10639] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10637] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10645] <... mmap resumed>) = 0x7fe453fca000 [pid 10637] <... clone3 resumed> => {parent_tid=[10651]}, 88) = 10651 [pid 10637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10637] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10637] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10651 attached [pid 10651] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10651] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10651] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10651] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10637] <... futex resumed>) = 0 [pid 10637] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10639] <... futex resumed>) = 0 [pid 10637] <... futex resumed>) = 1 [pid 10639] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10637] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10639] <... mmap resumed>) = 0x20000000 [pid 10639] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10637] <... futex resumed>) = 0 [pid 10639] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10637] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10637] <... futex resumed>) = 0 [pid 10648] chdir("./413" [pid 10646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10648] <... chdir resumed>) = 0 [pid 10637] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10641] <... mount resumed>) = 0 [pid 10641] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10648] setpgid(0, 0 [pid 10641] <... openat resumed>) = 3 [pid 10641] chdir("./file0") = 0 [pid 10641] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10641] ioctl(4, LOOP_CLR_FD) = 0 [pid 10641] close(4 [pid 10651] <... futex resumed>) = 1 [pid 10648] <... setpgid resumed>) = 0 [pid 10646] <... write resumed>) = 1048576 [pid 10645] <... write resumed>) = 1048576 [pid 10641] <... close resumed>) = 0 [pid 10648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10645] munmap(0x7fe453fca000, 138412032 [pid 10641] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10648] <... openat resumed>) = 3 [pid 10645] <... munmap resumed>) = 0 [pid 10641] <... futex resumed>) = 1 [pid 10640] <... futex resumed>) = 0 [pid 10639] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10648] write(3, "1000", 4 [pid 10645] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10648] <... write resumed>) = 4 [pid 10645] <... openat resumed>) = 4 [pid 10641] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10640] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10639] sendfile(-1, -1, [0] [pid 10648] close(3 [pid 10645] ioctl(4, LOOP_SET_FD, 3 [pid 10651] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10648] <... close resumed>) = 0 [pid 10646] munmap(0x7fe453fca000, 138412032 [pid 10641] <... openat resumed>) = 4 [pid 10640] <... futex resumed>) = 0 [pid 10639] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10648] symlink("/dev/binderfs", "./binderfs" [pid 10645] <... ioctl resumed>) = 0 [pid 10641] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10640] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10639] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10641] <... futex resumed>) = 0 [pid 10640] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10639] <... futex resumed>) = 1 [pid 10637] <... futex resumed>) = 0 [pid 10641] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10640] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10639] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10637] exit_group(0 [pid 10651] <... futex resumed>) = ? [pid 10648] <... symlink resumed>) = 0 [pid 10646] <... munmap resumed>) = 0 [pid 10645] close(3 [pid 10641] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10640] <... futex resumed>) = 0 [pid 10639] <... futex resumed>) = ? [pid 10637] <... exit_group resumed>) = ? [pid 10651] +++ exited with 0 +++ [pid 10648] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10646] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10645] <... close resumed>) = 0 [pid 10641] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10640] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10639] +++ exited with 0 +++ [pid 10637] +++ exited with 0 +++ [pid 10648] <... futex resumed>) = 0 [pid 10646] <... openat resumed>) = 4 [pid 10641] <... write resumed>) = 16 [pid 10640] <... futex resumed>) = 0 [pid 10648] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10646] ioctl(4, LOOP_SET_FD, 3 [pid 10641] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10637, si_uid=0, si_status=0, si_utime=1, si_stime=2} --- [pid 10648] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10645] close(4 [pid 10641] <... futex resumed>) = 0 [pid 10648] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10648] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10653]}, 88) = 10653 [pid 10648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10648] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10648] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10640] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10641] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10640] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10640] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] umount2("./413", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10653 attached [pid 10646] <... ioctl resumed>) = 0 [pid 10640] <... rt_sigprocmask resumed>[], 8) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10653] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10646] close(3 [pid 10640] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 297] openat(AT_FDCWD, "./413", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10653] <... set_robust_list resumed>) = 0 [pid 10646] <... close resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 10653] rt_sigprocmask(SIG_SETMASK, [], [pid 10646] close(4 [pid 10640] <... clone3 resumed> => {parent_tid=[10654]}, 88) = 10654 [pid 297] newfstatat(3, "", [pid 10653] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10640] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10653] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10640] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] getdents64(3, [pid 10653] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10640] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10653] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10640] <... futex resumed>) = 0 [pid 297] umount2("./413/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10653] <... futex resumed>) = 1 [pid 10648] <... futex resumed>) = 0 [pid 10640] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 10654 attached [pid 10653] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10648] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] newfstatat(AT_FDCWD, "./413/binderfs", [pid 10653] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10648] <... futex resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10654] set_robust_list(0x7fe45c3c99a0, 24 [pid 10653] memfd_create("syzkaller", 0 [pid 10648] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 297] unlink("./413/binderfs" [pid 10654] <... set_robust_list resumed>) = 0 [pid 10653] <... memfd_create resumed>) = 3 [pid 297] <... unlink resumed>) = 0 [pid 10653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 297] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10653] <... mmap resumed>) = 0x7fe453fca000 [pid 10654] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10654] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10654] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10654] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10640] <... futex resumed>) = 0 [pid 10640] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10640] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10641] <... futex resumed>) = 0 [pid 10641] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10641] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10640] <... futex resumed>) = 0 [ 147.708807][T10639] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 147.737408][T10645] loop0: detected capacity change from 0 to 2048 [ 147.748052][T10646] loop1: detected capacity change from 0 to 2048 [pid 10653] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10640] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10645] <... close resumed>) = 0 [pid 10645] mkdir("./file0", 0777) = 0 [pid 10645] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10653] <... write resumed>) = 1048576 [pid 10653] munmap(0x7fe453fca000, 138412032) = 0 [pid 10653] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10653] ioctl(4, LOOP_SET_FD, 3 [pid 10640] <... futex resumed>) = 0 [pid 10640] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10653] <... ioctl resumed>) = 0 [pid 10653] close(3) = 0 [pid 10653] close(4 [pid 10641] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10641] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10641] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10640] <... futex resumed>) = 0 [pid 10641] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10640] exit_group(0) = ? [pid 10641] <... futex resumed>) = ? [pid 10654] <... futex resumed>) = ? [pid 10641] +++ exited with 0 +++ [pid 10654] +++ exited with 0 +++ [pid 10640] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10640, si_uid=0, si_status=0, si_utime=1, si_stime=2} --- [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 10646] <... close resumed>) = 0 [pid 10646] mkdir("./file0", 0777 [pid 299] <... restart_syscall resumed>) = 0 [pid 10646] <... mkdir resumed>) = 0 [pid 10646] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 299] umount2("./408", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./408", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./408/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./408/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./408/binderfs") = 0 [pid 299] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10645] <... mount resumed>) = 0 [pid 10645] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10645] chdir("./file0") = 0 [pid 10645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10645] ioctl(4, LOOP_CLR_FD) = 0 [pid 10645] close(4) = 0 [pid 10645] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10644] <... futex resumed>) = 0 [pid 10644] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10644] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10645] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10645] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10644] <... futex resumed>) = 0 [pid 10644] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10644] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10644] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10644] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10644] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10644] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10658]}, 88) = 10658 [pid 10644] rt_sigprocmask(SIG_SETMASK, [], [pid 10645] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10644] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 10658 attached [pid 10644] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10658] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10658] rt_sigprocmask(SIG_SETMASK, [], [pid 10645] <... write resumed>) = 16 [pid 10658] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10658] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10658] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10644] <... futex resumed>) = 0 [pid 10645] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10644] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10658] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10644] <... futex resumed>) = 0 [pid 10645] <... futex resumed>) = 0 [pid 10644] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10645] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [ 147.763213][T10641] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 147.777705][T10653] loop3: detected capacity change from 0 to 2048 [pid 10645] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10644] <... futex resumed>) = 0 [pid 10644] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10644] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10653] <... close resumed>) = 0 [pid 10645] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./413/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./413/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./413/file0" [pid 10653] mkdir("./file0", 0777 [pid 299] <... umount2 resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 10653] <... mkdir resumed>) = 0 [pid 297] rmdir("./413" [pid 10653] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 297] <... rmdir resumed>) = 0 [pid 10645] sendfile(-1, -1, [0] [pid 299] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] mkdir("./414", 0777 [pid 10645] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... mkdir resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./408/file0", [pid 10645] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10645] <... futex resumed>) = 1 [pid 10644] <... futex resumed>) = 0 [pid 299] umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10644] exit_group(0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10658] <... futex resumed>) = ? [pid 10644] <... exit_group resumed>) = ? [pid 299] openat(AT_FDCWD, "./408/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... openat resumed>) = 3 [pid 10658] +++ exited with 0 +++ [pid 299] <... openat resumed>) = 4 [pid 297] ioctl(3, LOOP_CLR_FD [pid 299] newfstatat(4, "", [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] close(3 [pid 299] getdents64(4, [pid 297] <... close resumed>) = 0 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] getdents64(4, [pid 10645] +++ exited with 0 +++ [pid 10644] +++ exited with 0 +++ [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10644, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 299] close(4 [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] <... close resumed>) = 0 [pid 299] rmdir("./408/file0" [pid 295] umount2("./412", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./412", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... rmdir resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, [pid 10646] <... mount resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10661 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 10661 attached [pid 10646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 299] getdents64(3, [pid 295] umount2("./412/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10661] set_robust_list(0x5555557b6760, 24 [pid 10646] <... openat resumed>) = 3 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10661] <... set_robust_list resumed>) = 0 [pid 10646] chdir("./file0" [pid 299] close(3 [pid 295] newfstatat(AT_FDCWD, "./412/binderfs", [pid 10661] chdir("./414" [pid 10646] <... chdir resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10646] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 299] rmdir("./408" [pid 295] unlink("./412/binderfs" [pid 10646] <... openat resumed>) = 4 [pid 295] <... unlink resumed>) = 0 [pid 295] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10661] <... chdir resumed>) = 0 [pid 10646] ioctl(4, LOOP_CLR_FD [pid 299] <... rmdir resumed>) = 0 [pid 10661] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10646] <... ioctl resumed>) = 0 [pid 299] mkdir("./409", 0777 [pid 10661] <... prctl resumed>) = 0 [pid 10646] close(4 [pid 299] <... mkdir resumed>) = 0 [pid 10646] <... close resumed>) = 0 [pid 10661] setpgid(0, 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10646] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 3 [pid 10661] <... setpgid resumed>) = 0 [pid 10646] <... futex resumed>) = 1 [pid 10643] <... futex resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 10646] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10643] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10643] <... futex resumed>) = 0 [pid 299] close(3 [pid 10646] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10643] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... close resumed>) = 0 [pid 10661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10646] <... openat resumed>) = 4 [pid 10661] <... openat resumed>) = 3 [pid 10646] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10643] <... futex resumed>) = 0 [pid 10646] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10643] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10643] <... futex resumed>) = 0 [pid 10646] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10643] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10646] <... write resumed>) = 16 [pid 10643] <... futex resumed>) = 0 [pid 10646] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10646] <... futex resumed>) = 0 [pid 10643] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10646] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10643] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10663]}, 88) = 10663 [pid 10643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10643] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10643] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10662 attached [pid 10662] set_robust_list(0x5555557b6760, 24) = 0 [pid 10662] chdir("./409") = 0 [pid 10662] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10661] write(3, "1000", 4 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10662 [pid 10661] <... write resumed>) = 4 [pid 10661] close(3) = 0 [pid 10661] symlink("/dev/binderfs", "./binderfs" [pid 10662] <... prctl resumed>) = 0 [pid 10662] setpgid(0, 0) = 0 [pid 10662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10662] write(3, "1000", 4) = 4 [pid 10662] close(3) = 0 [pid 10662] symlink("/dev/binderfs", "./binderfs") = 0 ./strace-static-x86_64: Process 10663 attached [pid 10663] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10661] <... symlink resumed>) = 0 [pid 10663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10663] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10662] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10663] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10662] <... futex resumed>) = 0 [pid 10661] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10663] <... futex resumed>) = 1 [pid 10661] <... futex resumed>) = 0 [pid 10643] <... futex resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10663] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10662] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10661] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10643] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] newfstatat(AT_FDCWD, "./412/file0", [pid 10662] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10661] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10646] <... futex resumed>) = 0 [pid 10643] <... futex resumed>) = 1 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10662] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10661] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10646] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10643] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10662] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10661] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10646] <... mmap resumed>) = 0x20000000 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10646] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] openat(AT_FDCWD, "./412/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10662] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10661] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10646] <... futex resumed>) = 1 [pid 10643] <... futex resumed>) = 0 [pid 295] <... openat resumed>) = 4 [pid 10662] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10646] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10643] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] newfstatat(4, "", [pid 10662] <... mprotect resumed>) = 0 [pid 10646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 147.805502][T10645] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10643] <... futex resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10661] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10661] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10661] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10666]}, 88) = 10666 [pid 10661] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10661] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10661] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10662] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10667]}, 88) = 10667 [pid 10662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10662] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10662] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10643] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] getdents64(4, ./strace-static-x86_64: Process 10666 attached [pid 10666] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10666] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10666] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, [pid 10666] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10666] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10653] <... mount resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10661] <... futex resumed>) = 0 [pid 10661] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10661] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10653] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 295] close(4 [pid 10666] <... futex resumed>) = 1 [pid 10666] memfd_create("syzkaller", 0) = 3 [pid 10666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 295] <... close resumed>) = 0 [pid 10653] <... openat resumed>) = 3 [pid 10666] <... mmap resumed>) = 0x7fe453fca000 [pid 295] rmdir("./412/file0" [pid 10653] chdir("./file0" [pid 295] <... rmdir resumed>) = 0 [pid 10653] <... chdir resumed>) = 0 [pid 295] getdents64(3, [pid 10653] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10653] <... openat resumed>) = 4 [pid 295] close(3 [pid 10653] ioctl(4, LOOP_CLR_FD [pid 295] <... close resumed>) = 0 [pid 10653] <... ioctl resumed>) = 0 [pid 295] rmdir("./412" [pid 10653] close(4 [pid 295] <... rmdir resumed>) = 0 [pid 10653] <... close resumed>) = 0 [pid 10653] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10648] <... futex resumed>) = 0 [pid 295] mkdir("./413", 0777 [pid 10653] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10648] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... mkdir resumed>) = 0 [pid 10648] <... futex resumed>) = 0 [pid 10653] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10648] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10653] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10653] <... openat resumed>) = 4 [pid 295] <... openat resumed>) = 3 [pid 10653] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10648] <... futex resumed>) = 0 [pid 295] ioctl(3, LOOP_CLR_FD [pid 10653] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10648] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10653] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10648] <... futex resumed>) = 0 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10653] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10648] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] close(3 [pid 10653] <... write resumed>) = 16 [pid 10648] <... futex resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 10653] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10653] <... futex resumed>) = 0 [pid 10648] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10653] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10648] <... mprotect resumed>) = 0 [pid 10648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10668 [pid 10648] <... clone3 resumed> => {parent_tid=[10669]}, 88) = 10669 [pid 10648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10648] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10648] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10646] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10646] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10646] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10643] <... futex resumed>) = 0 [pid 10646] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10643] exit_group(0 [pid 10663] <... futex resumed>) = ? [pid 10646] <... futex resumed>) = ? [pid 10643] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 10669 attached [pid 10663] +++ exited with 0 +++ [pid 10646] +++ exited with 0 +++ [pid 10643] +++ exited with 0 +++ [pid 10669] set_robust_list(0x7fe45c3c99a0, 24./strace-static-x86_64: Process 10668 attached ) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10643, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10669] rt_sigprocmask(SIG_SETMASK, [], [pid 10668] set_robust_list(0x5555557b6760, 24 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 10669] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10668] <... set_robust_list resumed>) = 0 [pid 296] <... restart_syscall resumed>) = 0 [pid 10669] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16./strace-static-x86_64: Process 10667 attached ) = 16 [pid 10668] chdir("./413" [pid 296] umount2("./413", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10669] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10668] <... chdir resumed>) = 0 [pid 10667] set_robust_list(0x7fe45c3ea9a0, 24 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./413", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./413/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10669] <... futex resumed>) = 1 [pid 10668] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10667] <... set_robust_list resumed>) = 0 [pid 10648] <... futex resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./413/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10669] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10668] <... prctl resumed>) = 0 [pid 10667] rt_sigprocmask(SIG_SETMASK, [], [pid 10648] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] unlink("./413/binderfs" [pid 10668] setpgid(0, 0 [pid 10667] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10653] <... futex resumed>) = 0 [pid 10648] <... futex resumed>) = 1 [pid 296] <... unlink resumed>) = 0 [pid 10653] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10648] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10653] <... mmap resumed>) = 0x20000000 [pid 10668] <... setpgid resumed>) = 0 [pid 10667] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10653] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10653] <... futex resumed>) = 1 [pid 10648] <... futex resumed>) = 0 [pid 10653] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10648] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10653] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10648] <... futex resumed>) = 0 [ 147.861726][T10646] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10666] <... write resumed>) = 1048576 [pid 10666] munmap(0x7fe453fca000, 138412032) = 0 [pid 10666] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10666] ioctl(4, LOOP_SET_FD, 3 [pid 10668] <... openat resumed>) = 3 [pid 10667] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10662] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 10653] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10648] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10668] write(3, "1000", 4 [pid 10667] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10662] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10668] <... write resumed>) = 4 [pid 10667] <... futex resumed>) = 0 [pid 10662] <... futex resumed>) = 0 [pid 10668] close(3 [pid 10667] memfd_create("syzkaller", 0 [pid 10662] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10668] <... close resumed>) = 0 [pid 10667] <... memfd_create resumed>) = 3 [pid 10668] symlink("/dev/binderfs", "./binderfs" [pid 10667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10668] <... symlink resumed>) = 0 [pid 10667] <... mmap resumed>) = 0x7fe453fca000 [pid 10668] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10668] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10666] <... ioctl resumed>) = 0 [pid 10668] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10668] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10668] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10668] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10666] close(3 [pid 10653] sendfile(-1, -1, [0] [pid 10668] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10670]}, 88) = 10670 [pid 10668] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10668] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10668] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10670 attached [pid 10670] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10670] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10670] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10670] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10668] <... futex resumed>) = 0 [pid 10668] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10668] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10670] <... futex resumed>) = 1 [pid 10670] memfd_create("syzkaller", 0) = 3 [pid 10670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10667] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10666] <... close resumed>) = 0 [pid 10666] close(4 [pid 10653] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10653] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10648] <... futex resumed>) = 0 [pid 10648] exit_group(0 [pid 10669] <... futex resumed>) = ? [pid 10648] <... exit_group resumed>) = ? [pid 10669] +++ exited with 0 +++ [pid 10653] +++ exited with 0 +++ [pid 10648] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10648, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./413", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./413", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./413/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./413/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./413/binderfs") = 0 [pid 298] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10667] <... write resumed>) = 1048576 [pid 10667] munmap(0x7fe453fca000, 138412032) = 0 [pid 10667] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 147.917507][T10653] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 147.922233][T10666] loop2: detected capacity change from 0 to 2048 [pid 10667] ioctl(4, LOOP_SET_FD, 3 [pid 10670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10667] <... ioctl resumed>) = 0 [pid 10666] <... close resumed>) = 0 [pid 10667] close(3 [pid 10666] mkdir("./file0", 0777 [pid 10670] <... write resumed>) = 1048576 [pid 10670] munmap(0x7fe453fca000, 138412032) = 0 [pid 10670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10670] ioctl(4, LOOP_SET_FD, 3 [pid 10667] <... close resumed>) = 0 [pid 10666] <... mkdir resumed>) = 0 [pid 10666] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10667] close(4 [pid 10670] <... ioctl resumed>) = 0 [pid 10670] close(3) = 0 [pid 10670] close(4 [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./413/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./413/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./413/file0" [pid 298] <... umount2 resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 298] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./413/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./413/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./413/file0" [pid 296] getdents64(3, [pid 298] <... rmdir resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] getdents64(3, [pid 296] close(3 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] <... close resumed>) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./413") = 0 [pid 296] rmdir("./413" [pid 298] mkdir("./414", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] <... rmdir resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 296] mkdir("./414", 0777 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10671 ./strace-static-x86_64: Process 10671 attached [pid 10671] set_robust_list(0x5555557b6760, 24 [pid 296] <... mkdir resumed>) = 0 [pid 10671] <... set_robust_list resumed>) = 0 [pid 10671] chdir("./414") = 0 [pid 10671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10671] setpgid(0, 0) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] <... openat resumed>) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3 [pid 10671] <... openat resumed>) = 3 [pid 296] <... close resumed>) = 0 [pid 10671] write(3, "1000", 4) = 4 [pid 10671] close(3) = 0 [pid 10671] symlink("/dev/binderfs", "./binderfs" [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10671] <... symlink resumed>) = 0 [pid 10671] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10671] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10671] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 ./strace-static-x86_64: Process 10672 attached [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10672 [pid 10671] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10672] set_robust_list(0x5555557b6760, 24) = 0 [pid 10671] <... mprotect resumed>) = 0 [pid 10672] chdir("./414") = 0 [pid 10672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10671] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10672] setpgid(0, 0) = 0 [pid 10671] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10671] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 10673 attached [pid 10672] <... openat resumed>) = 3 [pid 10671] <... clone3 resumed> => {parent_tid=[10673]}, 88) = 10673 [pid 10672] write(3, "1000", 4 [pid 10671] rt_sigprocmask(SIG_SETMASK, [], [pid 10673] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10672] <... write resumed>) = 4 [pid 10671] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10673] <... set_robust_list resumed>) = 0 [pid 10672] close(3 [pid 10671] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10672] <... close resumed>) = 0 [pid 10673] rt_sigprocmask(SIG_SETMASK, [], [pid 10671] <... futex resumed>) = 0 [pid 10672] symlink("/dev/binderfs", "./binderfs" [pid 10673] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10671] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10672] <... symlink resumed>) = 0 [pid 10673] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10672] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10673] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10672] <... futex resumed>) = 0 [pid 10673] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10672] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10673] <... futex resumed>) = 1 [pid 10671] <... futex resumed>) = 0 [pid 10672] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10671] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10672] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10671] <... futex resumed>) = 0 [pid 10672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10671] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10672] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10672] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10673] memfd_create("syzkaller", 0 [pid 10672] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10672] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10674]}, 88) = 10674 [pid 10672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10672] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10672] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10673] <... memfd_create resumed>) = 3 [pid 10673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 ./strace-static-x86_64: Process 10674 attached [pid 10674] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10667] <... close resumed>) = 0 [pid 10674] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10667] mkdir("./file0", 0777 [pid 10674] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10667] <... mkdir resumed>) = 0 [pid 10667] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10666] <... mount resumed>) = 0 [pid 10674] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10674] <... futex resumed>) = 1 [pid 10672] <... futex resumed>) = 0 [pid 10666] <... openat resumed>) = 3 [pid 10672] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10674] memfd_create("syzkaller", 0 [pid 10672] <... futex resumed>) = 0 [pid 10672] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10674] <... memfd_create resumed>) = 3 [pid 10666] chdir("./file0" [pid 10674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10666] <... chdir resumed>) = 0 [pid 10673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10674] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10666] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10666] ioctl(4, LOOP_CLR_FD) = 0 [pid 10666] close(4) = 0 [pid 10666] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10661] <... futex resumed>) = 0 [pid 10661] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10666] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10661] <... futex resumed>) = 0 [pid 10661] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10666] <... openat resumed>) = 4 [pid 10666] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10661] <... futex resumed>) = 0 [pid 10666] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10661] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10666] <... write resumed>) = 16 [pid 10661] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10666] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10661] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10666] <... futex resumed>) = 0 [pid 10661] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10666] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10661] <... mprotect resumed>) = 0 [pid 10661] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10661] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10677]}, 88) = 10677 [pid 10661] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10661] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10661] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10673] <... write resumed>) = 1048576 [pid 10673] munmap(0x7fe453fca000, 138412032) = 0 [ 147.958483][T10667] loop4: detected capacity change from 0 to 2048 [ 147.967091][T10670] loop0: detected capacity change from 0 to 2048 [pid 10673] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10673] ioctl(4, LOOP_SET_FD, 3 [pid 10670] <... close resumed>) = 0 [pid 10670] mkdir("./file0", 0777) = 0 [pid 10670] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue"./strace-static-x86_64: Process 10677 attached [pid 10674] <... write resumed>) = 1048576 [pid 10677] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10674] munmap(0x7fe453fca000, 138412032 [pid 10673] <... ioctl resumed>) = 0 [pid 10677] rt_sigprocmask(SIG_SETMASK, [], [pid 10674] <... munmap resumed>) = 0 [pid 10673] close(3) = 0 [pid 10673] close(4 [pid 10677] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10674] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10677] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10674] <... openat resumed>) = 4 [pid 10677] <... write resumed>) = 16 [pid 10674] ioctl(4, LOOP_SET_FD, 3 [pid 10670] <... mount resumed>) = 0 [pid 10677] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10670] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10670] chdir("./file0") = 0 [pid 10670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10670] ioctl(4, LOOP_CLR_FD) = 0 [pid 10670] close(4) = 0 [pid 10670] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10668] <... futex resumed>) = 0 [pid 10670] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10668] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10670] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10668] <... futex resumed>) = 0 [pid 10670] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10668] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10670] <... openat resumed>) = 4 [pid 10670] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10668] <... futex resumed>) = 0 [pid 10670] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10668] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10670] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10668] <... futex resumed>) = 0 [pid 10670] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10668] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10670] <... write resumed>) = 16 [pid 10668] <... futex resumed>) = 0 [pid 10670] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10670] <... futex resumed>) = 0 [pid 10668] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10670] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10668] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10668] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10680]}, 88) = 10680 [pid 10668] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10668] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10668] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10680 attached [pid 10680] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10680] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10680] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10668] <... futex resumed>) = 0 [pid 10668] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10670] <... futex resumed>) = 0 [pid 10668] <... futex resumed>) = 1 [pid 10670] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10668] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10677] <... futex resumed>) = 1 [pid 10670] <... mmap resumed>) = 0x20000000 [pid 10661] <... futex resumed>) = 0 [pid 10670] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10668] <... futex resumed>) = 0 [pid 10680] <... futex resumed>) = 1 [pid 10677] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10674] <... ioctl resumed>) = 0 [pid 10670] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10668] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10661] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10670] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10668] <... futex resumed>) = 0 [pid 10661] <... futex resumed>) = 1 [pid 10680] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10674] close(3 [pid 10666] <... futex resumed>) = 0 [pid 10666] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10661] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10666] <... mmap resumed>) = 0x20000000 [pid 10666] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10661] <... futex resumed>) = 0 [pid 10666] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10661] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10661] <... futex resumed>) = 0 [pid 10661] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10674] <... close resumed>) = 0 [pid 10674] close(4 [pid 10668] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10667] <... mount resumed>) = 0 [pid 10670] sendfile(-1, -1, [0] [pid 10667] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10670] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10667] <... openat resumed>) = 3 [pid 10670] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10667] chdir("./file0" [pid 10670] <... futex resumed>) = 1 [pid 10667] <... chdir resumed>) = 0 [pid 10670] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10667] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10667] ioctl(4, LOOP_CLR_FD) = 0 [pid 10667] close(4) = 0 [pid 10667] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10667] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10668] <... futex resumed>) = 0 [pid 10668] exit_group(0 [pid 10670] <... futex resumed>) = ? [pid 10668] <... exit_group resumed>) = ? [pid 10670] +++ exited with 0 +++ [pid 10662] <... futex resumed>) = 0 [pid 10662] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10667] <... futex resumed>) = 0 [pid 10662] <... futex resumed>) = 1 [pid 10667] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 148.021017][T10673] loop3: detected capacity change from 0 to 2048 [ 148.039353][T10674] loop1: detected capacity change from 0 to 2048 [ 148.048152][T10670] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10662] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10667] <... openat resumed>) = 4 [pid 10667] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10662] <... futex resumed>) = 0 [pid 10667] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10662] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10667] <... write resumed>) = 16 [pid 10662] <... futex resumed>) = 0 [pid 10667] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10662] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10667] <... futex resumed>) = 0 [pid 10662] <... futex resumed>) = 0 [pid 10667] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10662] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10667] <... write resumed>) = 16 [pid 10667] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10662] <... futex resumed>) = 0 [pid 10667] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10662] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10662] <... futex resumed>) = 0 [pid 10667] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10662] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10667] <... mmap resumed>) = 0x20000000 [pid 10680] <... futex resumed>) = ? [pid 10667] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10674] <... close resumed>) = 0 [pid 10680] +++ exited with 0 +++ [pid 10674] mkdir("./file0", 0777 [pid 10673] <... close resumed>) = 0 [pid 10668] +++ exited with 0 +++ [pid 10667] <... futex resumed>) = 1 [pid 10666] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10662] <... futex resumed>) = 0 [pid 10674] <... mkdir resumed>) = 0 [pid 10673] mkdir("./file0", 0777 [pid 10667] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10666] sendfile(-1, -1, [0] [pid 10662] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10674] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10673] <... mkdir resumed>) = 0 [pid 10667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10662] <... futex resumed>) = 0 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10668, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10673] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10666] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10666] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10661] <... futex resumed>) = 0 [pid 10666] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10661] exit_group(0 [pid 10677] <... futex resumed>) = ? [pid 10666] <... futex resumed>) = ? [pid 10661] <... exit_group resumed>) = ? [pid 10677] +++ exited with 0 +++ [pid 10666] +++ exited with 0 +++ [pid 10661] +++ exited with 0 +++ [pid 10662] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] umount2("./413", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./413", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./413/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./413/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./413/binderfs") = 0 [pid 295] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10661, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./414", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./414", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./414/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./414/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./414/binderfs") = 0 [pid 297] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10667] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10667] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10667] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10662] <... futex resumed>) = 0 [pid 10667] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10662] exit_group(0 [pid 10667] <... futex resumed>) = ? [pid 10662] <... exit_group resumed>) = ? [pid 10667] +++ exited with 0 +++ [pid 10662] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10662, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 299] umount2("./409", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./409", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./409/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./409/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./409/binderfs") = 0 [pid 299] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10674] <... mount resumed>) = 0 [pid 10674] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10674] chdir("./file0") = 0 [pid 10674] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10674] ioctl(4, LOOP_CLR_FD) = 0 [pid 10674] close(4) = 0 [pid 10674] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10672] <... futex resumed>) = 0 [pid 10674] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10672] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10672] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10674] <... openat resumed>) = 4 [pid 10674] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10672] <... futex resumed>) = 0 [pid 10674] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10672] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10674] <... futex resumed>) = 0 [pid 10672] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10674] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10672] <... futex resumed>) = 0 [pid 10674] <... write resumed>) = 16 [pid 10672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10674] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10672] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10674] <... futex resumed>) = 0 [pid 10672] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10674] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10672] <... mprotect resumed>) = 0 [pid 10672] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10672] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10685 attached => {parent_tid=[10685]}, 88) = 10685 [pid 10672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10672] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10672] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10685] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10685] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10685] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10685] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10672] <... futex resumed>) = 0 [pid 10672] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10674] <... futex resumed>) = 0 [pid 10672] <... futex resumed>) = 1 [pid 10685] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10674] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10672] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10674] <... mmap resumed>) = 0x20000000 [pid 10674] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10672] <... futex resumed>) = 0 [ 148.055718][T10666] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 148.084192][T10667] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10672] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10672] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10674] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10674] sendfile(-1, -1, [0] [pid 299] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 299] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./409/file0", [pid 297] newfstatat(AT_FDCWD, "./414/file0", [pid 295] newfstatat(AT_FDCWD, "./413/file0", [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./409/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] openat(AT_FDCWD, "./414/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] openat(AT_FDCWD, "./413/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... openat resumed>) = 4 [pid 297] <... openat resumed>) = 4 [pid 295] <... openat resumed>) = 4 [pid 10674] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 299] newfstatat(4, "", [pid 297] newfstatat(4, "", [pid 295] newfstatat(4, "", [pid 10674] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10674] <... futex resumed>) = 1 [pid 10672] <... futex resumed>) = 0 [pid 299] getdents64(4, [pid 297] getdents64(4, [pid 295] getdents64(4, [pid 10674] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10672] exit_group(0 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10685] <... futex resumed>) = ? [pid 10674] <... futex resumed>) = ? [pid 10672] <... exit_group resumed>) = ? [pid 299] getdents64(4, [pid 297] getdents64(4, [pid 295] getdents64(4, [pid 10685] +++ exited with 0 +++ [pid 10674] +++ exited with 0 +++ [pid 10672] +++ exited with 0 +++ [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4 [pid 297] close(4 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10672, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] close(4 [pid 299] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 299] rmdir("./409/file0" [pid 297] rmdir("./414/file0" [pid 295] rmdir("./413/file0" [pid 299] <... rmdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 299] getdents64(3, [pid 297] getdents64(3, [pid 295] getdents64(3, [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3 [pid 297] close(3 [pid 296] umount2("./414", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] close(3 [pid 299] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... close resumed>) = 0 [pid 299] rmdir("./409" [pid 297] rmdir("./414" [pid 296] openat(AT_FDCWD, "./414", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] rmdir("./413" [pid 299] <... rmdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 295] <... rmdir resumed>) = 0 [pid 299] mkdir("./410", 0777 [pid 297] mkdir("./415", 0777 [pid 296] newfstatat(3, "", [pid 295] mkdir("./414", 0777 [pid 10673] <... mount resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 10673] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] getdents64(3, [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10673] <... openat resumed>) = 3 [pid 299] <... openat resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] <... openat resumed>) = 3 [pid 10673] chdir("./file0" [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] ioctl(3, LOOP_CLR_FD [ 148.122368][T10674] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 296] umount2("./414/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] ioctl(3, LOOP_CLR_FD [pid 10673] <... chdir resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10673] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 299] close(3 [pid 297] close(3 [pid 296] newfstatat(AT_FDCWD, "./414/binderfs", [pid 295] close(3 [pid 10673] <... openat resumed>) = 4 [pid 299] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... close resumed>) = 0 [pid 10673] ioctl(4, LOOP_CLR_FD [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] unlink("./414/binderfs" [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10673] <... ioctl resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 10673] close(4 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10689 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10688 [pid 296] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10690 [pid 10673] <... close resumed>) = 0 [pid 10673] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10671] <... futex resumed>) = 0 [pid 10673] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10671] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10673] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10671] <... futex resumed>) = 0 [pid 10673] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10671] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10673] <... openat resumed>) = 4 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10673] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] newfstatat(AT_FDCWD, "./414/file0", [pid 10673] <... futex resumed>) = 1 [pid 10671] <... futex resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10673] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10671] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10673] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10671] <... futex resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10673] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10671] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] openat(AT_FDCWD, "./414/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 10690 attached [pid 10673] <... write resumed>) = 16 [pid 10671] <... futex resumed>) = 0 [pid 296] <... openat resumed>) = 4 [pid 10690] set_robust_list(0x5555557b6760, 24 [pid 10673] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] newfstatat(4, "", [pid 10690] <... set_robust_list resumed>) = 0 [pid 10673] <... futex resumed>) = 0 [pid 10671] <... mmap resumed>) = 0x7fe45c3a9000 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10690] chdir("./414" [pid 10673] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10671] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 296] getdents64(4, [pid 10690] <... chdir resumed>) = 0 [pid 10671] <... mprotect resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 10688 attached [pid 10690] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10671] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] getdents64(4, ./strace-static-x86_64: Process 10689 attached [pid 10690] <... prctl resumed>) = 0 [pid 10688] set_robust_list(0x5555557b6760, 24 [pid 10671] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10690] setpgid(0, 0 [pid 10689] set_robust_list(0x5555557b6760, 24 [pid 10688] <... set_robust_list resumed>) = 0 [pid 10671] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 296] close(4 [pid 10690] <... setpgid resumed>) = 0 [pid 10689] <... set_robust_list resumed>) = 0 [pid 10688] chdir("./415" [pid 296] <... close resumed>) = 0 [pid 10690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10689] chdir("./410" [pid 10688] <... chdir resumed>) = 0 [pid 10671] <... clone3 resumed> => {parent_tid=[10691]}, 88) = 10691 [pid 296] rmdir("./414/file0"./strace-static-x86_64: Process 10691 attached [pid 10690] <... openat resumed>) = 3 [pid 10689] <... chdir resumed>) = 0 [pid 10688] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10671] rt_sigprocmask(SIG_SETMASK, [], [pid 10690] write(3, "1000", 4 [pid 10689] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10688] <... prctl resumed>) = 0 [pid 10671] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10691] set_robust_list(0x7fe45c3c99a0, 24 [pid 10690] <... write resumed>) = 4 [pid 10689] <... prctl resumed>) = 0 [pid 10688] setpgid(0, 0 [pid 10671] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... rmdir resumed>) = 0 [pid 10690] close(3 [pid 10689] setpgid(0, 0 [pid 10688] <... setpgid resumed>) = 0 [pid 10671] <... futex resumed>) = 0 [pid 10691] <... set_robust_list resumed>) = 0 [pid 296] getdents64(3, [pid 10690] <... close resumed>) = 0 [pid 10689] <... setpgid resumed>) = 0 [pid 10688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10671] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10691] rt_sigprocmask(SIG_SETMASK, [], [pid 10690] symlink("/dev/binderfs", "./binderfs" [pid 10689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10688] <... openat resumed>) = 3 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10691] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10690] <... symlink resumed>) = 0 [pid 10689] <... openat resumed>) = 3 [pid 10688] write(3, "1000", 4 [pid 296] close(3 [pid 10691] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10690] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10689] write(3, "1000", 4 [pid 10688] <... write resumed>) = 4 [pid 296] <... close resumed>) = 0 [pid 10690] <... futex resumed>) = 0 [pid 10689] <... write resumed>) = 4 [pid 10688] close(3 [pid 10691] <... write resumed>) = 16 [pid 10690] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10689] close(3 [pid 10688] <... close resumed>) = 0 [pid 296] rmdir("./414" [pid 10690] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10689] <... close resumed>) = 0 [pid 10688] symlink("/dev/binderfs", "./binderfs" [pid 10690] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10689] symlink("/dev/binderfs", "./binderfs" [pid 10688] <... symlink resumed>) = 0 [pid 10691] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10690] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10689] <... symlink resumed>) = 0 [pid 10688] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... rmdir resumed>) = 0 [pid 10690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10689] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10688] <... futex resumed>) = 0 [pid 10691] <... futex resumed>) = 1 [pid 10690] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10689] <... futex resumed>) = 0 [pid 10688] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10671] <... futex resumed>) = 0 [pid 296] mkdir("./415", 0777 [pid 10691] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10690] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10689] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10688] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10671] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10690] <... mprotect resumed>) = 0 [pid 10689] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10688] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10673] <... futex resumed>) = 0 [pid 10671] <... futex resumed>) = 1 [pid 10690] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10689] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10688] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10673] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10671] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... mkdir resumed>) = 0 [pid 10690] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10673] <... mmap resumed>) = 0x20000000 [pid 10690] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10688] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10673] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10689] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10688] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10673] <... futex resumed>) = 1 [pid 10671] <... futex resumed>) = 0 [pid 10690] <... clone3 resumed> => {parent_tid=[10692]}, 88) = 10692 [pid 10689] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10688] <... mprotect resumed>) = 0 [pid 10673] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10671] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10690] rt_sigprocmask(SIG_SETMASK, [], [pid 10689] <... mprotect resumed>) = 0 [pid 10688] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10673] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10671] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10692 attached [pid 10690] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10689] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10688] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10692] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10692] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10671] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10690] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10692] <... futex resumed>) = 0 [pid 10690] <... futex resumed>) = 1 [pid 10692] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10690] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10692] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10692] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10690] <... futex resumed>) = 0 [pid 10692] memfd_create("syzkaller", 0 [pid 10690] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10692] <... memfd_create resumed>) = 3 [pid 10690] <... futex resumed>) = 0 [pid 10692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10690] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10692] <... mmap resumed>) = 0x7fe453fca000 [pid 10689] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10688] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10688] <... clone3 resumed> => {parent_tid=[10693]}, 88) = 10693 [pid 10673] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10689] <... clone3 resumed> => {parent_tid=[10694]}, 88) = 10694 [pid 10688] rt_sigprocmask(SIG_SETMASK, [], [pid 10689] rt_sigprocmask(SIG_SETMASK, [], [pid 10688] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10673] sendfile(-1, -1, [0] [pid 10689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10688] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10689] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10688] <... futex resumed>) = 0 [pid 10689] <... futex resumed>) = 0 [pid 10688] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10689] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10673] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10673] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10671] <... futex resumed>) = 0 [pid 10673] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10671] exit_group(0 [pid 10691] <... futex resumed>) = ? [pid 10673] <... futex resumed>) = ? [pid 10671] <... exit_group resumed>) = ? [pid 10691] +++ exited with 0 +++ ./strace-static-x86_64: Process 10693 attached [pid 10673] +++ exited with 0 +++ [pid 10671] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10671, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 10694 attached [pid 10693] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10692] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 298] <... restart_syscall resumed>) = 0 [pid 10694] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10693] <... set_robust_list resumed>) = 0 [pid 10694] <... set_robust_list resumed>) = 0 [pid 10693] rt_sigprocmask(SIG_SETMASK, [], [pid 298] umount2("./414", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10694] rt_sigprocmask(SIG_SETMASK, [], [pid 10693] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10694] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10693] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 298] openat(AT_FDCWD, "./414", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10694] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10693] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 298] <... openat resumed>) = 3 [pid 10694] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10693] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] newfstatat(3, "", [pid 10694] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10693] <... futex resumed>) = 1 [pid 10688] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10688] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10689] <... futex resumed>) = 0 [pid 10688] <... futex resumed>) = 0 [pid 10689] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] getdents64(3, [pid 10694] <... futex resumed>) = 1 [pid 10693] memfd_create("syzkaller", 0 [pid 10689] <... futex resumed>) = 0 [pid 10688] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10694] memfd_create("syzkaller", 0 [pid 10693] <... memfd_create resumed>) = 3 [pid 10689] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10694] <... memfd_create resumed>) = 3 [pid 10693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] umount2("./414/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10693] <... mmap resumed>) = 0x7fe453fca000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10694] <... mmap resumed>) = 0x7fe453fca000 [pid 10693] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10692] <... write resumed>) = 1048576 [pid 298] newfstatat(AT_FDCWD, "./414/binderfs", [pid 296] <... openat resumed>) = 3 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 298] unlink("./414/binderfs" [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... unlink resumed>) = 0 [pid 296] close(3 [pid 10694] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10692] munmap(0x7fe453fca000, 138412032 [pid 298] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... close resumed>) = 0 [pid 10692] <... munmap resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10695 [pid 10692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 148.216381][T10673] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10692] ioctl(4, LOOP_SET_FD, 3 [pid 10693] <... write resumed>) = 1048576 [pid 10693] munmap(0x7fe453fca000, 138412032) = 0 [pid 10693] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10693] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 10695 attached [pid 10694] <... write resumed>) = 1048576 [pid 10692] <... ioctl resumed>) = 0 [pid 10694] munmap(0x7fe453fca000, 138412032) = 0 [pid 10694] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10695] set_robust_list(0x5555557b6760, 24 [pid 10694] ioctl(4, LOOP_SET_FD, 3 [pid 10695] <... set_robust_list resumed>) = 0 [pid 10693] <... ioctl resumed>) = 0 [pid 10692] close(3 [pid 10695] chdir("./415" [pid 10693] close(3 [pid 10692] <... close resumed>) = 0 [pid 10695] <... chdir resumed>) = 0 [pid 10693] <... close resumed>) = 0 [pid 10692] close(4 [pid 10695] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10693] close(4 [pid 10694] <... ioctl resumed>) = 0 [pid 10694] close(3) = 0 [pid 10694] close(4 [pid 10695] <... prctl resumed>) = 0 [pid 10695] setpgid(0, 0) = 0 [pid 10695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10695] write(3, "1000", 4) = 4 [pid 10695] close(3) = 0 [pid 10695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10695] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10695] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10695] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10695] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10696]}, 88) = 10696 [pid 10695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10695] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10695] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10696 attached [pid 10696] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10696] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10696] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10696] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10695] <... futex resumed>) = 0 [pid 10695] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10695] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10696] <... futex resumed>) = 1 [pid 10696] memfd_create("syzkaller", 0) = 3 [pid 10696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./414/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./414/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./414/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./414") = 0 [pid 298] mkdir("./415", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 10696] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 298] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10697 [pid 10696] <... write resumed>) = 1048576 [pid 10696] munmap(0x7fe453fca000, 138412032) = 0 [pid 10696] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 148.261431][T10692] loop0: detected capacity change from 0 to 2048 [ 148.268012][T10693] loop2: detected capacity change from 0 to 2048 [ 148.271999][T10694] loop4: detected capacity change from 0 to 2048 [pid 10696] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10696] close(3) = 0 [pid 10696] close(4./strace-static-x86_64: Process 10697 attached [pid 10697] set_robust_list(0x5555557b6760, 24) = 0 [pid 10697] chdir("./415") = 0 [pid 10697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10697] setpgid(0, 0) = 0 [pid 10697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10697] write(3, "1000", 4) = 4 [pid 10697] close(3) = 0 [pid 10697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10697] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10697] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10697] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10697] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10697] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10698]}, 88) = 10698 [pid 10697] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10697] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10697] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10698 attached [pid 10698] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10698] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10698] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10698] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10697] <... futex resumed>) = 0 [pid 10697] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10697] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10698] <... futex resumed>) = 1 [pid 10698] memfd_create("syzkaller", 0) = 3 [pid 10698] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10693] <... close resumed>) = 0 [pid 10693] mkdir("./file0", 0777) = 0 [pid 10693] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10694] <... close resumed>) = 0 [pid 10692] <... close resumed>) = 0 [pid 10694] mkdir("./file0", 0777 [pid 10692] mkdir("./file0", 0777 [pid 10694] <... mkdir resumed>) = 0 [pid 10692] <... mkdir resumed>) = 0 [pid 10694] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10692] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10696] <... close resumed>) = 0 [pid 10696] mkdir("./file0", 0777) = 0 [pid 10696] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10693] <... mount resumed>) = 0 [pid 10698] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10693] chdir("./file0") = 0 [pid 10693] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10692] <... mount resumed>) = 0 [pid 10692] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10692] chdir("./file0") = 0 [pid 10692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10692] ioctl(4, LOOP_CLR_FD) = 0 [pid 10692] close(4) = 0 [pid 10692] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10690] <... futex resumed>) = 0 [pid 10692] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10690] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10693] <... openat resumed>) = 4 [pid 10692] <... openat resumed>) = 4 [pid 10690] <... futex resumed>) = 0 [pid 10692] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10690] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10692] <... futex resumed>) = 0 [pid 10690] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10692] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10690] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10692] <... write resumed>) = 16 [pid 10690] <... futex resumed>) = 0 [pid 10692] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10690] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10692] <... futex resumed>) = 0 [pid 10690] <... futex resumed>) = 0 [pid 10692] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10690] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10690] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10690] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10693] ioctl(4, LOOP_CLR_FD [pid 10690] <... clone3 resumed> => {parent_tid=[10703]}, 88) = 10703 [pid 10690] rt_sigprocmask(SIG_SETMASK, [], [pid 10693] <... ioctl resumed>) = 0 [pid 10690] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10690] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10690] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10703 attached [pid 10703] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10703] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10703] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10703] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10690] <... futex resumed>) = 0 [pid 10690] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10692] <... futex resumed>) = 0 [pid 10690] <... futex resumed>) = 1 [pid 10692] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10690] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10692] <... mmap resumed>) = 0x20000000 [pid 10693] close(4 [pid 10692] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10693] <... close resumed>) = 0 [pid 10693] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10692] <... futex resumed>) = 1 [pid 10690] <... futex resumed>) = 0 [pid 10703] <... futex resumed>) = 1 [pid 10698] <... write resumed>) = 1048576 [pid 10693] <... futex resumed>) = 1 [pid 10690] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10688] <... futex resumed>) = 0 [pid 10693] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10698] munmap(0x7fe453fca000, 138412032 [pid 10703] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10698] <... munmap resumed>) = 0 [pid 10698] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10698] ioctl(4, LOOP_SET_FD, 3 [pid 10692] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10690] <... futex resumed>) = 0 [pid 10688] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10693] <... futex resumed>) = 0 [pid 10690] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10688] <... futex resumed>) = 1 [pid 10693] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10688] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10693] <... openat resumed>) = 4 [pid 10693] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10688] <... futex resumed>) = 0 [pid 10693] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10688] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10693] <... write resumed>) = 16 [pid 10688] <... futex resumed>) = 0 [pid 10693] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10688] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10693] <... futex resumed>) = 0 [pid 10688] <... futex resumed>) = 0 [pid 10693] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10688] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10688] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10688] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10688] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10705]}, 88) = 10705 [pid 10688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 148.301737][T10696] loop1: detected capacity change from 0 to 2048 [ 148.331688][T10692] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10688] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10688] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10692] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10692] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10705 attached [pid 10698] <... ioctl resumed>) = 0 [pid 10692] <... futex resumed>) = 1 [pid 10698] close(3) = 0 [pid 10698] close(4 [pid 10690] <... futex resumed>) = 0 [pid 10705] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10690] exit_group(0 [pid 10705] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10703] <... futex resumed>) = 0 [pid 10690] <... exit_group resumed>) = ? [pid 10705] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10703] +++ exited with 0 +++ [pid 10705] <... write resumed>) = 16 [pid 10705] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10705] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10696] <... mount resumed>) = 0 [pid 10688] <... futex resumed>) = 0 [pid 10692] +++ exited with 0 +++ [pid 10690] +++ exited with 0 +++ [pid 10688] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10696] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10693] <... futex resumed>) = 0 [pid 10688] <... futex resumed>) = 1 [pid 10693] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10696] <... openat resumed>) = 3 [pid 10688] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10690, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10696] chdir("./file0" [pid 10693] <... mmap resumed>) = 0x20000000 [pid 10693] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] umount2("./414", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10696] <... chdir resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./414", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10696] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10693] <... futex resumed>) = 1 [pid 10688] <... futex resumed>) = 0 [pid 10696] <... openat resumed>) = 4 [pid 295] <... openat resumed>) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, [pid 10688] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./414/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./414/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./414/binderfs") = 0 [pid 295] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10696] ioctl(4, LOOP_CLR_FD) = 0 [pid 10696] close(4) = 0 [pid 10696] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10696] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10688] <... futex resumed>) = 0 [pid 10688] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10695] <... futex resumed>) = 0 [pid 10695] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10696] <... futex resumed>) = 0 [pid 10695] <... futex resumed>) = 1 [pid 10696] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10695] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10696] <... openat resumed>) = 4 [pid 10696] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10695] <... futex resumed>) = 0 [pid 10696] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10695] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10695] <... futex resumed>) = 0 [pid 10696] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10695] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10696] <... write resumed>) = 16 [pid 10695] <... futex resumed>) = 0 [pid 10696] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10696] <... futex resumed>) = 0 [pid 10695] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10696] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10695] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10707]}, 88) = 10707 [pid 10695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10695] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 10707 attached [pid 10695] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10693] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10707] set_robust_list(0x7fe45c3c99a0, 24 [pid 10693] sendfile(-1, -1, [0] [pid 10707] <... set_robust_list resumed>) = 0 [pid 10707] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10707] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10707] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10695] <... futex resumed>) = 0 [pid 10707] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10695] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10696] <... futex resumed>) = 0 [pid 10695] <... futex resumed>) = 1 [pid 10696] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10695] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10696] <... mmap resumed>) = 0x20000000 [pid 10693] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10696] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10693] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10696] <... futex resumed>) = 1 [pid 10695] <... futex resumed>) = 0 [pid 10696] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10695] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10694] <... mount resumed>) = 0 [pid 10693] <... futex resumed>) = 1 [pid 10688] <... futex resumed>) = 0 [pid 10696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10695] <... futex resumed>) = 0 [pid 10694] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10693] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10695] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10694] <... openat resumed>) = 3 [pid 10688] exit_group(0 [pid 10705] <... futex resumed>) = ? [pid 10694] chdir("./file0" [pid 10693] <... futex resumed>) = ? [pid 10688] <... exit_group resumed>) = ? [pid 10705] +++ exited with 0 +++ [pid 10694] <... chdir resumed>) = 0 [pid 10693] +++ exited with 0 +++ [pid 10688] +++ exited with 0 +++ [pid 10694] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10688, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10694] <... openat resumed>) = 4 [pid 10694] ioctl(4, LOOP_CLR_FD) = 0 [pid 10694] close(4) = 0 [pid 10694] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10689] <... futex resumed>) = 0 [pid 10694] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10689] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10694] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10689] <... futex resumed>) = 0 [pid 10694] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10689] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10694] <... openat resumed>) = 4 [pid 10694] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10689] <... futex resumed>) = 0 [pid 10694] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10689] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./415", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10694] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10689] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10694] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10689] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] openat(AT_FDCWD, "./415", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10694] <... write resumed>) = 16 [pid 10689] <... futex resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 10694] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] newfstatat(3, "", [pid 10694] <... futex resumed>) = 0 [pid 10689] <... mmap resumed>) = 0x7fe45c3a9000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10694] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10689] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 297] getdents64(3, [pid 10689] <... mprotect resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10689] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] umount2("./415/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10689] <... rt_sigprocmask resumed>[], 8) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 297] newfstatat(AT_FDCWD, "./415/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10689] <... clone3 resumed> => {parent_tid=[10710]}, 88) = 10710 [pid 297] unlink("./415/binderfs" [pid 10689] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... unlink resumed>) = 0 [pid 10689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10689] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10689] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10710 attached [ 148.337984][T10698] loop3: detected capacity change from 0 to 2048 [ 148.357761][T10693] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 148.384141][T10696] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10710] set_robust_list(0x7fe45c3c99a0, 24 [pid 10698] <... close resumed>) = 0 [pid 10698] mkdir("./file0", 0777) = 0 [pid 10698] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10710] <... set_robust_list resumed>) = 0 [pid 10710] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10710] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10710] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10710] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10689] <... futex resumed>) = 0 [pid 10696] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10689] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10696] sendfile(-1, -1, [0] [pid 10689] <... futex resumed>) = 1 [pid 10694] <... futex resumed>) = 0 [pid 10689] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10694] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10694] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10689] <... futex resumed>) = 0 [pid 10694] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10689] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10696] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10694] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10689] <... futex resumed>) = 0 [pid 10696] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10695] <... futex resumed>) = 0 [pid 10695] exit_group(0 [pid 10689] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10707] <... futex resumed>) = ? [pid 10695] <... exit_group resumed>) = ? [pid 10707] +++ exited with 0 +++ [pid 10696] <... futex resumed>) = ? [pid 10696] +++ exited with 0 +++ [pid 10695] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10695, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./415", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./415", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./415/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./415/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./415/binderfs") = 0 [pid 296] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = 0 [pid 10698] <... mount resumed>) = 0 [pid 10694] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 295] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10698] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10694] sendfile(-1, -1, [0] [pid 10698] <... openat resumed>) = 3 [pid 10694] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10698] chdir("./file0" [pid 10694] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10698] <... chdir resumed>) = 0 [pid 10694] <... futex resumed>) = 1 [pid 10689] <... futex resumed>) = 0 [pid 10698] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10694] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10689] exit_group(0 [pid 10698] <... openat resumed>) = 4 [pid 10694] <... futex resumed>) = ? [pid 10689] <... exit_group resumed>) = ? [pid 10698] ioctl(4, LOOP_CLR_FD [pid 10694] +++ exited with 0 +++ [pid 10698] <... ioctl resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10698] close(4 [pid 10710] <... futex resumed>) = ? [pid 10698] <... close resumed>) = 0 [pid 295] newfstatat(AT_FDCWD, "./414/file0", [pid 10710] +++ exited with 0 +++ [pid 10689] +++ exited with 0 +++ [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10698] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10697] <... futex resumed>) = 0 [pid 10698] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10697] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10698] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10697] <... futex resumed>) = 0 [pid 10698] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10697] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10698] <... openat resumed>) = 4 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10689, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 295] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10698] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10697] <... futex resumed>) = 0 [pid 10698] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10697] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10698] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10697] <... futex resumed>) = 0 [pid 10698] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10697] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10698] <... write resumed>) = 16 [pid 10697] <... futex resumed>) = 0 [pid 10698] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10698] <... futex resumed>) = 0 [pid 10697] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10698] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10697] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10697] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10713]}, 88) = 10713 [pid 10697] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10697] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10697] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10713 attached [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10713] set_robust_list(0x7fe45c3c99a0, 24 [pid 299] <... restart_syscall resumed>) = 0 [pid 295] openat(AT_FDCWD, "./414/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10713] <... set_robust_list resumed>) = 0 [pid 295] <... openat resumed>) = 4 [pid 10713] rt_sigprocmask(SIG_SETMASK, [], [pid 295] newfstatat(4, "", [pid 10713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] umount2("./410", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10713] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] getdents64(4, [pid 10713] <... write resumed>) = 16 [pid 299] openat(AT_FDCWD, "./410", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10713] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 3 [pid 295] getdents64(4, [pid 10713] <... futex resumed>) = 1 [pid 10697] <... futex resumed>) = 0 [pid 299] newfstatat(3, "", [pid 10713] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10697] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10698] <... futex resumed>) = 0 [pid 10697] <... futex resumed>) = 1 [pid 299] getdents64(3, [pid 295] close(4 [pid 10698] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10697] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] <... close resumed>) = 0 [pid 10698] <... mmap resumed>) = 0x20000000 [pid 299] umount2("./410/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] rmdir("./414/file0" [pid 10698] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10698] <... futex resumed>) = 1 [pid 10697] <... futex resumed>) = 0 [pid 10698] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10697] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10698] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 148.406673][T10694] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 299] newfstatat(AT_FDCWD, "./410/binderfs", [pid 295] <... rmdir resumed>) = 0 [pid 10697] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] getdents64(3, [pid 10697] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] unlink("./410/binderfs" [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] <... unlink resumed>) = 0 [pid 295] close(3 [pid 299] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... close resumed>) = 0 [pid 295] rmdir("./414") = 0 [pid 295] mkdir("./415", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10714 ./strace-static-x86_64: Process 10714 attached [pid 10714] set_robust_list(0x5555557b6760, 24) = 0 [pid 10714] chdir("./415") = 0 [pid 10714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10714] setpgid(0, 0) = 0 [pid 10714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10714] write(3, "1000", 4) = 4 [pid 10714] close(3) = 0 [pid 10714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10714] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10714] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10714] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10714] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10714] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10714] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10715]}, 88) = 10715 [pid 10714] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10714] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10714] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10715 attached [pid 10715] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10715] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10715] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10715] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10714] <... futex resumed>) = 0 [pid 10714] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10714] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10715] <... futex resumed>) = 1 [pid 10715] memfd_create("syzkaller", 0) = 3 [pid 10715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10698] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10698] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10698] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10697] <... futex resumed>) = 0 [pid 10697] exit_group(0 [pid 10713] <... futex resumed>) = ? [pid 10697] <... exit_group resumed>) = ? [pid 10713] +++ exited with 0 +++ [pid 10698] +++ exited with 0 +++ [pid 10697] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10697, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 298] umount2("./415", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./415", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./415/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./415/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./415/binderfs") = 0 [pid 298] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = 0 [pid 296] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./415/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./415/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] openat(AT_FDCWD, "./415/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10715] <... write resumed>) = 1048576 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./415/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... openat resumed>) = 4 [pid 297] <... openat resumed>) = 4 [pid 296] newfstatat(4, "", [pid 297] newfstatat(4, "", [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, [pid 10715] munmap(0x7fe453fca000, 138412032 [pid 297] getdents64(4, [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./415/file0") = 0 [pid 296] getdents64(4, [pid 297] getdents64(3, [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./415" [pid 296] close(4 [pid 297] <... rmdir resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 297] mkdir("./416", 0777) = 0 [pid 296] rmdir("./415/file0" [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... rmdir resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10716 ./strace-static-x86_64: Process 10716 attached [pid 10715] <... munmap resumed>) = 0 [pid 296] getdents64(3, [pid 10716] set_robust_list(0x5555557b6760, 24 [pid 10715] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10716] <... set_robust_list resumed>) = 0 [pid 10715] <... openat resumed>) = 4 [pid 296] close(3 [pid 10716] chdir("./416" [ 148.457477][T10698] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10715] ioctl(4, LOOP_SET_FD, 3 [pid 296] <... close resumed>) = 0 [pid 10716] <... chdir resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./415/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./415/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./415/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./415") = 0 [pid 298] mkdir("./416", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 296] rmdir("./415" [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10717 ./strace-static-x86_64: Process 10717 attached [pid 10717] set_robust_list(0x5555557b6760, 24) = 0 [pid 10717] chdir("./416") = 0 [pid 10717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10717] setpgid(0, 0) = 0 [pid 10717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10717] write(3, "1000", 4) = 4 [pid 10717] close(3) = 0 [pid 10717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10717] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10717] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10717] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10717] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10717] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10717] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10718]}, 88) = 10718 [pid 10717] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10717] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10717] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10718 attached [pid 10718] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10718] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10718] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10718] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10717] <... futex resumed>) = 0 [pid 10717] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10717] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10718] <... futex resumed>) = 1 [pid 10718] memfd_create("syzkaller", 0) = 3 [pid 10718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10716] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10715] <... ioctl resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... rmdir resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./410/file0", [pid 296] mkdir("./416", 0777 [pid 10715] close(3 [pid 10716] <... prctl resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 299] umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10715] <... close resumed>) = 0 [pid 10716] setpgid(0, 0 [pid 299] openat(AT_FDCWD, "./410/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 10715] close(4 [pid 10716] <... setpgid resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 299] newfstatat(4, "", [pid 10716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, [pid 296] <... openat resumed>) = 3 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, [pid 296] ioctl(3, LOOP_CLR_FD [pid 10716] <... openat resumed>) = 3 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(4 [pid 296] close(3 [pid 10716] write(3, "1000", 4 [pid 299] <... close resumed>) = 0 [pid 299] rmdir("./410/file0" [pid 296] <... close resumed>) = 0 [pid 10716] <... write resumed>) = 4 [pid 299] <... rmdir resumed>) = 0 [pid 10716] close(3 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10716] <... close resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10719 [pid 299] close(3 [pid 10716] symlink("/dev/binderfs", "./binderfs" [pid 299] <... close resumed>) = 0 [pid 299] rmdir("./410") = 0 [pid 10716] <... symlink resumed>) = 0 [pid 299] mkdir("./411", 0777) = 0 [pid 10716] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 10716] <... futex resumed>) = 0 [pid 10716] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 10716] <... rt_sigaction resumed>NULL, 8) = 0 [pid 299] close(3 [pid 10716] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 299] <... close resumed>) = 0 [pid 10716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10716] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10716] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10720 [pid 10716] <... mprotect resumed>) = 0 [pid 10716] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 10719 attached [], 8) = 0 [pid 10719] set_robust_list(0x5555557b6760, 24 [pid 10716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10721]}, 88) = 10721 [pid 10716] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10716] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10719] <... set_robust_list resumed>) = 0 [pid 10716] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10720 attached [pid 10716] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10719] chdir("./416"./strace-static-x86_64: Process 10721 attached [pid 10721] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10721] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10721] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10721] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10716] <... futex resumed>) = 0 [pid 10716] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10716] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10721] <... futex resumed>) = 1 [pid 10721] memfd_create("syzkaller", 0 [pid 10719] <... chdir resumed>) = 0 [pid 10720] set_robust_list(0x5555557b6760, 24 [pid 10719] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10720] <... set_robust_list resumed>) = 0 [pid 10719] <... prctl resumed>) = 0 [pid 10718] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10720] chdir("./411" [pid 10719] setpgid(0, 0 [pid 10720] <... chdir resumed>) = 0 [pid 10720] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10719] <... setpgid resumed>) = 0 [pid 10721] <... memfd_create resumed>) = 3 [pid 10720] <... prctl resumed>) = 0 [pid 10719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10718] <... write resumed>) = 1048576 [pid 10718] munmap(0x7fe453fca000, 138412032 [pid 10719] <... openat resumed>) = 3 [pid 10719] write(3, "1000", 4 [pid 10720] setpgid(0, 0 [pid 10718] <... munmap resumed>) = 0 [pid 10718] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 148.511264][T10715] loop0: detected capacity change from 0 to 2048 [pid 10718] ioctl(4, LOOP_SET_FD, 3 [pid 10721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10720] <... setpgid resumed>) = 0 [pid 10719] <... write resumed>) = 4 [pid 10719] close(3) = 0 [pid 10719] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10719] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10719] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10719] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10719] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10719] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10719] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10719] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10719] <... clone3 resumed> => {parent_tid=[10722]}, 88) = 10722 [pid 10719] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10719] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10719] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10720] <... openat resumed>) = 3 [pid 10720] write(3, "1000", 4) = 4 [pid 10720] close(3) = 0 [pid 10720] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10720] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10720] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10720] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 ./strace-static-x86_64: Process 10722 attached [pid 10718] <... ioctl resumed>) = 0 [pid 10722] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10721] <... mmap resumed>) = 0x7fe453fca000 [pid 10722] <... set_robust_list resumed>) = 0 [pid 10720] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10722] rt_sigprocmask(SIG_SETMASK, [], [pid 10720] <... mprotect resumed>) = 0 [pid 10722] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10720] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10718] close(3 [pid 10720] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10720] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10722] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10718] <... close resumed>) = 0 [pid 10722] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10718] close(4 [pid 10722] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10722] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10719] <... futex resumed>) = 0 [pid 10719] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10719] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10720] <... clone3 resumed> => {parent_tid=[10723]}, 88) = 10723 [pid 10722] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10722] memfd_create("syzkaller", 0 [pid 10720] rt_sigprocmask(SIG_SETMASK, [], [pid 10722] <... memfd_create resumed>) = 3 [pid 10722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10720] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10722] <... mmap resumed>) = 0x7fe453fca000 [pid 10720] <... futex resumed>) = 0 [pid 10720] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10723 attached [pid 10723] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10723] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10723] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10723] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10720] <... futex resumed>) = 0 [pid 10720] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10720] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10723] <... futex resumed>) = 1 [pid 10723] memfd_create("syzkaller", 0) = 3 [pid 10723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10723] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10722] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10715] <... close resumed>) = 0 [pid 10715] mkdir("./file0", 0777) = 0 [pid 10715] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10721] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10723] <... write resumed>) = 1048576 [pid 10723] munmap(0x7fe453fca000, 138412032) = 0 [pid 10723] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10723] ioctl(4, LOOP_SET_FD, 3 [pid 10722] <... write resumed>) = 1048576 [pid 10721] <... write resumed>) = 1048576 [pid 10722] munmap(0x7fe453fca000, 138412032) = 0 [pid 10722] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10722] ioctl(4, LOOP_SET_FD, 3 [pid 10723] <... ioctl resumed>) = 0 [pid 10721] munmap(0x7fe453fca000, 138412032 [pid 10723] close(3) = 0 [pid 10723] close(4 [pid 10721] <... munmap resumed>) = 0 [pid 10721] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10721] ioctl(4, LOOP_SET_FD, 3 [pid 10722] <... ioctl resumed>) = 0 [pid 10722] close(3 [pid 10718] <... close resumed>) = 0 [pid 10718] mkdir("./file0", 0777) = 0 [pid 10718] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10722] <... close resumed>) = 0 [pid 10721] <... ioctl resumed>) = 0 [pid 10722] close(4 [pid 10721] close(3) = 0 [pid 10721] close(4 [pid 10718] <... mount resumed>) = 0 [pid 10718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10718] chdir("./file0") = 0 [pid 10718] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10718] ioctl(4, LOOP_CLR_FD) = 0 [pid 10718] close(4) = 0 [pid 10718] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10717] <... futex resumed>) = 0 [pid 10717] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10717] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10718] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10718] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10717] <... futex resumed>) = 0 [pid 10718] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10717] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10718] <... write resumed>) = 16 [pid 10717] <... futex resumed>) = 0 [pid 10718] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10717] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10718] <... futex resumed>) = 0 [pid 10717] <... futex resumed>) = 0 [pid 10718] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10717] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10717] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10717] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10726]}, 88) = 10726 [pid 10717] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10717] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10717] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10726 attached [pid 10723] <... close resumed>) = 0 [pid 10726] set_robust_list(0x7fe45c3c99a0, 24 [pid 10723] mkdir("./file0", 0777 [pid 10726] <... set_robust_list resumed>) = 0 [pid 10726] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10723] <... mkdir resumed>) = 0 [pid 10726] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10723] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10715] <... mount resumed>) = 0 [pid 10726] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10717] <... futex resumed>) = 0 [pid 10726] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10717] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10718] <... futex resumed>) = 0 [pid 10717] <... futex resumed>) = 1 [pid 10715] <... openat resumed>) = 3 [pid 10718] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10717] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10715] chdir("./file0" [pid 10718] <... mmap resumed>) = 0x20000000 [pid 10715] <... chdir resumed>) = 0 [pid 10718] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10715] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10718] <... futex resumed>) = 1 [pid 10717] <... futex resumed>) = 0 [pid 10718] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10717] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10715] <... openat resumed>) = 4 [pid 10718] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 148.556846][T10718] loop3: detected capacity change from 0 to 2048 [ 148.587358][T10723] loop4: detected capacity change from 0 to 2048 [ 148.593162][T10722] loop1: detected capacity change from 0 to 2048 [ 148.594982][T10721] loop2: detected capacity change from 0 to 2048 [pid 10717] <... futex resumed>) = 0 [pid 10715] ioctl(4, LOOP_CLR_FD) = 0 [pid 10715] close(4) = 0 [pid 10715] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10714] <... futex resumed>) = 0 [pid 10715] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10714] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10714] <... futex resumed>) = 0 [pid 10715] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10714] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10715] <... openat resumed>) = 4 [pid 10715] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10714] <... futex resumed>) = 0 [pid 10715] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10714] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10714] <... futex resumed>) = 0 [pid 10715] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10714] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10715] <... write resumed>) = 16 [pid 10714] <... futex resumed>) = 0 [pid 10715] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10715] <... futex resumed>) = 0 [pid 10714] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10715] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10714] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10714] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10714] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10729]}, 88) = 10729 [pid 10714] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10714] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10714] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10729 attached [pid 10729] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10729] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10729] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10729] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10714] <... futex resumed>) = 0 [pid 10714] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10715] <... futex resumed>) = 0 [pid 10714] <... futex resumed>) = 1 [pid 10715] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10714] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10715] <... mmap resumed>) = 0x20000000 [pid 10715] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10714] <... futex resumed>) = 0 [pid 10715] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10714] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10715] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10714] <... futex resumed>) = 0 [pid 10729] <... futex resumed>) = 1 [pid 10722] <... close resumed>) = 0 [pid 10721] <... close resumed>) = 0 [pid 10717] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10722] mkdir("./file0", 0777 [pid 10721] mkdir("./file0", 0777 [pid 10722] <... mkdir resumed>) = 0 [pid 10721] <... mkdir resumed>) = 0 [pid 10722] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10721] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10729] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10718] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10718] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10718] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10717] <... futex resumed>) = 0 [pid 10718] <... futex resumed>) = 1 [pid 10717] exit_group(0 [pid 10726] <... futex resumed>) = ? [pid 10717] <... exit_group resumed>) = ? [pid 10726] +++ exited with 0 +++ [pid 10718] +++ exited with 0 +++ [pid 10717] +++ exited with 0 +++ [pid 10715] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10714] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10715] sendfile(-1, -1, [0] [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10717, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 10715] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10715] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10714] <... futex resumed>) = 0 [pid 298] umount2("./416", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10715] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10714] exit_group(0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10729] <... futex resumed>) = ? [pid 10715] <... futex resumed>) = ? [pid 10714] <... exit_group resumed>) = ? [pid 298] openat(AT_FDCWD, "./416", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10729] +++ exited with 0 +++ [pid 10715] +++ exited with 0 +++ [pid 10714] +++ exited with 0 +++ [pid 298] <... openat resumed>) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10714, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] getdents64(3, [pid 295] umount2("./415", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./416/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] openat(AT_FDCWD, "./415", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... openat resumed>) = 3 [pid 298] newfstatat(AT_FDCWD, "./416/binderfs", [pid 295] newfstatat(3, "", [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] unlink("./416/binderfs" [pid 295] getdents64(3, [pid 298] <... unlink resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10723] <... mount resumed>) = 0 [pid 298] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./415/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10723] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10723] chdir("./file0") = 0 [pid 10723] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10721] <... mount resumed>) = 0 [pid 10723] <... openat resumed>) = 4 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10723] ioctl(4, LOOP_CLR_FD) = 0 [pid 295] newfstatat(AT_FDCWD, "./415/binderfs", [pid 10723] close(4) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10723] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10720] <... futex resumed>) = 0 [pid 10723] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10720] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10720] <... futex resumed>) = 0 [pid 10723] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10720] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10722] <... mount resumed>) = 0 [pid 295] unlink("./415/binderfs" [pid 10723] <... openat resumed>) = 4 [pid 10721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10722] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10723] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10721] <... openat resumed>) = 3 [pid 295] <... unlink resumed>) = 0 [pid 10722] <... openat resumed>) = 3 [pid 10723] <... futex resumed>) = 1 [pid 10722] chdir("./file0" [pid 10721] chdir("./file0" [pid 10720] <... futex resumed>) = 0 [pid 295] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10723] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10722] <... chdir resumed>) = 0 [pid 10721] <... chdir resumed>) = 0 [pid 10720] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10722] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10723] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10722] <... openat resumed>) = 4 [pid 10720] <... futex resumed>) = 0 [pid 10722] ioctl(4, LOOP_CLR_FD) = 0 [pid 10723] <... write resumed>) = 16 [pid 10722] close(4 [pid 10721] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10720] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10723] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10722] <... close resumed>) = 0 [pid 10723] <... futex resumed>) = 0 [pid 10722] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10721] <... openat resumed>) = 4 [pid 10720] <... futex resumed>) = 0 [pid 10723] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10722] <... futex resumed>) = 1 [pid 10719] <... futex resumed>) = 0 [pid 10722] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10721] ioctl(4, LOOP_CLR_FD [pid 10720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10719] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10722] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10719] <... futex resumed>) = 0 [pid 10722] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10719] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10720] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10720] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10722] <... openat resumed>) = 4 [pid 10720] <... mprotect resumed>) = 0 [pid 10722] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10721] <... ioctl resumed>) = 0 [pid 10722] <... futex resumed>) = 1 [pid 10721] close(4 [pid 10720] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10719] <... futex resumed>) = 0 [pid 10722] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10721] <... close resumed>) = 0 [pid 10720] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10719] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10722] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10720] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10719] <... futex resumed>) = 0 [pid 10722] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10721] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10722] <... write resumed>) = 16 [pid 10721] <... futex resumed>) = 1 [pid 10719] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10716] <... futex resumed>) = 0 [pid 10722] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10720] <... clone3 resumed> => {parent_tid=[10736]}, 88) = 10736 [pid 10719] <... futex resumed>) = 0 [pid 10722] <... futex resumed>) = 0 [pid 10721] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10716] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10722] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10720] rt_sigprocmask(SIG_SETMASK, [], [pid 10719] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10716] <... futex resumed>) = 0 [pid 10720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10719] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10716] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10736 attached [pid 10736] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10736] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10721] <... openat resumed>) = 4 [pid 10721] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10721] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10720] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10719] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10716] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10720] <... futex resumed>) = 1 [pid 10719] <... mprotect resumed>) = 0 [pid 10716] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10720] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10719] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10716] <... futex resumed>) = 0 [pid 10721] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10719] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10716] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10719] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10716] <... futex resumed>) = 0 [pid 10716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10719] <... clone3 resumed> => {parent_tid=[10737]}, 88) = 10737 [pid 10716] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10719] rt_sigprocmask(SIG_SETMASK, [], [pid 10716] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10719] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10716] <... mprotect resumed>) = 0 [pid 10719] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10716] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10721] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10719] <... futex resumed>) = 0 [pid 10716] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10721] <... write resumed>) = 16 [pid 10719] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10721] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10716] <... clone3 resumed> => {parent_tid=[10738]}, 88) = 10738 [pid 10721] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10716] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10716] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10716] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10737 attached ./strace-static-x86_64: Process 10738 attached [pid 10738] set_robust_list(0x7fe45c3c99a0, 24 [pid 10737] set_robust_list(0x7fe45c3c99a0, 24 [pid 10738] <... set_robust_list resumed>) = 0 [pid 10737] <... set_robust_list resumed>) = 0 [pid 10738] rt_sigprocmask(SIG_SETMASK, [], [pid 10737] rt_sigprocmask(SIG_SETMASK, [], [pid 10738] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10737] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10738] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10737] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10738] <... write resumed>) = 16 [pid 10736] <... futex resumed>) = 0 [pid 10738] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10716] <... futex resumed>) = 0 [pid 10737] <... write resumed>) = 16 [pid 10716] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10721] <... futex resumed>) = 0 [pid 10716] <... futex resumed>) = 1 [pid 10721] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10716] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10737] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10736] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10721] <... mmap resumed>) = 0x20000000 [pid 10721] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10716] <... futex resumed>) = 0 [pid 10721] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10716] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10721] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10716] <... futex resumed>) = 0 [pid 10738] <... futex resumed>) = 1 [pid 10737] <... futex resumed>) = 1 [pid 10736] <... write resumed>) = 16 [pid 10719] <... futex resumed>) = 0 [pid 10736] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 148.627463][T10718] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 148.641709][T10715] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10736] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10737] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10738] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10716] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10719] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10719] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10720] <... futex resumed>) = 0 [pid 10720] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10720] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10722] <... futex resumed>) = 0 [pid 10722] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10722] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10719] <... futex resumed>) = 0 [pid 10722] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10719] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10722] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10719] <... futex resumed>) = 0 [pid 10723] <... futex resumed>) = 0 [pid 10723] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10723] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10720] <... futex resumed>) = 0 [pid 10723] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10720] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10720] <... futex resumed>) = 0 [pid 10719] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10722] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10721] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10722] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10721] sendfile(-1, -1, [0] [pid 10722] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10721] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10719] <... futex resumed>) = 0 [pid 10722] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10721] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10719] exit_group(0 [pid 10737] <... futex resumed>) = ? [pid 10722] <... futex resumed>) = ? [pid 10721] <... futex resumed>) = 1 [pid 10719] <... exit_group resumed>) = ? [pid 10716] <... futex resumed>) = 0 [pid 10737] +++ exited with 0 +++ [pid 10722] +++ exited with 0 +++ [pid 10721] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10719] +++ exited with 0 +++ [pid 10716] exit_group(0 [pid 10738] <... futex resumed>) = ? [pid 10721] <... futex resumed>) = ? [pid 10716] <... exit_group resumed>) = ? [pid 10738] +++ exited with 0 +++ [pid 10721] +++ exited with 0 +++ [pid 10716] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10719, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10716, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./416", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] umount2("./416", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] openat(AT_FDCWD, "./416", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... openat resumed>) = 3 [pid 296] openat(AT_FDCWD, "./416", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] newfstatat(3, "", [pid 296] <... openat resumed>) = 3 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] newfstatat(3, "", [pid 297] getdents64(3, [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] getdents64(3, [pid 297] umount2("./416/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./416/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./416/binderfs", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] newfstatat(AT_FDCWD, "./416/binderfs", [pid 297] unlink("./416/binderfs" [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... unlink resumed>) = 0 [pid 296] unlink("./416/binderfs" [pid 297] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... unlink resumed>) = 0 [pid 296] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10720] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 298] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10723] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10723] sendfile(-1, -1, [0] [pid 298] newfstatat(AT_FDCWD, "./416/file0", [pid 295] newfstatat(AT_FDCWD, "./415/file0", [pid 10723] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10723] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10723] <... futex resumed>) = 1 [pid 10720] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10723] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10720] exit_group(0 [pid 298] openat(AT_FDCWD, "./416/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] openat(AT_FDCWD, "./415/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10736] <... futex resumed>) = ? [pid 10723] <... futex resumed>) = ? [pid 10720] <... exit_group resumed>) = ? [pid 298] <... openat resumed>) = 4 [pid 295] <... openat resumed>) = 4 [pid 10736] +++ exited with 0 +++ [pid 10723] +++ exited with 0 +++ [pid 10720] +++ exited with 0 +++ [pid 298] newfstatat(4, "", [pid 295] newfstatat(4, "", [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10720, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 295] getdents64(4, [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, [pid 295] getdents64(4, [pid 299] umount2("./411", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] close(4 [pid 295] close(4 [pid 299] openat(AT_FDCWD, "./411", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 298] rmdir("./416/file0" [pid 295] rmdir("./415/file0" [pid 298] <... rmdir resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 298] getdents64(3, [pid 295] getdents64(3, [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3 [pid 295] close(3 [pid 298] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 298] rmdir("./416" [pid 295] rmdir("./415" [pid 299] <... openat resumed>) = 3 [pid 298] <... rmdir resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 299] newfstatat(3, "", [pid 298] mkdir("./417", 0777 [pid 295] mkdir("./416", 0777 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 299] getdents64(3, [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] <... openat resumed>) = 3 [pid 299] umount2("./411/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] ioctl(3, LOOP_CLR_FD [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] newfstatat(AT_FDCWD, "./411/binderfs", [pid 298] close(3 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... close resumed>) = 0 [pid 299] unlink("./411/binderfs" [pid 295] close(3 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... unlink resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 299] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10739 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10740 [ 148.695291][T10721] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 148.698920][T10722] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 148.710854][T10723] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 297] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 297] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./416/file0", ./strace-static-x86_64: Process 10740 attached ./strace-static-x86_64: Process 10739 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(AT_FDCWD, "./416/file0", [pid 10740] set_robust_list(0x5555557b6760, 24 [pid 10739] set_robust_list(0x5555557b6760, 24 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10740] <... set_robust_list resumed>) = 0 [pid 10739] <... set_robust_list resumed>) = 0 [pid 297] openat(AT_FDCWD, "./416/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10740] chdir("./416" [pid 10739] chdir("./417" [pid 297] <... openat resumed>) = 4 [pid 296] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10740] <... chdir resumed>) = 0 [pid 10739] <... chdir resumed>) = 0 [pid 297] newfstatat(4, "", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10740] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10739] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] openat(AT_FDCWD, "./416/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10740] <... prctl resumed>) = 0 [pid 10739] <... prctl resumed>) = 0 [pid 297] getdents64(4, [pid 10740] setpgid(0, 0 [pid 10739] setpgid(0, 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] <... openat resumed>) = 4 [pid 10740] <... setpgid resumed>) = 0 [pid 10739] <... setpgid resumed>) = 0 [pid 297] getdents64(4, [pid 296] newfstatat(4, "", [pid 10740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10740] <... openat resumed>) = 3 [pid 10739] <... openat resumed>) = 3 [pid 297] close(4 [pid 296] getdents64(4, [pid 10740] write(3, "1000", 4 [pid 10739] write(3, "1000", 4 [pid 297] <... close resumed>) = 0 [pid 297] rmdir("./416/file0" [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] <... rmdir resumed>) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./416" [pid 10740] <... write resumed>) = 4 [pid 10739] <... write resumed>) = 4 [pid 297] <... rmdir resumed>) = 0 [pid 296] getdents64(4, [pid 297] mkdir("./417", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10740] close(3 [pid 10739] close(3 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10740] <... close resumed>) = 0 [pid 10739] <... close resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10741 [pid 296] close(4 [pid 10740] symlink("/dev/binderfs", "./binderfs" [pid 10739] symlink("/dev/binderfs", "./binderfs" [pid 296] <... close resumed>) = 0 [pid 10740] <... symlink resumed>) = 0 [pid 10740] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10739] <... symlink resumed>) = 0 [pid 296] rmdir("./416/file0" [pid 10740] <... futex resumed>) = 0 [pid 10739] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10741 attached [pid 296] <... rmdir resumed>) = 0 [pid 10740] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10739] <... futex resumed>) = 0 [pid 296] getdents64(3, [pid 10740] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10739] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10740] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10739] <... rt_sigaction resumed>NULL, 8) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10740] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10739] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 296] close(3 [pid 10740] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10739] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10740] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] <... close resumed>) = 0 [pid 10740] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10739] <... mmap resumed>) = 0x7fe45c3ca000 [pid 296] rmdir("./416" [pid 10740] <... mprotect resumed>) = 0 [pid 10739] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10741] set_robust_list(0x5555557b6760, 24 [pid 10740] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10739] <... mprotect resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 10740] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10740] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10739] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] mkdir("./417", 0777 [pid 10741] <... set_robust_list resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 10740] <... clone3 resumed> => {parent_tid=[10742]}, 88) = 10742 [pid 10739] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10740] rt_sigprocmask(SIG_SETMASK, [], [pid 10739] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10740] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] <... openat resumed>) = 3 [pid 10740] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] ioctl(3, LOOP_CLR_FD [pid 10740] <... futex resumed>) = 0 [pid 10739] <... clone3 resumed> => {parent_tid=[10743]}, 88) = 10743 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10740] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10739] rt_sigprocmask(SIG_SETMASK, [], [pid 296] close(3 [pid 10739] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] <... close resumed>) = 0 [pid 10739] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10739] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10742 attached [pid 10739] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10744 [pid 10742] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10741] chdir("./417") = 0 [pid 10742] <... set_robust_list resumed>) = 0 [pid 10742] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10742] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10742] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10742] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10740] <... futex resumed>) = 0 [pid 10741] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10740] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10741] <... prctl resumed>) = 0 [pid 10740] <... futex resumed>) = 0 [pid 10742] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10742] memfd_create("syzkaller", 0) = 3 [pid 10742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10741] setpgid(0, 0 [pid 10740] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10741] <... setpgid resumed>) = 0 [pid 10741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10741] write(3, "1000", 4) = 4 [pid 10741] close(3) = 0 [pid 10741] symlink("/dev/binderfs", "./binderfs" [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10741] <... symlink resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10742] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10741] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(AT_FDCWD, "./411/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10741] <... futex resumed>) = 0 [pid 10741] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 299] umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10741] <... rt_sigaction resumed>NULL, 8) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./411/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10741] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 299] <... openat resumed>) = 4 [pid 10741] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] newfstatat(4, "", [pid 10741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, [pid 10741] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10741] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, [pid 10741] <... mprotect resumed>) = 0 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4 [pid 10741] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 10744 attached [], 8) = 0 [pid 299] <... close resumed>) = 0 [pid 10741] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 299] rmdir("./411/file0" [pid 10744] set_robust_list(0x5555557b6760, 24 [pid 299] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 10743 attached [pid 10744] <... set_robust_list resumed>) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./411" [pid 10741] <... clone3 resumed> => {parent_tid=[10746]}, 88) = 10746 [pid 299] <... rmdir resumed>) = 0 [pid 10744] chdir("./417" [pid 10743] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10741] rt_sigprocmask(SIG_SETMASK, [], [pid 299] mkdir("./412", 0777 [pid 10744] <... chdir resumed>) = 0 [pid 10743] <... set_robust_list resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 10741] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10744] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10743] rt_sigprocmask(SIG_SETMASK, [], [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10744] <... prctl resumed>) = 0 [pid 10743] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10741] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 3 [pid 10744] setpgid(0, 0 [pid 10743] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10741] <... futex resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 10744] <... setpgid resumed>) = 0 [pid 10743] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10741] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10743] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] close(3 [pid 10744] <... openat resumed>) = 3 [pid 10743] <... futex resumed>) = 1 [pid 10739] <... futex resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 10739] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10739] <... futex resumed>) = 0 [pid 10739] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10744] write(3, "1000", 4 [pid 10743] memfd_create("syzkaller", 0 [pid 10744] <... write resumed>) = 4 [pid 10743] <... memfd_create resumed>) = 3 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10747 [pid 10744] close(3 [pid 10743] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10744] <... close resumed>) = 0 [pid 10743] <... mmap resumed>) = 0x7fe453fca000 [pid 10744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10744] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10744] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, ./strace-static-x86_64: Process 10746 attached NULL, 8) = 0 [pid 10746] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10744] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10746] <... set_robust_list resumed>) = 0 [pid 10744] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10746] rt_sigprocmask(SIG_SETMASK, [], [pid 10744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10746] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10744] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10746] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10744] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10746] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10744] <... mprotect resumed>) = 0 [pid 10746] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10744] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10741] <... futex resumed>) = 0 [pid 10746] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10744] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10741] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10746] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10744] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10741] <... futex resumed>) = 0 [pid 10746] memfd_create("syzkaller", 0 [pid 10741] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10746] <... memfd_create resumed>) = 3 [pid 10744] <... clone3 resumed> => {parent_tid=[10748]}, 88) = 10748 [pid 10746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10744] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 10748 attached ./strace-static-x86_64: Process 10747 attached [pid 10746] <... mmap resumed>) = 0x7fe453fca000 [pid 10744] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10743] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10742] <... write resumed>) = 1048576 [pid 10748] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10748] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10747] set_robust_list(0x5555557b6760, 24) = 0 [pid 10747] chdir("./412") = 0 [pid 10747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10747] setpgid(0, 0) = 0 [pid 10747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10747] write(3, "1000", 4) = 4 [pid 10747] close(3 [pid 10744] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10747] <... close resumed>) = 0 [pid 10747] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10747] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10747] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10747] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10747] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10747] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10743] <... write resumed>) = 1048576 [pid 10748] <... futex resumed>) = 0 [pid 10744] <... futex resumed>) = 1 [pid 10748] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10747] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10744] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10748] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10747] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10748] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10743] munmap(0x7fe453fca000, 138412032./strace-static-x86_64: Process 10749 attached [pid 10748] <... futex resumed>) = 1 [pid 10746] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10744] <... futex resumed>) = 0 [pid 10742] munmap(0x7fe453fca000, 138412032 [pid 10748] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10747] <... clone3 resumed> => {parent_tid=[10749]}, 88) = 10749 [pid 10744] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10743] <... munmap resumed>) = 0 [pid 10748] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10747] rt_sigprocmask(SIG_SETMASK, [], [pid 10744] <... futex resumed>) = 0 [pid 10743] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10748] memfd_create("syzkaller", 0 [pid 10747] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10744] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10748] <... memfd_create resumed>) = 3 [pid 10747] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10743] <... openat resumed>) = 4 [pid 10748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10747] <... futex resumed>) = 0 [pid 10743] ioctl(4, LOOP_SET_FD, 3 [pid 10748] <... mmap resumed>) = 0x7fe453fca000 [pid 10747] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10742] <... munmap resumed>) = 0 [pid 10748] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10742] ioctl(4, LOOP_SET_FD, 3 [pid 10748] <... write resumed>) = 1048576 [pid 10748] munmap(0x7fe453fca000, 138412032) = 0 [pid 10748] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10748] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10748] close(3) = 0 [pid 10748] close(4 [pid 10749] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10749] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10749] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10749] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10747] <... futex resumed>) = 0 [pid 10747] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10747] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10749] <... futex resumed>) = 1 [pid 10749] memfd_create("syzkaller", 0) = 3 [pid 10749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10746] <... write resumed>) = 1048576 [pid 10743] <... ioctl resumed>) = 0 [pid 10742] <... ioctl resumed>) = 0 [pid 10746] munmap(0x7fe453fca000, 138412032) = 0 [pid 10743] close(3 [pid 10746] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10742] close(3 [pid 10746] <... openat resumed>) = 4 [pid 10743] <... close resumed>) = 0 [pid 10746] ioctl(4, LOOP_SET_FD, 3 [pid 10749] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10746] <... ioctl resumed>) = 0 [pid 10743] close(4 [pid 10742] <... close resumed>) = 0 [pid 10746] close(3 [pid 10742] close(4 [pid 10746] <... close resumed>) = 0 [pid 10746] close(4 [pid 10749] <... write resumed>) = 1048576 [pid 10749] munmap(0x7fe453fca000, 138412032) = 0 [pid 10748] <... close resumed>) = 0 [pid 10748] mkdir("./file0", 0777 [pid 10749] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10749] ioctl(4, LOOP_SET_FD, 3 [pid 10748] <... mkdir resumed>) = 0 [pid 10748] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10749] <... ioctl resumed>) = 0 [pid 10749] close(3) = 0 [pid 10749] close(4 [pid 10746] <... close resumed>) = 0 [pid 10746] mkdir("./file0", 0777) = 0 [pid 10746] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10743] <... close resumed>) = 0 [pid 10742] <... close resumed>) = 0 [pid 10742] mkdir("./file0", 0777 [pid 10743] mkdir("./file0", 0777 [pid 10742] <... mkdir resumed>) = 0 [pid 10742] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10743] <... mkdir resumed>) = 0 [pid 10743] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10749] <... close resumed>) = 0 [pid 10746] <... mount resumed>) = 0 [pid 10746] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10746] chdir("./file0") = 0 [pid 10746] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10746] ioctl(4, LOOP_CLR_FD) = 0 [pid 10746] close(4) = 0 [pid 10746] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10741] <... futex resumed>) = 0 [pid 10741] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10741] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10746] <... futex resumed>) = 1 [pid 10746] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10749] mkdir("./file0", 0777) = 0 [pid 10749] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10746] <... openat resumed>) = 4 [pid 10746] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10741] <... futex resumed>) = 0 [pid 10741] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10746] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10741] <... futex resumed>) = 0 [pid 10741] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10746] <... write resumed>) = 16 [pid 10741] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10746] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10741] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10741] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10741] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10752 attached [pid 10752] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10741] <... clone3 resumed> => {parent_tid=[10752]}, 88) = 10752 [pid 10741] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10741] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10752] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10741] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10752] <... write resumed>) = 16 [pid 10752] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10741] <... futex resumed>) = 0 [pid 10741] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10741] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10752] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10746] <... futex resumed>) = 1 [pid 10741] <... futex resumed>) = 0 [pid 10746] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10741] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=47000000} [pid 10746] <... mmap resumed>) = 0x20000000 [ 148.838543][T10743] loop3: detected capacity change from 0 to 2048 [ 148.846047][T10742] loop0: detected capacity change from 0 to 2048 [ 148.852353][T10748] loop1: detected capacity change from 0 to 2048 [ 148.863233][T10746] loop2: detected capacity change from 0 to 2048 [ 148.872848][T10749] loop4: detected capacity change from 0 to 2048 [pid 10746] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10741] <... futex resumed>) = 0 [pid 10748] <... mount resumed>) = 0 [pid 10741] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10748] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10748] chdir("./file0") = 0 [pid 10748] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10748] ioctl(4, LOOP_CLR_FD) = 0 [pid 10748] close(4) = 0 [pid 10748] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10744] <... futex resumed>) = 0 [pid 10744] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10744] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10748] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10741] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10748] <... openat resumed>) = 4 [pid 10748] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10744] <... futex resumed>) = 0 [pid 10744] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10744] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10744] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10744] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10744] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10759]}, 88) = 10759 [pid 10744] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10744] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10744] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10748] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10748] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10748] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10746] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10746] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10746] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10741] <... futex resumed>) = 0 [pid 10741] exit_group(0 [pid 10752] <... futex resumed>) = ? [pid 10741] <... exit_group resumed>) = ? [pid 10752] +++ exited with 0 +++ [pid 10746] <... futex resumed>) = ? [pid 10746] +++ exited with 0 +++ [pid 10741] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10741, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./417", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10742] <... mount resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./417", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", [pid 10749] <... mount resumed>) = 0 [pid 10742] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10749] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10742] <... openat resumed>) = 3 [pid 297] getdents64(3, [pid 10749] <... openat resumed>) = 3 [pid 10742] chdir("./file0" [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10749] chdir("./file0" [pid 10742] <... chdir resumed>) = 0 [pid 297] umount2("./417/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10749] <... chdir resumed>) = 0 [pid 10742] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 10759 attached [pid 10749] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10742] <... openat resumed>) = 4 [pid 297] newfstatat(AT_FDCWD, "./417/binderfs", [pid 10759] set_robust_list(0x7fe45c3c99a0, 24 [pid 10749] <... openat resumed>) = 4 [pid 10742] ioctl(4, LOOP_CLR_FD [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10759] <... set_robust_list resumed>) = 0 [pid 10749] ioctl(4, LOOP_CLR_FD [pid 10742] <... ioctl resumed>) = 0 [pid 297] unlink("./417/binderfs" [pid 10759] rt_sigprocmask(SIG_SETMASK, [], [pid 10749] <... ioctl resumed>) = 0 [pid 10742] close(4 [pid 297] <... unlink resumed>) = 0 [pid 10759] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10749] close(4 [pid 10742] <... close resumed>) = 0 [pid 297] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10759] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10749] <... close resumed>) = 0 [pid 10742] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10749] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10742] <... futex resumed>) = 1 [pid 10740] <... futex resumed>) = 0 [pid 10759] <... write resumed>) = 16 [pid 10749] <... futex resumed>) = 1 [pid 10740] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10747] <... futex resumed>) = 0 [pid 10742] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10749] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10747] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10740] <... futex resumed>) = 0 [pid 10759] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10749] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10747] <... futex resumed>) = 0 [pid 10740] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10759] <... futex resumed>) = 1 [pid 10749] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10747] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10744] <... futex resumed>) = 0 [pid 10759] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10744] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10748] <... futex resumed>) = 0 [pid 10744] <... futex resumed>) = 1 [pid 10749] <... openat resumed>) = 4 [pid 10748] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10744] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10742] <... openat resumed>) = 4 [pid 10749] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10748] <... mmap resumed>) = 0x20000000 [pid 10742] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10749] <... futex resumed>) = 1 [pid 10748] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10747] <... futex resumed>) = 0 [pid 10742] <... futex resumed>) = 1 [pid 10749] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10748] <... futex resumed>) = 1 [pid 10747] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10744] <... futex resumed>) = 0 [pid 10742] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10740] <... futex resumed>) = 0 [pid 10749] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10748] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10747] <... futex resumed>) = 0 [pid 10744] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10749] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10748] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 148.914620][T10746] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10747] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10744] <... futex resumed>) = 0 [pid 10740] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10749] <... write resumed>) = 16 [pid 10748] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10747] <... futex resumed>) = 0 [pid 10744] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10742] <... futex resumed>) = 0 [pid 10740] <... futex resumed>) = 1 [pid 10749] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10748] sendfile(-1, -1, [0] [pid 10747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10742] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10740] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10749] <... futex resumed>) = 0 [pid 10748] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10747] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10742] <... write resumed>) = 16 [pid 10740] <... futex resumed>) = 0 [pid 10749] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10748] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10747] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10743] <... mount resumed>) = 0 [pid 10742] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10740] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10748] <... futex resumed>) = 1 [pid 10747] <... mprotect resumed>) = 0 [pid 10744] <... futex resumed>) = 0 [pid 10743] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10742] <... futex resumed>) = 0 [pid 10740] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10748] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10747] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10744] exit_group(0 [pid 10743] <... openat resumed>) = 3 [pid 10742] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10740] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10759] <... futex resumed>) = ? [pid 10748] <... futex resumed>) = ? [pid 10747] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10744] <... exit_group resumed>) = ? [pid 10743] chdir("./file0" [pid 10740] <... mprotect resumed>) = 0 [pid 10759] +++ exited with 0 +++ [pid 10748] +++ exited with 0 +++ [pid 10747] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10744] +++ exited with 0 +++ [pid 10743] <... chdir resumed>) = 0 [pid 10740] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10743] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10740] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10744, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 10747] <... clone3 resumed> => {parent_tid=[10762]}, 88) = 10762 [pid 10743] <... openat resumed>) = 4 [pid 10740] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 10747] rt_sigprocmask(SIG_SETMASK, [], [pid 10743] ioctl(4, LOOP_CLR_FD [pid 10747] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10743] <... ioctl resumed>) = 0 [pid 10740] <... clone3 resumed> => {parent_tid=[10763]}, 88) = 10763 [pid 296] <... restart_syscall resumed>) = 0 [pid 10747] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10743] close(4 [pid 10740] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 10763 attached ./strace-static-x86_64: Process 10762 attached [pid 10747] <... futex resumed>) = 0 [pid 10743] <... close resumed>) = 0 [pid 10740] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10763] set_robust_list(0x7fe45c3c99a0, 24 [pid 10762] set_robust_list(0x7fe45c3c99a0, 24 [pid 10747] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10743] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10740] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./417", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10763] <... set_robust_list resumed>) = 0 [pid 10762] <... set_robust_list resumed>) = 0 [pid 10763] rt_sigprocmask(SIG_SETMASK, [], [pid 10762] rt_sigprocmask(SIG_SETMASK, [], [pid 10763] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10762] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10763] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10762] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10763] <... write resumed>) = 16 [pid 10762] <... write resumed>) = 16 [pid 10743] <... futex resumed>) = 1 [pid 10740] <... futex resumed>) = 0 [pid 10739] <... futex resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10763] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10762] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10743] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10740] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10739] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] openat(AT_FDCWD, "./417", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10763] <... futex resumed>) = 0 [pid 10762] <... futex resumed>) = 1 [pid 10747] <... futex resumed>) = 0 [pid 10743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10740] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10739] <... futex resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 10763] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10762] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10747] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10743] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10740] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10739] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] newfstatat(3, "", [pid 10749] <... futex resumed>) = 0 [pid 10747] <... futex resumed>) = 1 [pid 10742] <... futex resumed>) = 0 [pid 10740] <... futex resumed>) = 1 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10749] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10747] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10743] <... openat resumed>) = 4 [pid 10742] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10740] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] getdents64(3, [pid 10749] <... mmap resumed>) = 0x20000000 [pid 10743] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10742] <... mmap resumed>) = 0x20000000 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10749] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10742] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./417/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10749] <... futex resumed>) = 1 [pid 10747] <... futex resumed>) = 0 [pid 10743] <... futex resumed>) = 1 [pid 10742] <... futex resumed>) = 1 [pid 10740] <... futex resumed>) = 0 [pid 10739] <... futex resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10749] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10747] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10743] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10742] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10740] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10739] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] newfstatat(AT_FDCWD, "./417/binderfs", [pid 10749] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 148.950554][T10748] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10747] <... futex resumed>) = 0 [pid 10743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10742] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10740] <... futex resumed>) = 0 [pid 10739] <... futex resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10743] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10739] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10743] <... write resumed>) = 16 [pid 10739] <... futex resumed>) = 0 [pid 10743] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10743] <... futex resumed>) = 0 [pid 10739] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10743] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10739] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10739] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10739] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10764]}, 88) = 10764 [pid 10739] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10739] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10739] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10764 attached [pid 10764] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10764] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10764] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10764] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10739] <... futex resumed>) = 0 [pid 10739] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10743] <... futex resumed>) = 0 [pid 10739] <... futex resumed>) = 1 [pid 10743] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10739] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10743] <... mmap resumed>) = 0x20000000 [pid 10743] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10739] <... futex resumed>) = 0 [pid 10743] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10739] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10739] <... futex resumed>) = 0 [pid 10747] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10739] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10764] <... futex resumed>) = 1 [pid 10764] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10743] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10743] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10743] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10739] <... futex resumed>) = 0 [pid 10739] exit_group(0 [pid 10764] <... futex resumed>) = ? [pid 10739] <... exit_group resumed>) = ? [pid 10764] +++ exited with 0 +++ [pid 10743] <... futex resumed>) = ? [pid 10743] +++ exited with 0 +++ [pid 10739] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10739, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./417", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./417", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./417/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./417/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./417/binderfs") = 0 [pid 298] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10749] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10749] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10749] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10749] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10740] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] unlink("./417/binderfs") = 0 [pid 296] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10747] exit_group(0 [pid 10762] <... futex resumed>) = ? [pid 10747] <... exit_group resumed>) = ? [pid 10762] +++ exited with 0 +++ [pid 10749] <... futex resumed>) = ? [pid 10749] +++ exited with 0 +++ [pid 10747] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10747, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] umount2("./412", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./412", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./412/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./412/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./412/binderfs") = 0 [pid 299] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10742] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10742] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 297] <... umount2 resumed>) = 0 [pid 10742] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10740] <... futex resumed>) = 0 [pid 10740] exit_group(0 [pid 10763] <... futex resumed>) = ? [pid 10740] <... exit_group resumed>) = ? [pid 10763] +++ exited with 0 +++ [pid 10742] <... futex resumed>) = ? [pid 10742] +++ exited with 0 +++ [pid 10740] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10740, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./416", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./416", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./416/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./416/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./416/binderfs") = 0 [pid 295] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./417/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./417/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./417/file0") = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./417") = 0 [pid 297] mkdir("./418", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10765 ./strace-static-x86_64: Process 10765 attached [pid 10765] set_robust_list(0x5555557b6760, 24) = 0 [pid 10765] chdir("./418") = 0 [pid 10765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10765] setpgid(0, 0) = 0 [pid 10765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10765] write(3, "1000", 4) = 4 [pid 10765] close(3) = 0 [pid 10765] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10765] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10765] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10765] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10765] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10765] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10765] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10766]}, 88) = 10766 [pid 10765] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10765] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10765] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10766 attached [pid 10766] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10766] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10766] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10766] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10765] <... futex resumed>) = 0 [pid 10765] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10765] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10766] <... futex resumed>) = 1 [pid 10766] memfd_create("syzkaller", 0) = 3 [pid 10766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10766] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10766] munmap(0x7fe453fca000, 138412032) = 0 [pid 10766] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 296] <... umount2 resumed>) = 0 [pid 10766] ioctl(4, LOOP_SET_FD, 3 [pid 298] <... umount2 resumed>) = 0 [pid 296] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 148.997314][T10749] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 149.008990][T10743] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 149.012066][T10742] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 296] newfstatat(AT_FDCWD, "./417/file0", [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./417/file0", [pid 299] newfstatat(AT_FDCWD, "./412/file0", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./412/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] openat(AT_FDCWD, "./417/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... openat resumed>) = 4 [pid 298] <... openat resumed>) = 4 [pid 298] newfstatat(4, "", [pid 299] newfstatat(4, "", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 299] getdents64(4, [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4 [pid 298] getdents64(4, [pid 299] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4 [pid 299] rmdir("./412/file0" [pid 298] <... close resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 298] rmdir("./417/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 299] close(3) = 0 [pid 298] rmdir("./417" [pid 299] rmdir("./412") = 0 [pid 298] <... rmdir resumed>) = 0 [pid 299] mkdir("./413", 0777 [pid 298] mkdir("./418", 0777) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 10766] <... ioctl resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] newfstatat(AT_FDCWD, "./416/file0", [pid 296] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] openat(AT_FDCWD, "./417/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... openat resumed>) = 4 [pid 295] openat(AT_FDCWD, "./416/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", [pid 295] newfstatat(4, "", [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, [pid 295] getdents64(4, [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, [pid 295] getdents64(4, [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4 [pid 295] close(4) = 0 [pid 296] <... close resumed>) = 0 [pid 296] rmdir("./417/file0" [pid 295] rmdir("./416/file0" [pid 296] <... rmdir resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 296] getdents64(3, [pid 295] getdents64(3, [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3 [pid 10766] close(3 [pid 299] <... openat resumed>) = 3 [pid 298] <... openat resumed>) = 3 [pid 296] <... close resumed>) = 0 [pid 295] close(3) = 0 [pid 296] rmdir("./417" [pid 298] ioctl(3, LOOP_CLR_FD [pid 295] rmdir("./416" [pid 296] <... rmdir resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 296] mkdir("./418", 0777 [pid 295] mkdir("./417", 0777 [pid 10766] <... close resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... mkdir resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 10766] close(4 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 296] <... openat resumed>) = 3 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 296] ioctl(3, LOOP_CLR_FD [pid 295] <... openat resumed>) = 3 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] ioctl(3, LOOP_CLR_FD [pid 296] close(3 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... close resumed>) = 0 [pid 295] close(3 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... close resumed>) = 0 [pid 299] close(3 [pid 298] <... close resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10767 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10768 ./strace-static-x86_64: Process 10767 attached [pid 10767] set_robust_list(0x5555557b6760, 24) = 0 [pid 10767] chdir("./418") = 0 [pid 10767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10767] setpgid(0, 0) = 0 [pid 10767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10767] write(3, "1000", 4) = 4 [pid 10767] close(3) = 0 [pid 10767] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10767] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10767] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10767] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10767] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10767] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10767] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10769]}, 88) = 10769 [pid 10767] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10767] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10767] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10769 attached [pid 10769] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10769] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10769] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10769] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10767] <... futex resumed>) = 0 [pid 10767] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10767] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10769] <... futex resumed>) = 1 [pid 10769] memfd_create("syzkaller", 0) = 3 [pid 10769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10768 attached [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10770 ./strace-static-x86_64: Process 10770 attached [pid 10770] set_robust_list(0x5555557b6760, 24) = 0 [pid 10770] chdir("./418" [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10771 [pid 10770] <... chdir resumed>) = 0 [pid 10770] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10770] setpgid(0, 0 [pid 10768] set_robust_list(0x5555557b6760, 24) = 0 [pid 10770] <... setpgid resumed>) = 0 [pid 10770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10768] chdir("./417" [pid 10770] <... openat resumed>) = 3 [pid 10770] write(3, "1000", 4) = 4 [pid 10770] close(3) = 0 [pid 10770] symlink("/dev/binderfs", "./binderfs" [pid 10768] <... chdir resumed>) = 0 [pid 10768] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10770] <... symlink resumed>) = 0 [pid 10770] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10770] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10770] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10770] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10770] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10768] <... prctl resumed>) = 0 [pid 10768] setpgid(0, 0 [pid 10770] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10770] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10768] <... setpgid resumed>) = 0 [pid 10770] <... clone3 resumed> => {parent_tid=[10772]}, 88) = 10772 [pid 10770] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10770] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10770] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10771 attached [pid 10771] set_robust_list(0x5555557b6760, 24) = 0 [pid 10771] chdir("./413") = 0 [pid 10771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10771] setpgid(0, 0 [pid 10768] <... openat resumed>) = 3 [pid 10771] <... setpgid resumed>) = 0 [pid 10771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10771] write(3, "1000", 4) = 4 [pid 10771] close(3) = 0 [pid 10771] symlink("/dev/binderfs", "./binderfs" [pid 10768] write(3, "1000", 4 [pid 10771] <... symlink resumed>) = 0 [pid 10771] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10771] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10771] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10768] <... write resumed>) = 4 [pid 10771] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10768] close(3 [pid 10771] <... mprotect resumed>) = 0 [pid 10771] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10771] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10768] <... close resumed>) = 0 [pid 10771] <... clone3 resumed> => {parent_tid=[10773]}, 88) = 10773 [pid 10771] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10771] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10771] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10773 attached [pid 10773] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10773] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10768] symlink("/dev/binderfs", "./binderfs" [pid 10773] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10773] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10771] <... futex resumed>) = 0 [pid 10771] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10771] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10768] <... symlink resumed>) = 0 [pid 10773] <... futex resumed>) = 1 [pid 10768] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10773] memfd_create("syzkaller", 0) = 3 [pid 10773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10768] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10768] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10768] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10768] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10768] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10774]}, 88) = 10774 [pid 10768] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10768] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10768] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10769] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 10774 attached ./strace-static-x86_64: Process 10772 attached [pid 10772] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10772] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10772] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10770] <... futex resumed>) = 0 [pid 10770] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10770] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10772] memfd_create("syzkaller", 0) = 3 [pid 10772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10766] <... close resumed>) = 0 [pid 10766] mkdir("./file0", 0777) = 0 [pid 10766] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10773] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10774] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10774] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10774] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10774] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10768] <... futex resumed>) = 0 [pid 10774] <... futex resumed>) = 1 [pid 10768] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 149.077648][T10766] loop2: detected capacity change from 0 to 2048 [pid 10768] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10774] memfd_create("syzkaller", 0) = 3 [pid 10774] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10773] <... write resumed>) = 1048576 [pid 10773] munmap(0x7fe453fca000, 138412032) = 0 [pid 10773] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10773] ioctl(4, LOOP_SET_FD, 3 [pid 10772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10769] <... write resumed>) = 1048576 [pid 10773] <... ioctl resumed>) = 0 [pid 10773] close(3) = 0 [pid 10773] close(4 [pid 10769] munmap(0x7fe453fca000, 138412032) = 0 [pid 10769] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10769] ioctl(4, LOOP_SET_FD, 3 [pid 10772] <... write resumed>) = 1048576 [pid 10772] munmap(0x7fe453fca000, 138412032) = 0 [pid 10772] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10772] ioctl(4, LOOP_SET_FD, 3 [pid 10774] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10769] <... ioctl resumed>) = 0 [pid 10769] close(3) = 0 [pid 10769] close(4) = 0 [pid 10769] mkdir("./file0", 0777) = 0 [pid 10772] <... ioctl resumed>) = 0 [pid 10769] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10772] close(3) = 0 [pid 10772] close(4 [pid 10774] <... write resumed>) = 1048576 [pid 10774] munmap(0x7fe453fca000, 138412032) = 0 [pid 10774] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10774] ioctl(4, LOOP_SET_FD, 3 [pid 10766] <... mount resumed>) = 0 [pid 10766] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10766] chdir("./file0") = 0 [pid 10766] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10766] ioctl(4, LOOP_CLR_FD) = 0 [pid 10766] close(4) = 0 [pid 10766] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10766] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10765] <... futex resumed>) = 0 [pid 10765] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10766] <... futex resumed>) = 0 [pid 10765] <... futex resumed>) = 1 [pid 10766] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10765] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10774] <... ioctl resumed>) = 0 [pid 10766] <... openat resumed>) = 4 [pid 10766] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10774] close(3 [pid 10766] <... futex resumed>) = 1 [pid 10765] <... futex resumed>) = 0 [pid 10766] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10765] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10765] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10766] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10765] <... futex resumed>) = 0 [pid 10774] <... close resumed>) = 0 [pid 10765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10774] close(4 [pid 10766] <... write resumed>) = 16 [pid 10765] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10765] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10766] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10765] <... mprotect resumed>) = 0 [pid 10765] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10765] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10766] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10765] <... clone3 resumed> => {parent_tid=[10777]}, 88) = 10777 [pid 10765] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10765] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10765] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10777 attached [pid 10777] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10777] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10777] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10777] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10765] <... futex resumed>) = 0 [pid 10773] <... close resumed>) = 0 [pid 10773] mkdir("./file0", 0777 [pid 10765] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10772] <... close resumed>) = 0 [pid 10773] <... mkdir resumed>) = 0 [pid 10772] mkdir("./file0", 0777 [pid 10765] <... futex resumed>) = 1 [pid 10773] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10765] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10772] <... mkdir resumed>) = 0 [pid 10772] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10766] <... futex resumed>) = 0 [pid 10766] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10766] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10765] <... futex resumed>) = 0 [pid 10765] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10765] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10777] <... futex resumed>) = 1 [ 149.142823][T10773] loop4: detected capacity change from 0 to 2048 [ 149.151584][T10769] loop1: detected capacity change from 0 to 2048 [ 149.156758][T10772] loop3: detected capacity change from 0 to 2048 [ 149.171790][T10774] loop0: detected capacity change from 0 to 2048 [pid 10777] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10774] <... close resumed>) = 0 [pid 10774] mkdir("./file0", 0777) = 0 [pid 10766] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10774] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10766] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10766] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10772] <... mount resumed>) = 0 [pid 10765] <... futex resumed>) = 0 [pid 10766] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10772] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10765] exit_group(0 [pid 10777] <... futex resumed>) = ? [pid 10772] <... openat resumed>) = 3 [pid 10765] <... exit_group resumed>) = ? [pid 10777] +++ exited with 0 +++ [pid 10766] <... futex resumed>) = ? [pid 10772] chdir("./file0" [pid 10769] <... mount resumed>) = 0 [pid 10772] <... chdir resumed>) = 0 [pid 10769] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10766] +++ exited with 0 +++ [pid 10765] +++ exited with 0 +++ [pid 10772] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10769] <... openat resumed>) = 3 [pid 10772] <... openat resumed>) = 4 [pid 10769] chdir("./file0" [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10765, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 10772] ioctl(4, LOOP_CLR_FD [pid 297] umount2("./418", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10772] <... ioctl resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10772] close(4 [pid 297] openat(AT_FDCWD, "./418", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10772] <... close resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 10772] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] newfstatat(3, "", [pid 10772] <... futex resumed>) = 1 [pid 10770] <... futex resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10772] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10770] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(3, [pid 10772] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10770] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10772] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10770] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] umount2("./418/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10772] <... openat resumed>) = 4 [pid 10769] <... chdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10772] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10769] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 297] newfstatat(AT_FDCWD, "./418/binderfs", [pid 10772] <... futex resumed>) = 1 [pid 10770] <... futex resumed>) = 0 [pid 10769] <... openat resumed>) = 4 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10772] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10770] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10769] ioctl(4, LOOP_CLR_FD [pid 297] unlink("./418/binderfs" [pid 10772] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10770] <... futex resumed>) = 0 [pid 10769] <... ioctl resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 10772] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10770] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10772] <... write resumed>) = 16 [pid 10770] <... futex resumed>) = 0 [pid 10769] close(4) = 0 [pid 10772] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10770] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10772] <... futex resumed>) = 0 [pid 10769] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10772] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10770] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10769] <... futex resumed>) = 1 [pid 10767] <... futex resumed>) = 0 [pid 10770] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10769] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10767] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10774] <... mount resumed>) = 0 [pid 10770] <... mprotect resumed>) = 0 [pid 10769] <... futex resumed>) = 0 [pid 10767] <... futex resumed>) = 1 [pid 10774] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10770] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10769] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10767] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10774] <... openat resumed>) = 3 [pid 10770] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10774] chdir("./file0" [pid 10770] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10774] <... chdir resumed>) = 0 [pid 10769] <... openat resumed>) = 4 [pid 10774] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10769] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10774] <... openat resumed>) = 4 [pid 10770] <... clone3 resumed> => {parent_tid=[10784]}, 88) = 10784 [pid 10769] <... futex resumed>) = 1 [pid 10774] ioctl(4, LOOP_CLR_FD [pid 10770] rt_sigprocmask(SIG_SETMASK, [], [pid 10767] <... futex resumed>) = 0 [pid 10769] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10774] <... ioctl resumed>) = 0 [pid 10770] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10767] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10769] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10774] close(4 [pid 10770] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10769] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10767] <... futex resumed>) = 0 [pid 10774] <... close resumed>) = 0 [pid 10770] <... futex resumed>) = 0 [pid 10774] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10770] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10769] <... write resumed>) = 16 [pid 10767] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10774] <... futex resumed>) = 1 [pid 10769] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10768] <... futex resumed>) = 0 [pid 10767] <... futex resumed>) = 0 [pid 10774] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10769] <... futex resumed>) = 0 [pid 10768] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10774] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10769] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10768] <... futex resumed>) = 0 [pid 10767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10774] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10768] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10767] <... mmap resumed>) = 0x7fe45c3a9000 ./strace-static-x86_64: Process 10784 attached [pid 10767] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10784] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10784] rt_sigprocmask(SIG_SETMASK, [], [pid 10767] <... mprotect resumed>) = 0 [pid 10784] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10784] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10767] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10774] <... openat resumed>) = 4 [pid 10767] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10774] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10767] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10784] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10774] <... futex resumed>) = 1 [pid 10768] <... futex resumed>) = 0 [pid 10784] <... futex resumed>) = 1 [pid 10768] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10770] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10785 attached [pid 10774] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10770] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10784] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10768] <... futex resumed>) = 0 [pid 10767] <... clone3 resumed> => {parent_tid=[10785]}, 88) = 10785 [pid 10774] <... write resumed>) = 16 [pid 10774] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10774] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10770] <... futex resumed>) = 1 [pid 10770] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10785] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10785] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10785] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10768] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10774] <... futex resumed>) = 0 [pid 10768] <... futex resumed>) = 1 [pid 10774] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10768] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10774] <... write resumed>) = 16 [pid 10772] <... futex resumed>) = 0 [pid 10767] rt_sigprocmask(SIG_SETMASK, [], [pid 10774] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10772] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10767] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10774] <... futex resumed>) = 1 [pid 10772] <... mmap resumed>) = 0x20000000 [pid 10768] <... futex resumed>) = 0 [pid 10767] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10774] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10768] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10774] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10768] <... futex resumed>) = 0 [pid 10774] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10768] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10774] <... mmap resumed>) = 0x20000000 [pid 10774] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10768] <... futex resumed>) = 0 [pid 10774] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10772] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10768] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10767] <... futex resumed>) = 1 [pid 10774] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10772] <... futex resumed>) = 1 [pid 10770] <... futex resumed>) = 0 [pid 10768] <... futex resumed>) = 0 [pid 10767] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10785] <... futex resumed>) = 0 [pid 10772] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10770] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10785] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10772] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10770] <... futex resumed>) = 0 [pid 10768] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10785] <... write resumed>) = 16 [pid 10785] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10785] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10774] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10774] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10774] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10768] <... futex resumed>) = 0 [pid 10768] exit_group(0) = ? [pid 10774] <... futex resumed>) = ? [pid 10774] +++ exited with 0 +++ [pid 10768] +++ exited with 0 +++ [ 149.183721][T10766] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 149.226047][T10774] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10770] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10768, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 295] umount2("./417", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./417", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./417/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./417/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./417/binderfs") = 0 [pid 295] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10767] <... futex resumed>) = 0 [pid 10767] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10767] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10773] <... mount resumed>) = 0 [pid 10773] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10773] chdir("./file0") = 0 [pid 10773] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10773] ioctl(4, LOOP_CLR_FD) = 0 [pid 10773] close(4) = 0 [pid 10773] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10773] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10769] <... futex resumed>) = 0 [pid 10769] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10769] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10767] <... futex resumed>) = 0 [pid 10771] <... futex resumed>) = 0 [pid 10767] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10771] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10773] <... futex resumed>) = 0 [pid 10771] <... futex resumed>) = 1 [pid 10773] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10771] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10773] <... openat resumed>) = 4 [pid 10773] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10771] <... futex resumed>) = 0 [pid 10773] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10771] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10773] <... write resumed>) = 16 [pid 10771] <... futex resumed>) = 0 [pid 10773] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10771] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10773] <... futex resumed>) = 0 [pid 10771] <... futex resumed>) = 0 [pid 10773] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10771] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10771] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10771] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10788]}, 88) = 10788 [pid 10771] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10771] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10771] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10772] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10772] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10772] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10770] <... futex resumed>) = 0 [pid 10770] exit_group(0 [pid 10784] <... futex resumed>) = ? [pid 10770] <... exit_group resumed>) = ? [pid 10784] +++ exited with 0 +++ [pid 10772] <... futex resumed>) = ? [pid 10772] +++ exited with 0 +++ [pid 10770] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10770, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./418", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./418", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./418/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./418/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./418/binderfs") = 0 [pid 298] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10788 attached [pid 10788] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10788] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10788] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10788] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10771] <... futex resumed>) = 0 [pid 10788] <... futex resumed>) = 1 [pid 10771] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10767] <... futex resumed>) = 0 [pid 10767] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10788] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10771] <... futex resumed>) = 1 [pid 10773] <... futex resumed>) = 0 [pid 10771] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10773] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10773] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10773] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10771] <... futex resumed>) = 0 [pid 10771] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10773] <... futex resumed>) = 0 [pid 10771] <... futex resumed>) = 1 [pid 10771] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10769] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10769] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10769] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10767] <... futex resumed>) = 0 [pid 10767] exit_group(0 [pid 10785] <... futex resumed>) = ? [pid 10767] <... exit_group resumed>) = ? [pid 10785] +++ exited with 0 +++ [pid 10769] <... futex resumed>) = ? [pid 10769] +++ exited with 0 +++ [pid 10767] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10767, si_uid=0, si_status=0, si_utime=1, si_stime=1} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./418", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./418", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./418/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./418/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./418/binderfs") = 0 [pid 296] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10773] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 297] <... umount2 resumed>) = 0 [pid 10773] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10773] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10773] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./418/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./418/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10771] <... futex resumed>) = 0 [pid 10771] exit_group(0 [pid 297] <... openat resumed>) = 4 [pid 297] newfstatat(4, "", [pid 10771] <... exit_group resumed>) = ? [pid 10788] <... futex resumed>) = ? [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10788] +++ exited with 0 +++ [pid 10773] <... futex resumed>) = ? [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./418/file0") = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./418" [pid 10773] +++ exited with 0 +++ [pid 10771] +++ exited with 0 +++ [pid 297] <... rmdir resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10771, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 297] mkdir("./419", 0777 [pid 299] <... restart_syscall resumed>) = 0 [pid 299] umount2("./413", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "./413", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./413/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./413/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./413/binderfs") = 0 [pid 299] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10789 attached [pid 10789] set_robust_list(0x5555557b6760, 24) = 0 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10789 [pid 10789] chdir("./419") = 0 [pid 10789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10789] setpgid(0, 0) = 0 [pid 10789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] <... umount2 resumed>) = 0 [pid 10789] <... openat resumed>) = 3 [pid 298] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 295] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./417/file0", [pid 298] newfstatat(AT_FDCWD, "./418/file0", [pid 296] newfstatat(AT_FDCWD, "./418/file0", [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./417/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] openat(AT_FDCWD, "./418/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./418/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... openat resumed>) = 4 [pid 298] <... openat resumed>) = 4 [pid 296] <... openat resumed>) = 4 [pid 295] newfstatat(4, "", [pid 298] newfstatat(4, "", [pid 296] newfstatat(4, "", [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, [pid 298] getdents64(4, [pid 296] getdents64(4, [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, [pid 298] getdents64(4, [pid 296] getdents64(4, [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4 [pid 10789] write(3, "1000", 4 [pid 298] close(4 [pid 296] close(4 [pid 295] <... close resumed>) = 0 [pid 10789] <... write resumed>) = 4 [pid 298] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 295] rmdir("./417/file0" [pid 10789] close(3 [pid 299] <... umount2 resumed>) = 0 [pid 298] rmdir("./418/file0" [pid 296] rmdir("./418/file0" [pid 295] <... rmdir resumed>) = 0 [pid 10789] <... close resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 295] getdents64(3, [pid 10789] symlink("/dev/binderfs", "./binderfs" [pid 298] getdents64(3, [pid 296] getdents64(3, [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10789] <... symlink resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3 [pid 10789] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] close(3 [pid 296] close(3 [pid 295] <... close resumed>) = 0 [pid 10789] <... futex resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 295] rmdir("./417" [pid 10789] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 298] rmdir("./418" [pid 296] rmdir("./418" [pid 295] <... rmdir resumed>) = 0 [pid 10789] <... rt_sigaction resumed>NULL, 8) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 295] mkdir("./418", 0777 [pid 10789] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 298] mkdir("./419", 0777 [pid 296] mkdir("./419", 0777 [pid 295] <... mkdir resumed>) = 0 [pid 10789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 295] <... openat resumed>) = 3 [pid 10789] <... mmap resumed>) = 0x7fe45c3ca000 [pid 298] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 295] ioctl(3, LOOP_CLR_FD [pid 10789] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 298] ioctl(3, LOOP_CLR_FD [pid 296] ioctl(3, LOOP_CLR_FD [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10789] <... mprotect resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] close(3 [pid 10789] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] close(3 [pid 296] close(3 [pid 295] <... close resumed>) = 0 [pid 10789] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [ 149.228839][T10772] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 149.251395][T10769] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 149.273484][T10773] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10790 [pid 10789] <... clone3 resumed> => {parent_tid=[10791]}, 88) = 10791 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10792 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10793 [pid 10789] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10789] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10789] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10790 attached [pid 10790] set_robust_list(0x5555557b6760, 24) = 0 [pid 10790] chdir("./418") = 0 [pid 10790] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10790] setpgid(0, 0./strace-static-x86_64: Process 10793 attached ./strace-static-x86_64: Process 10792 attached ./strace-static-x86_64: Process 10791 attached [pid 299] newfstatat(AT_FDCWD, "./413/file0", [pid 10791] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10790] <... setpgid resumed>) = 0 [pid 10792] set_robust_list(0x5555557b6760, 24 [pid 10791] <... set_robust_list resumed>) = 0 [pid 10790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10792] <... set_robust_list resumed>) = 0 [pid 10791] rt_sigprocmask(SIG_SETMASK, [], [pid 10790] <... openat resumed>) = 3 [pid 10792] chdir("./419" [pid 10791] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10790] write(3, "1000", 4 [pid 10792] <... chdir resumed>) = 0 [pid 10791] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10790] <... write resumed>) = 4 [pid 10792] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10791] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10790] close(3 [pid 10792] <... prctl resumed>) = 0 [pid 10791] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10790] <... close resumed>) = 0 [pid 10792] setpgid(0, 0 [pid 10791] <... futex resumed>) = 1 [pid 10790] symlink("/dev/binderfs", "./binderfs" [pid 10789] <... futex resumed>) = 0 [pid 10792] <... setpgid resumed>) = 0 [pid 10791] memfd_create("syzkaller", 0 [pid 10790] <... symlink resumed>) = 0 [pid 10789] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10791] <... memfd_create resumed>) = 3 [pid 10790] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10789] <... futex resumed>) = 0 [pid 299] umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10792] <... openat resumed>) = 3 [pid 10791] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10790] <... futex resumed>) = 0 [pid 10789] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10792] write(3, "1000", 4 [pid 10791] <... mmap resumed>) = 0x7fe453fca000 [pid 10790] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 299] openat(AT_FDCWD, "./413/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10793] set_robust_list(0x5555557b6760, 24 [pid 10792] <... write resumed>) = 4 [pid 10790] <... rt_sigaction resumed>NULL, 8) = 0 [pid 299] <... openat resumed>) = 4 [pid 10792] close(3 [pid 10790] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10792] <... close resumed>) = 0 [pid 10790] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10792] symlink("/dev/binderfs", "./binderfs" [pid 10790] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10792] <... symlink resumed>) = 0 [pid 10790] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10792] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10790] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10792] <... futex resumed>) = 0 [pid 10790] <... mprotect resumed>) = 0 [pid 10792] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10790] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10792] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10790] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10792] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10790] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10790] <... clone3 resumed> => {parent_tid=[10794]}, 88) = 10794 [pid 10792] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10790] rt_sigprocmask(SIG_SETMASK, [], [pid 10792] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10790] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10792] <... mprotect resumed>) = 0 [pid 10790] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10792] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10790] <... futex resumed>) = 0 [pid 10792] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10790] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10795]}, 88) = 10795 [pid 10792] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10792] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10792] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10791] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./413/file0") = 0 [pid 299] getdents64(3, [pid 10793] <... set_robust_list resumed>) = 0 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10793] chdir("./419" [pid 299] close(3) = 0 [pid 299] rmdir("./413" [pid 10793] <... chdir resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 10793] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] mkdir("./414", 0777) = 0 [pid 10793] <... prctl resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 10793] setpgid(0, 0 [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10791] <... write resumed>) = 1048576 [pid 10791] munmap(0x7fe453fca000, 138412032 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10796 [pid 10793] <... setpgid resumed>) = 0 [pid 10791] <... munmap resumed>) = 0 [pid 10791] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10793] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10791] <... openat resumed>) = 4 [pid 10791] ioctl(4, LOOP_SET_FD, 3 [pid 10793] <... openat resumed>) = 3 ./strace-static-x86_64: Process 10794 attached [pid 10793] write(3, "1000", 4 [pid 10794] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10794] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10794] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10794] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10790] <... futex resumed>) = 0 [pid 10793] <... write resumed>) = 4 [pid 10790] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10790] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10794] <... futex resumed>) = 1 [pid 10793] close(3 [pid 10794] memfd_create("syzkaller", 0) = 3 [pid 10794] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10793] <... close resumed>) = 0 [pid 10793] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 10796 attached ./strace-static-x86_64: Process 10795 attached [pid 10794] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10796] set_robust_list(0x5555557b6760, 24 [pid 10795] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10793] <... symlink resumed>) = 0 [pid 10793] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10796] <... set_robust_list resumed>) = 0 [pid 10795] <... set_robust_list resumed>) = 0 [pid 10793] <... futex resumed>) = 0 [pid 10796] chdir("./414" [pid 10793] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10796] <... chdir resumed>) = 0 [pid 10793] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10796] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10795] rt_sigprocmask(SIG_SETMASK, [], [pid 10793] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10793] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10796] <... prctl resumed>) = 0 [pid 10795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10793] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10796] setpgid(0, 0 [pid 10795] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10796] <... setpgid resumed>) = 0 [pid 10795] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10793] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10793] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10793] <... clone3 resumed> => {parent_tid=[10797]}, 88) = 10797 [pid 10796] <... openat resumed>) = 3 [pid 10793] rt_sigprocmask(SIG_SETMASK, [], [pid 10796] write(3, "1000", 4 [pid 10795] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10793] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10793] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10796] <... write resumed>) = 4 [pid 10795] <... futex resumed>) = 1 [pid 10793] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10796] close(3 [pid 10795] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10792] <... futex resumed>) = 0 [pid 10792] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10796] <... close resumed>) = 0 [pid 10795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10792] <... futex resumed>) = 0 [pid 10796] symlink("/dev/binderfs", "./binderfs" [pid 10795] memfd_create("syzkaller", 0 [pid 10792] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10796] <... symlink resumed>) = 0 [pid 10795] <... memfd_create resumed>) = 3 [pid 10795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10796] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10795] <... mmap resumed>) = 0x7fe453fca000 [pid 10796] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10796] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10796] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10796] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 10797 attached [pid 10797] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10796] <... mprotect resumed>) = 0 [pid 10796] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10797] <... set_robust_list resumed>) = 0 [pid 10796] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10796] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10797] rt_sigprocmask(SIG_SETMASK, [], [pid 10796] <... clone3 resumed> => {parent_tid=[10798]}, 88) = 10798 [pid 10797] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10797] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10797] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10793] <... futex resumed>) = 0 [pid 10793] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10793] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10797] memfd_create("syzkaller", 0) = 3 [pid 10797] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10796] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10796] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10796] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10798 attached [pid 10798] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10791] <... ioctl resumed>) = 0 [pid 10794] <... write resumed>) = 1048576 [pid 10794] munmap(0x7fe453fca000, 138412032 [pid 10798] <... set_robust_list resumed>) = 0 [pid 10791] close(3 [pid 10798] rt_sigprocmask(SIG_SETMASK, [], [pid 10791] <... close resumed>) = 0 [pid 10798] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10791] close(4 [pid 10794] <... munmap resumed>) = 0 [pid 10794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10798] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10791] <... close resumed>) = 0 [pid 10794] ioctl(4, LOOP_SET_FD, 3 [pid 10798] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10795] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10791] mkdir("./file0", 0777 [pid 10798] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10794] <... ioctl resumed>) = 0 [pid 10794] close(3 [pid 10791] <... mkdir resumed>) = 0 [pid 10794] <... close resumed>) = 0 [pid 10794] close(4 [pid 10798] <... futex resumed>) = 1 [pid 10796] <... futex resumed>) = 0 [pid 10791] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10796] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10798] memfd_create("syzkaller", 0 [pid 10796] <... futex resumed>) = 0 [pid 10796] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10798] <... memfd_create resumed>) = 3 [pid 10798] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10797] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10798] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10797] <... write resumed>) = 1048576 [pid 10797] munmap(0x7fe453fca000, 138412032) = 0 [pid 10797] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 149.366604][T10791] loop2: detected capacity change from 0 to 2048 [ 149.399151][T10794] loop0: detected capacity change from 0 to 2048 [pid 10797] ioctl(4, LOOP_SET_FD, 3 [pid 10798] <... write resumed>) = 1048576 [pid 10795] <... write resumed>) = 1048576 [pid 10795] munmap(0x7fe453fca000, 138412032) = 0 [pid 10795] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10795] ioctl(4, LOOP_SET_FD, 3 [pid 10798] munmap(0x7fe453fca000, 138412032 [pid 10797] <... ioctl resumed>) = 0 [pid 10797] close(3) = 0 [pid 10797] close(4 [pid 10798] <... munmap resumed>) = 0 [pid 10797] <... close resumed>) = 0 [pid 10795] <... ioctl resumed>) = 0 [pid 10798] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10797] mkdir("./file0", 0777 [pid 10795] close(3 [pid 10798] <... openat resumed>) = 4 [pid 10798] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10797] <... mkdir resumed>) = 0 [pid 10795] <... close resumed>) = 0 [pid 10794] <... close resumed>) = 0 [pid 10797] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10794] mkdir("./file0", 0777 [pid 10795] close(4 [pid 10794] <... mkdir resumed>) = 0 [pid 10794] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10795] <... close resumed>) = 0 [pid 10795] mkdir("./file0", 0777) = 0 [pid 10795] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10798] close(3) = 0 [pid 10798] close(4 [pid 10791] <... mount resumed>) = 0 [pid 10791] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10794] <... mount resumed>) = 0 [pid 10794] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10791] <... openat resumed>) = 3 [pid 10794] <... openat resumed>) = 3 [pid 10791] chdir("./file0" [pid 10794] chdir("./file0" [pid 10791] <... chdir resumed>) = 0 [pid 10794] <... chdir resumed>) = 0 [pid 10791] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10794] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10791] <... openat resumed>) = 4 [pid 10794] <... openat resumed>) = 4 [pid 10791] ioctl(4, LOOP_CLR_FD [pid 10794] ioctl(4, LOOP_CLR_FD [pid 10791] <... ioctl resumed>) = 0 [pid 10794] <... ioctl resumed>) = 0 [pid 10791] close(4 [pid 10794] close(4 [pid 10791] <... close resumed>) = 0 [pid 10794] <... close resumed>) = 0 [pid 10791] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10794] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10791] <... futex resumed>) = 1 [pid 10789] <... futex resumed>) = 0 [pid 10794] <... futex resumed>) = 1 [pid 10791] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10789] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10794] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10791] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10789] <... futex resumed>) = 0 [pid 10791] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10789] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10790] <... futex resumed>) = 0 [pid 10791] <... openat resumed>) = 4 [pid 10790] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10794] <... futex resumed>) = 0 [pid 10791] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10790] <... futex resumed>) = 1 [pid 10794] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10791] <... futex resumed>) = 1 [pid 10790] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10789] <... futex resumed>) = 0 [pid 10789] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10794] <... openat resumed>) = 4 [pid 10791] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10789] <... futex resumed>) = 0 [pid 10794] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10791] <... write resumed>) = 16 [pid 10790] <... futex resumed>) = 0 [pid 10789] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10794] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10791] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10790] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10789] <... futex resumed>) = 0 [pid 10794] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10791] <... futex resumed>) = 0 [pid 10790] <... futex resumed>) = 0 [pid 10789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10794] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10791] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10789] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10794] <... write resumed>) = 16 [pid 10790] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10789] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10794] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10790] <... futex resumed>) = 0 [pid 10789] <... mprotect resumed>) = 0 [pid 10794] <... futex resumed>) = 0 [pid 10790] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10789] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10794] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10789] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10790] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10790] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10789] <... clone3 resumed> => {parent_tid=[10804]}, 88) = 10804 [pid 10790] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10789] rt_sigprocmask(SIG_SETMASK, [], [pid 10790] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10790] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10789] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10789] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10790] <... clone3 resumed> => {parent_tid=[10805]}, 88) = 10805 [pid 10790] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 10805 attached NULL, 8) = 0 [pid 10805] set_robust_list(0x7fe45c3c99a0, 24 [pid 10790] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10805] <... set_robust_list resumed>) = 0 [pid 10805] rt_sigprocmask(SIG_SETMASK, [], [pid 10790] <... futex resumed>) = 0 [pid 10805] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10790] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10805] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10805] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10790] <... futex resumed>) = 0 [pid 10790] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10794] <... futex resumed>) = 0 [pid 10790] <... futex resumed>) = 1 [pid 10794] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10790] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10794] <... mmap resumed>) = 0x20000000 [pid 10794] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10790] <... futex resumed>) = 0 [pid 10794] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10790] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10798] <... close resumed>) = 0 [pid 10794] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 149.420755][T10797] loop1: detected capacity change from 0 to 2048 [ 149.426925][T10795] loop3: detected capacity change from 0 to 2048 [ 149.435159][T10798] loop4: detected capacity change from 0 to 2048 [pid 10790] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10804 attached [pid 10805] <... futex resumed>) = 1 [pid 10798] mkdir("./file0", 0777) = 0 [pid 10790] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10798] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10804] set_robust_list(0x7fe45c3c99a0, 24 [pid 10795] <... mount resumed>) = 0 [pid 10805] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10795] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10794] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10795] <... openat resumed>) = 3 [pid 10795] chdir("./file0") = 0 [pid 10795] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10795] ioctl(4, LOOP_CLR_FD) = 0 [pid 10795] close(4) = 0 [pid 10795] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10792] <... futex resumed>) = 0 [pid 10795] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10792] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10792] <... futex resumed>) = 0 [pid 10795] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10792] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10804] <... set_robust_list resumed>) = 0 [pid 10795] <... openat resumed>) = 4 [pid 10794] sendfile(-1, -1, [0] [pid 10795] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10792] <... futex resumed>) = 0 [pid 10795] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10792] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10792] <... futex resumed>) = 0 [pid 10795] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10792] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10795] <... write resumed>) = 16 [pid 10792] <... futex resumed>) = 0 [pid 10795] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10795] <... futex resumed>) = 0 [pid 10792] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10795] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10792] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10792] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10804] rt_sigprocmask(SIG_SETMASK, [], [pid 10792] <... clone3 resumed> => {parent_tid=[10809]}, 88) = 10809 [pid 10792] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10804] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10792] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10804] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10792] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10804] <... write resumed>) = 16 ./strace-static-x86_64: Process 10809 attached [pid 10804] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10794] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10804] <... futex resumed>) = 1 [pid 10804] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10794] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10809] set_robust_list(0x7fe45c3c99a0, 24 [pid 10797] <... mount resumed>) = 0 [pid 10789] <... futex resumed>) = 0 [pid 10809] <... set_robust_list resumed>) = 0 [pid 10797] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10789] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10809] rt_sigprocmask(SIG_SETMASK, [], [pid 10797] <... openat resumed>) = 3 [pid 10791] <... futex resumed>) = 0 [pid 10789] <... futex resumed>) = 1 [pid 10794] <... futex resumed>) = 1 [pid 10790] <... futex resumed>) = 0 [pid 10809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10797] chdir("./file0" [pid 10791] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10790] exit_group(0 [pid 10789] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10809] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10805] <... futex resumed>) = ? [pid 10797] <... chdir resumed>) = 0 [pid 10791] <... mmap resumed>) = 0x20000000 [pid 10790] <... exit_group resumed>) = ? [pid 10805] +++ exited with 0 +++ [pid 10797] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10794] +++ exited with 0 +++ [pid 10791] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10809] <... write resumed>) = 16 [pid 10809] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10792] <... futex resumed>) = 0 [pid 10809] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10792] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10795] <... futex resumed>) = 0 [pid 10792] <... futex resumed>) = 1 [pid 10790] +++ exited with 0 +++ [pid 10791] <... futex resumed>) = 1 [pid 10789] <... futex resumed>) = 0 [pid 10797] <... openat resumed>) = 4 [pid 10795] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10792] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10791] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10789] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10790, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [ 149.464200][T10794] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 149.491296][T10791] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10797] ioctl(4, LOOP_CLR_FD [pid 10795] <... mmap resumed>) = 0x20000000 [pid 10791] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10789] <... futex resumed>) = 0 [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 10797] <... ioctl resumed>) = 0 [pid 10795] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10792] <... futex resumed>) = 0 [pid 10789] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... restart_syscall resumed>) = 0 [pid 10795] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10792] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10792] <... futex resumed>) = 0 [pid 10791] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10791] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10791] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10791] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] umount2("./418", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./418", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./418/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./418/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./418/binderfs") = 0 [pid 295] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10789] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10789] exit_group(0 [pid 10791] <... futex resumed>) = ? [pid 10789] <... exit_group resumed>) = ? [pid 10791] +++ exited with 0 +++ [pid 10797] close(4) = 0 [pid 10797] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10793] <... futex resumed>) = 0 [pid 10797] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10793] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10793] <... futex resumed>) = 0 [pid 10797] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10793] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10797] <... openat resumed>) = 4 [pid 10797] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10793] <... futex resumed>) = 0 [pid 10797] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10793] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10793] <... futex resumed>) = 0 [pid 10797] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10793] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10797] <... write resumed>) = 16 [pid 10793] <... futex resumed>) = 0 [pid 10797] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10793] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10797] <... futex resumed>) = 0 [pid 10793] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10797] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10793] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10793] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10793] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10810]}, 88) = 10810 [pid 10793] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10793] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10793] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10804] <... futex resumed>) = ? [pid 10792] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10804] +++ exited with 0 +++ [pid 10789] +++ exited with 0 +++ ./strace-static-x86_64: Process 10810 attached [pid 10795] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10810] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10795] sendfile(-1, -1, [0] [pid 10810] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10795] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10810] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10795] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10810] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10789, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 10810] <... futex resumed>) = 1 [pid 10795] <... futex resumed>) = 1 [pid 10793] <... futex resumed>) = 0 [pid 10792] <... futex resumed>) = 0 [pid 297] umount2("./419", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10810] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10795] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10793] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10792] exit_group(0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10809] <... futex resumed>) = ? [pid 10797] <... futex resumed>) = 0 [pid 10795] <... futex resumed>) = ? [pid 10793] <... futex resumed>) = 1 [pid 10792] <... exit_group resumed>) = ? [pid 297] openat(AT_FDCWD, "./419", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10809] +++ exited with 0 +++ [pid 10797] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10795] +++ exited with 0 +++ [pid 10793] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... openat resumed>) = 3 [pid 10797] <... mmap resumed>) = 0x20000000 [pid 10792] +++ exited with 0 +++ [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10792, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 297] getdents64(3, [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10797] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... restart_syscall resumed>) = 0 [pid 297] umount2("./419/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10797] <... futex resumed>) = 1 [pid 10793] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10793] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] newfstatat(AT_FDCWD, "./419/binderfs", [pid 298] umount2("./419", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] unlink("./419/binderfs" [pid 298] openat(AT_FDCWD, "./419", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... unlink resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 297] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./419/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./419/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./419/binderfs") = 0 [pid 298] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10793] <... futex resumed>) = 0 [pid 10793] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10798] <... mount resumed>) = 0 [pid 10798] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10798] chdir("./file0") = 0 [pid 10798] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10798] ioctl(4, LOOP_CLR_FD) = 0 [pid 10798] close(4) = 0 [pid 10798] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10796] <... futex resumed>) = 0 [pid 10798] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10796] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10798] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10797] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10796] <... futex resumed>) = 0 [pid 10798] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10796] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10798] <... openat resumed>) = 4 [pid 10798] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10796] <... futex resumed>) = 0 [pid 10798] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10796] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10798] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10796] <... futex resumed>) = 0 [pid 10798] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10797] sendfile(-1, -1, [0] [pid 10796] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10798] <... write resumed>) = 16 [pid 10797] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10796] <... futex resumed>) = 0 [pid 10798] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10797] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10796] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10798] <... futex resumed>) = 0 [pid 10797] <... futex resumed>) = 1 [pid 10796] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10793] <... futex resumed>) = 0 [pid 10798] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10797] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10796] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10793] exit_group(0 [pid 10810] <... futex resumed>) = ? [pid 10797] <... futex resumed>) = ? [pid 10796] <... mprotect resumed>) = 0 [pid 10793] <... exit_group resumed>) = ? [pid 10810] +++ exited with 0 +++ [pid 10797] +++ exited with 0 +++ [pid 10796] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10793] +++ exited with 0 +++ [pid 10796] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10793, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 10796] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10813 attached [pid 10813] set_robust_list(0x7fe45c3c99a0, 24 [pid 10796] <... clone3 resumed> => {parent_tid=[10813]}, 88) = 10813 [pid 296] umount2("./419", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10813] <... set_robust_list resumed>) = 0 [pid 10796] rt_sigprocmask(SIG_SETMASK, [], [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10813] rt_sigprocmask(SIG_SETMASK, [], [pid 10796] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] openat(AT_FDCWD, "./419", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10813] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10796] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... openat resumed>) = 3 [pid 10813] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10796] <... futex resumed>) = 0 [pid 296] newfstatat(3, "", [pid 10813] <... write resumed>) = 16 [pid 10796] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10813] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] getdents64(3, [pid 10813] <... futex resumed>) = 1 [pid 10796] <... futex resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10813] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10796] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10798] <... futex resumed>) = 0 [pid 10796] <... futex resumed>) = 1 [pid 296] umount2("./419/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10798] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10796] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10798] <... mmap resumed>) = 0x20000000 [pid 296] newfstatat(AT_FDCWD, "./419/binderfs", [pid 10798] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10796] <... futex resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10798] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10796] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] unlink("./419/binderfs" [pid 10798] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10796] <... futex resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [ 149.491722][T10795] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 149.538299][T10797] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 296] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10796] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10798] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10798] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10798] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10796] <... futex resumed>) = 0 [pid 10798] <... futex resumed>) = 1 [pid 10796] exit_group(0) = ? [pid 10798] +++ exited with 0 +++ [pid 298] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 298] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./419/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 298] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./419/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./419/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./419") = 0 [pid 298] mkdir("./420", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 10813] <... futex resumed>) = ? [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10814 [pid 10813] +++ exited with 0 +++ [pid 10796] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10796, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] umount2("./414", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./414", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, [pid 297] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./414/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./414/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] newfstatat(AT_FDCWD, "./419/file0", [pid 299] unlink("./414/binderfs" [pid 295] newfstatat(AT_FDCWD, "./418/file0", [pid 299] <... unlink resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 10814 attached [pid 10814] set_robust_list(0x5555557b6760, 24) = 0 [pid 10814] chdir("./420") = 0 [pid 10814] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10814] <... prctl resumed>) = 0 [pid 10814] setpgid(0, 0) = 0 [pid 297] openat(AT_FDCWD, "./419/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10814] write(3, "1000", 4) = 4 [pid 10814] close(3) = 0 [pid 10814] symlink("/dev/binderfs", "./binderfs" [pid 297] <... openat resumed>) = 4 [pid 295] openat(AT_FDCWD, "./418/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10814] <... symlink resumed>) = 0 [pid 10814] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10814] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10814] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 297] newfstatat(4, "", [pid 295] <... openat resumed>) = 4 [pid 10814] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] newfstatat(4, "", [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] getdents64(4, [pid 297] close(4) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] rmdir("./419/file0" [pid 295] getdents64(4, [pid 10814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] <... rmdir resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] getdents64(3, [pid 295] close(4 [pid 10814] <... mmap resumed>) = 0x7fe45c3ca000 [pid 295] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] rmdir("./418/file0" [pid 10814] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10814] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 297] close(3) = 0 [pid 295] getdents64(3, [pid 297] rmdir("./419" [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10814] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10815]}, 88) = 10815 [pid 10814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10814] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 295] close(3 [pid 10814] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10815 attached [pid 10815] set_robust_list(0x7fe45c3ea9a0, 24 [pid 295] <... close resumed>) = 0 [pid 297] mkdir("./420", 0777 [pid 10815] <... set_robust_list resumed>) = 0 [pid 10815] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10815] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10815] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10814] <... futex resumed>) = 0 [pid 10814] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10814] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10815] <... futex resumed>) = 1 [pid 295] rmdir("./418" [pid 10815] memfd_create("syzkaller", 0 [pid 297] <... mkdir resumed>) = 0 [pid 10815] <... memfd_create resumed>) = 3 [pid 10815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 295] <... rmdir resumed>) = 0 [pid 295] mkdir("./419", 0777 [pid 297] <... openat resumed>) = 3 [pid 10815] <... mmap resumed>) = 0x7fe453fca000 [pid 295] <... mkdir resumed>) = 0 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 297] close(3 [pid 295] <... openat resumed>) = 3 [pid 297] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10816 ./strace-static-x86_64: Process 10816 attached [pid 10816] set_robust_list(0x5555557b6760, 24) = 0 [pid 10816] chdir("./420") = 0 [pid 10816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10816] setpgid(0, 0) = 0 [pid 10816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10816] write(3, "1000", 4) = 4 [pid 10816] close(3) = 0 [pid 10816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10816] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10816] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10816] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 295] ioctl(3, LOOP_CLR_FD [pid 10816] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10816] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10816] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 295] close(3 [pid 10816] <... clone3 resumed> => {parent_tid=[10817]}, 88) = 10817 [pid 10816] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10816] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10816] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... close resumed>) = 0 ./strace-static-x86_64: Process 10817 attached [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10817] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10817] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10817] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10817] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10816] <... futex resumed>) = 0 [pid 10816] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10816] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10817] <... futex resumed>) = 1 [pid 10817] memfd_create("syzkaller", 0) = 3 [ 149.574528][T10798] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10818 [pid 10817] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./419/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./419/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4 [pid 10817] <... write resumed>) = 1048576 [pid 296] <... close resumed>) = 0 [pid 10817] munmap(0x7fe453fca000, 138412032 [pid 296] rmdir("./419/file0" [pid 10817] <... munmap resumed>) = 0 [pid 10817] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10817] ioctl(4, LOOP_SET_FD, 3 [pid 296] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 10818 attached [pid 10815] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 296] getdents64(3, [pid 10817] <... ioctl resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10817] close(3) = 0 [pid 10817] close(4 [pid 296] close(3) = 0 [pid 296] rmdir("./419" [pid 10818] set_robust_list(0x5555557b6760, 24 [pid 296] <... rmdir resumed>) = 0 [pid 10818] <... set_robust_list resumed>) = 0 [pid 296] mkdir("./420", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10818] chdir("./419" [pid 296] <... openat resumed>) = 3 [pid 296] ioctl(3, LOOP_CLR_FD [pid 10818] <... chdir resumed>) = 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10818] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 296] close(3 [pid 10818] <... prctl resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 10818] setpgid(0, 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10818] <... setpgid resumed>) = 0 [pid 10818] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10819 [pid 10818] <... openat resumed>) = 3 [pid 10818] write(3, "1000", 4./strace-static-x86_64: Process 10819 attached ) = 4 [pid 10818] close(3 [pid 10819] set_robust_list(0x5555557b6760, 24 [pid 10818] <... close resumed>) = 0 [pid 10819] <... set_robust_list resumed>) = 0 [pid 10818] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10818] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10819] chdir("./420") = 0 [pid 10818] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10819] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10818] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10819] <... prctl resumed>) = 0 [pid 10818] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10818] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10819] setpgid(0, 0 [pid 10818] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10819] <... setpgid resumed>) = 0 [pid 10818] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10818] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10819] <... openat resumed>) = 3 [pid 10818] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10818] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10819] write(3, "1000", 4 [pid 10818] <... clone3 resumed> => {parent_tid=[10820]}, 88) = 10820 [pid 10818] rt_sigprocmask(SIG_SETMASK, [], [pid 10819] <... write resumed>) = 4 [pid 10818] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10818] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10819] close(3 [pid 10818] <... futex resumed>) = 0 [pid 10819] <... close resumed>) = 0 [pid 10818] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10819] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 10820 attached [pid 10820] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10820] rt_sigprocmask(SIG_SETMASK, [], [pid 10819] <... symlink resumed>) = 0 [pid 10819] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10820] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10820] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10819] <... futex resumed>) = 0 [pid 10819] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10819] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10820] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10819] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10815] <... write resumed>) = 1048576 [pid 10819] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10820] <... futex resumed>) = 1 [pid 10818] <... futex resumed>) = 0 [pid 10818] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10815] munmap(0x7fe453fca000, 138412032 [pid 10818] <... futex resumed>) = 0 [pid 10818] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10819] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10820] memfd_create("syzkaller", 0 [pid 10819] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10815] <... munmap resumed>) = 0 [pid 10820] <... memfd_create resumed>) = 3 [pid 10820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10815] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10819] <... clone3 resumed> => {parent_tid=[10821]}, 88) = 10821 [pid 10819] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10819] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10819] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10815] <... openat resumed>) = 4 [pid 10815] ioctl(4, LOOP_SET_FD, 3 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10821 attached ) = -1 EINVAL (Invalid argument) [pid 10821] set_robust_list(0x7fe45c3ea9a0, 24 [pid 299] newfstatat(AT_FDCWD, "./414/file0", [pid 10821] <... set_robust_list resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10821] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10821] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] openat(AT_FDCWD, "./414/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10821] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 299] <... openat resumed>) = 4 [pid 10821] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 299] newfstatat(4, "", [pid 10821] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, [pid 10819] <... futex resumed>) = 0 [pid 10821] <... futex resumed>) = 1 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10819] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] getdents64(4, [pid 10819] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10821] memfd_create("syzkaller", 0 [pid 299] close(4 [pid 10821] <... memfd_create resumed>) = 3 [pid 299] <... close resumed>) = 0 [pid 10821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10820] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 299] rmdir("./414/file0" [pid 10821] <... mmap resumed>) = 0x7fe453fca000 [pid 299] <... rmdir resumed>) = 0 [pid 299] getdents64(3, [pid 10815] <... ioctl resumed>) = 0 [pid 10815] close(3) = 0 [pid 10815] close(4 [pid 10820] <... write resumed>) = 1048576 [pid 10820] munmap(0x7fe453fca000, 138412032) = 0 [pid 10820] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10820] ioctl(4, LOOP_SET_FD, 3 [pid 10821] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./414") = 0 [pid 299] mkdir("./415", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10822 [pid 10821] <... write resumed>) = 1048576 [pid 10821] munmap(0x7fe453fca000, 138412032 [pid 10817] <... close resumed>) = 0 [pid 10817] mkdir("./file0", 0777 [pid 10820] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 10822 attached [pid 10821] <... munmap resumed>) = 0 [pid 10821] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10817] <... mkdir resumed>) = 0 [pid 10821] <... openat resumed>) = 4 [pid 10821] ioctl(4, LOOP_SET_FD, 3 [pid 10817] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10822] set_robust_list(0x5555557b6760, 24 [pid 10820] close(3 [pid 10822] <... set_robust_list resumed>) = 0 [pid 10820] <... close resumed>) = 0 [pid 10822] chdir("./415") = 0 [pid 10822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10822] setpgid(0, 0) = 0 [ 149.648817][T10817] loop2: detected capacity change from 0 to 2048 [ 149.672254][T10815] loop3: detected capacity change from 0 to 2048 [ 149.688340][T10820] loop0: detected capacity change from 0 to 2048 [pid 10822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10822] write(3, "1000", 4) = 4 [pid 10822] close(3) = 0 [pid 10822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10822] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10822] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10821] <... ioctl resumed>) = 0 [pid 10820] close(4 [pid 10821] close(3) = 0 [pid 10821] close(4 [pid 10822] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10822] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10822] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10822] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 10823 attached [pid 10823] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10822] <... clone3 resumed> => {parent_tid=[10823]}, 88) = 10823 [pid 10823] <... set_robust_list resumed>) = 0 [pid 10822] rt_sigprocmask(SIG_SETMASK, [], [pid 10823] rt_sigprocmask(SIG_SETMASK, [], [pid 10822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10823] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10822] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10823] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10822] <... futex resumed>) = 0 [pid 10823] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10822] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10823] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10822] <... futex resumed>) = 0 [pid 10823] memfd_create("syzkaller", 0 [pid 10822] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10823] <... memfd_create resumed>) = 3 [pid 10822] <... futex resumed>) = 0 [pid 10823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10822] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10823] <... mmap resumed>) = 0x7fe453fca000 [pid 10823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10823] munmap(0x7fe453fca000, 138412032) = 0 [pid 10823] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10823] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10815] <... close resumed>) = 0 [pid 10820] <... close resumed>) = 0 [pid 10820] mkdir("./file0", 0777) = 0 [pid 10820] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10821] <... close resumed>) = 0 [pid 10823] close(3 [pid 10821] mkdir("./file0", 0777 [pid 10815] mkdir("./file0", 0777 [pid 10823] <... close resumed>) = 0 [pid 10821] <... mkdir resumed>) = 0 [pid 10821] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10815] <... mkdir resumed>) = 0 [pid 10815] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10823] close(4 [pid 10817] <... mount resumed>) = 0 [pid 10815] <... mount resumed>) = 0 [pid 10817] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10815] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10817] <... openat resumed>) = 3 [pid 10817] chdir("./file0" [pid 10815] <... openat resumed>) = 3 [pid 10817] <... chdir resumed>) = 0 [pid 10815] chdir("./file0" [pid 10817] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10815] <... chdir resumed>) = 0 [pid 10817] <... openat resumed>) = 4 [pid 10815] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10817] ioctl(4, LOOP_CLR_FD) = 0 [pid 10815] <... openat resumed>) = 4 [pid 10817] close(4 [pid 10815] ioctl(4, LOOP_CLR_FD [pid 10817] <... close resumed>) = 0 [pid 10817] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10815] <... ioctl resumed>) = 0 [pid 10817] <... futex resumed>) = 1 [pid 10816] <... futex resumed>) = 0 [pid 10815] close(4 [pid 10817] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10816] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10816] <... futex resumed>) = 0 [pid 10815] <... close resumed>) = 0 [pid 10817] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10816] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10815] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10817] <... openat resumed>) = 4 [pid 10815] <... futex resumed>) = 1 [pid 10814] <... futex resumed>) = 0 [pid 10817] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10815] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10814] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10817] <... futex resumed>) = 1 [pid 10816] <... futex resumed>) = 0 [pid 10815] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10814] <... futex resumed>) = 0 [pid 10817] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10816] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10815] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10814] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10816] <... futex resumed>) = 0 [pid 10817] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10816] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10817] <... write resumed>) = 16 [pid 10816] <... futex resumed>) = 0 [pid 10817] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10817] <... futex resumed>) = 0 [pid 10816] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10817] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10816] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10815] <... openat resumed>) = 4 [pid 10816] <... mprotect resumed>) = 0 [pid 10815] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10816] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10815] <... futex resumed>) = 1 [pid 10814] <... futex resumed>) = 0 [pid 10816] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10815] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10814] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10815] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10814] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10829 attached [pid 10815] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10814] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10816] <... clone3 resumed> => {parent_tid=[10829]}, 88) = 10829 [pid 10816] rt_sigprocmask(SIG_SETMASK, [], [pid 10815] <... write resumed>) = 16 [pid 10814] <... futex resumed>) = 0 [pid 10816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10815] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10816] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10815] <... futex resumed>) = 0 [pid 10814] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10816] <... futex resumed>) = 0 [pid 10815] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10814] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10816] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10814] <... mprotect resumed>) = 0 [pid 10829] set_robust_list(0x7fe45c3c99a0, 24 [pid 10814] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10814] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10829] <... set_robust_list resumed>) = 0 [pid 10820] <... mount resumed>) = 0 [pid 10820] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10814] <... clone3 resumed> => {parent_tid=[10831]}, 88) = 10831 [pid 10829] rt_sigprocmask(SIG_SETMASK, [], [pid 10820] <... openat resumed>) = 3 [pid 10814] rt_sigprocmask(SIG_SETMASK, [], [pid 10820] chdir("./file0" [pid 10814] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10820] <... chdir resumed>) = 0 [pid 10814] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10820] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10814] <... futex resumed>) = 0 [pid 10820] <... openat resumed>) = 4 [pid 10814] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10820] ioctl(4, LOOP_CLR_FD) = 0 [pid 10820] close(4) = 0 [pid 10820] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10818] <... futex resumed>) = 0 [pid 10820] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10818] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10818] <... futex resumed>) = 0 [pid 10820] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10818] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10820] <... openat resumed>) = 4 [pid 10820] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10818] <... futex resumed>) = 0 [pid 10829] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10820] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10818] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10818] <... futex resumed>) = 0 [pid 10820] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10818] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10829] <... write resumed>) = 16 [pid 10820] <... write resumed>) = 16 [pid 10818] <... futex resumed>) = 0 [pid 10820] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10818] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10820] <... futex resumed>) = 0 [pid 10818] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10820] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10818] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10829] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10818] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10818] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10832 attached [pid 10829] <... futex resumed>) = 1 [pid 10816] <... futex resumed>) = 0 [pid 10829] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10818] <... clone3 resumed> => {parent_tid=[10832]}, 88) = 10832 [pid 10816] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10832] set_robust_list(0x7fe45c3c99a0, 24 [pid 10818] rt_sigprocmask(SIG_SETMASK, [], [pid 10817] <... futex resumed>) = 0 [pid 10816] <... futex resumed>) = 1 [pid 10818] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10817] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10816] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10818] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10817] <... mmap resumed>) = 0x20000000 [pid 10818] <... futex resumed>) = 0 [pid 10817] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10818] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10817] <... futex resumed>) = 1 [pid 10816] <... futex resumed>) = 0 [pid 10817] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10816] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 149.696533][T10821] loop1: detected capacity change from 0 to 2048 [ 149.715537][T10823] loop4: detected capacity change from 0 to 2048 [pid 10816] <... futex resumed>) = 0 [pid 10832] <... set_robust_list resumed>) = 0 [pid 10816] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10831 attached [pid 10831] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10831] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10831] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10831] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10814] <... futex resumed>) = 0 [pid 10814] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10815] <... futex resumed>) = 0 [pid 10814] <... futex resumed>) = 1 [pid 10815] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10814] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10815] <... mmap resumed>) = 0x20000000 [pid 10815] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10814] <... futex resumed>) = 0 [pid 10815] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10814] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10815] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10814] <... futex resumed>) = 0 [pid 10831] <... futex resumed>) = 1 [pid 10831] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10817] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10817] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10817] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10817] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10832] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10832] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10832] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10832] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10814] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10816] <... futex resumed>) = 0 [pid 10816] exit_group(0 [pid 10829] <... futex resumed>) = ? [pid 10817] <... futex resumed>) = ? [pid 10816] <... exit_group resumed>) = ? [pid 10829] +++ exited with 0 +++ [pid 10817] +++ exited with 0 +++ [pid 10816] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10816, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 297] umount2("./420", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10818] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10818] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 297] openat(AT_FDCWD, "./420", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10820] <... futex resumed>) = 0 [pid 10818] <... futex resumed>) = 1 [pid 10815] sendfile(-1, -1, [0] [pid 297] <... openat resumed>) = 3 [pid 10820] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10818] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10815] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 297] newfstatat(3, "", [pid 10820] <... mmap resumed>) = 0x20000000 [pid 10815] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10820] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10818] <... futex resumed>) = 0 [pid 297] getdents64(3, [pid 10820] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10818] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10815] <... futex resumed>) = 1 [pid 10814] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10818] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10815] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10814] exit_group(0 [pid 10831] <... futex resumed>) = ? [pid 10815] <... futex resumed>) = ? [pid 10814] <... exit_group resumed>) = ? [pid 10831] +++ exited with 0 +++ [pid 297] umount2("./420/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10815] +++ exited with 0 +++ [pid 10814] +++ exited with 0 +++ [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./420/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./420/binderfs") = 0 [pid 297] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10814, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./420", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./420", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./420/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./420/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./420/binderfs") = 0 [pid 298] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10820] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10820] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10820] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10820] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10818] <... futex resumed>) = 0 [pid 10818] exit_group(0 [pid 10832] <... futex resumed>) = ? [pid 10820] <... futex resumed>) = ? [pid 10818] <... exit_group resumed>) = ? [pid 10832] +++ exited with 0 +++ [pid 10823] <... close resumed>) = 0 [pid 10823] mkdir("./file0", 0777 [pid 10820] +++ exited with 0 +++ [pid 10818] +++ exited with 0 +++ [pid 10823] <... mkdir resumed>) = 0 [pid 10823] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10818, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./419", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./419", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./419/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./419/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./419/binderfs") = 0 [pid 295] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10823] <... mount resumed>) = 0 [pid 10821] <... mount resumed>) = 0 [pid 10823] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10821] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10823] <... openat resumed>) = 3 [pid 10821] <... openat resumed>) = 3 [pid 10823] chdir("./file0" [pid 10821] chdir("./file0" [pid 10823] <... chdir resumed>) = 0 [pid 10821] <... chdir resumed>) = 0 [pid 10823] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10821] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10823] <... openat resumed>) = 4 [pid 10821] <... openat resumed>) = 4 [pid 10823] ioctl(4, LOOP_CLR_FD [pid 10821] ioctl(4, LOOP_CLR_FD [pid 10823] <... ioctl resumed>) = 0 [pid 10821] <... ioctl resumed>) = 0 [pid 10823] close(4 [pid 10821] close(4 [pid 10823] <... close resumed>) = 0 [pid 10821] <... close resumed>) = 0 [pid 10823] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10821] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10823] <... futex resumed>) = 1 [pid 10822] <... futex resumed>) = 0 [pid 10823] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10822] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10821] <... futex resumed>) = 1 [pid 10819] <... futex resumed>) = 0 [pid 10823] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10822] <... futex resumed>) = 0 [pid 10821] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10822] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10819] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10823] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10821] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10819] <... futex resumed>) = 0 [pid 10819] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10821] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10823] <... openat resumed>) = 4 [pid 10823] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10821] <... openat resumed>) = 4 [pid 10823] <... futex resumed>) = 1 [pid 10822] <... futex resumed>) = 0 [pid 10821] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10823] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10822] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10823] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10821] <... futex resumed>) = 1 [pid 10819] <... futex resumed>) = 0 [pid 10823] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10822] <... futex resumed>) = 0 [pid 10821] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10819] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10823] <... write resumed>) = 16 [pid 10822] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10821] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10819] <... futex resumed>) = 0 [pid 10823] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10822] <... futex resumed>) = 0 [pid 10821] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10819] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10823] <... futex resumed>) = 0 [pid 10822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10821] <... write resumed>) = 16 [pid 10819] <... futex resumed>) = 0 [pid 10822] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10823] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10822] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10821] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10822] <... mprotect resumed>) = 0 [pid 10819] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10821] <... futex resumed>) = 0 [pid 10822] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10821] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10819] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10822] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10819] <... mprotect resumed>) = 0 [pid 10822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10819] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10822] <... clone3 resumed> => {parent_tid=[10837]}, 88) = 10837 [pid 10819] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10822] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 10837 attached [pid 10837] set_robust_list(0x7fe45c3c99a0, 24 [pid 10822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10837] <... set_robust_list resumed>) = 0 [pid 10822] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10819] <... clone3 resumed> => {parent_tid=[10838]}, 88) = 10838 [pid 10822] <... futex resumed>) = 0 [pid 10819] rt_sigprocmask(SIG_SETMASK, [], [pid 10822] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10819] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10837] rt_sigprocmask(SIG_SETMASK, [], [pid 10819] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10819] <... futex resumed>) = 0 [pid 10837] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10819] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10837] <... write resumed>) = 16 [pid 10837] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10822] <... futex resumed>) = 0 [pid 10837] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10822] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10838 attached [pid 10823] <... futex resumed>) = 0 [ 149.748195][T10817] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 149.749830][T10815] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 149.780423][T10820] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10822] <... futex resumed>) = 1 [pid 10823] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10822] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10838] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10838] rt_sigprocmask(SIG_SETMASK, [], [pid 10823] <... mmap resumed>) = 0x20000000 [pid 10823] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10823] <... futex resumed>) = 1 [pid 10822] <... futex resumed>) = 0 [pid 10822] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10838] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10838] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10838] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10822] <... futex resumed>) = 0 [pid 10822] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10819] <... futex resumed>) = 0 [pid 10819] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10819] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10821] <... futex resumed>) = 0 [pid 10821] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10821] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10819] <... futex resumed>) = 0 [pid 10819] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10819] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10823] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10823] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10823] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10822] <... futex resumed>) = 0 [pid 10822] exit_group(0 [pid 10837] <... futex resumed>) = ? [pid 10822] <... exit_group resumed>) = ? [pid 10837] +++ exited with 0 +++ [pid 10823] <... futex resumed>) = ? [pid 10823] +++ exited with 0 +++ [pid 10822] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10822, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] umount2("./415", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./415", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./415/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./415/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./415/binderfs" [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10821] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10821] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10821] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10819] <... futex resumed>) = 0 [pid 10819] exit_group(0 [pid 10838] <... futex resumed>) = ? [pid 10819] <... exit_group resumed>) = ? [pid 10838] +++ exited with 0 +++ [pid 10821] <... futex resumed>) = ? [pid 10821] +++ exited with 0 +++ [pid 10819] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10819, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 297] <... umount2 resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] newfstatat(AT_FDCWD, "./420/file0", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... restart_syscall resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] newfstatat(AT_FDCWD, "./420/file0", [pid 298] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./420", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] openat(AT_FDCWD, "./420/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./420", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... openat resumed>) = 4 [pid 297] openat(AT_FDCWD, "./420/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... openat resumed>) = 3 [pid 296] newfstatat(3, "", [pid 298] newfstatat(4, "", [pid 297] <... openat resumed>) = 4 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(4, "", [pid 298] getdents64(4, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./419/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./419/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] <... unlink resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] getdents64(4, [pid 296] umount2("./420/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] getdents64(4, [pid 299] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] close(4 [pid 297] close(4 [pid 296] newfstatat(AT_FDCWD, "./420/binderfs", [pid 298] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] rmdir("./420/file0" [pid 297] rmdir("./420/file0" [pid 296] unlink("./420/binderfs" [pid 295] getdents64(4, [pid 297] <... rmdir resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 298] getdents64(3, [pid 297] getdents64(3, [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] close(3 [pid 295] close(4 [pid 298] <... close resumed>) = 0 [pid 297] close(3 [pid 298] rmdir("./420" [pid 295] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 297] rmdir("./420" [pid 295] rmdir("./419/file0" [pid 298] mkdir("./421", 0777 [pid 295] <... rmdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 295] getdents64(3, [pid 298] <... mkdir resumed>) = 0 [pid 297] mkdir("./421", 0777 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 297] <... mkdir resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 295] close(3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... close resumed>) = 0 [pid 298] close(3 [pid 297] <... openat resumed>) = 3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] rmdir("./419" [pid 298] <... close resumed>) = 0 [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] newfstatat(AT_FDCWD, "./420/file0", [pid 295] <... rmdir resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] mkdir("./420", 0777 [pid 297] close(3 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10840 [pid 297] <... close resumed>) = 0 [pid 296] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... mkdir resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 10840 attached ) = 3 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10841 [pid 296] openat(AT_FDCWD, "./420/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] ioctl(3, LOOP_CLR_FD [pid 296] <... openat resumed>) = 4 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] newfstatat(4, "", [pid 295] close(3 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... close resumed>) = 0 [pid 296] getdents64(4, [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10842 [pid 296] close(4) = 0 [pid 296] rmdir("./420/file0" [pid 10840] set_robust_list(0x5555557b6760, 24) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./420" [pid 10840] chdir("./421" [pid 296] <... rmdir resumed>) = 0 [pid 296] mkdir("./421", 0777 [pid 10840] <... chdir resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10840] setpgid(0, 0) = 0 [pid 10840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10840] write(3, "1000", 4) = 4 ./strace-static-x86_64: Process 10841 attached [pid 10841] set_robust_list(0x5555557b6760, 24) = 0 [pid 10840] close(3) = 0 [ 149.821020][T10823] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 149.834465][T10821] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10840] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10840] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10840] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10841] chdir("./421") = 0 [pid 10840] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10840] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10841] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10840] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 10842 attached [pid 10841] <... prctl resumed>) = 0 [pid 10841] setpgid(0, 0 [pid 10842] set_robust_list(0x5555557b6760, 24 [pid 10841] <... setpgid resumed>) = 0 [pid 10840] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10842] <... set_robust_list resumed>) = 0 [pid 10841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10840] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10841] <... openat resumed>) = 3 [pid 10842] chdir("./420" [pid 10841] write(3, "1000", 4 [pid 10840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10841] <... write resumed>) = 4 [pid 10841] close(3) = 0 ./strace-static-x86_64: Process 10843 attached [pid 10842] <... chdir resumed>) = 0 [pid 10841] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10842] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10841] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10841] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10840] <... clone3 resumed> => {parent_tid=[10843]}, 88) = 10843 [pid 10843] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10842] <... prctl resumed>) = 0 [pid 10841] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10840] rt_sigprocmask(SIG_SETMASK, [], [pid 10841] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10840] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10841] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10840] <... futex resumed>) = 0 [pid 10841] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10840] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10841] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10844]}, 88) = 10844 [pid 10841] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10841] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10841] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10842] setpgid(0, 0 [pid 10843] <... set_robust_list resumed>) = 0 [pid 10843] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10843] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10843] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10840] <... futex resumed>) = 0 [pid 10843] memfd_create("syzkaller", 0 [pid 10840] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10844 attached [pid 10842] <... setpgid resumed>) = 0 [pid 10840] <... futex resumed>) = 0 [pid 10840] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10843] <... memfd_create resumed>) = 3 [pid 10844] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10842] <... openat resumed>) = 3 [pid 10844] <... set_robust_list resumed>) = 0 [pid 10843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10842] write(3, "1000", 4 [pid 299] <... umount2 resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 10844] rt_sigprocmask(SIG_SETMASK, [], [pid 10843] <... write resumed>) = 1048576 [pid 10842] <... write resumed>) = 4 [pid 299] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] ioctl(3, LOOP_CLR_FD [pid 10844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10842] close(3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10844] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10842] <... close resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./415/file0", [pid 296] close(3 [pid 10844] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10842] symlink("/dev/binderfs", "./binderfs" [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... close resumed>) = 0 [pid 10844] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10842] <... symlink resumed>) = 0 [pid 299] umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10844] <... futex resumed>) = 1 [pid 10842] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10841] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10844] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10842] <... futex resumed>) = 0 [pid 10841] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] openat(AT_FDCWD, "./415/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10842] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10841] <... futex resumed>) = 0 [pid 299] <... openat resumed>) = 4 [pid 10844] memfd_create("syzkaller", 0 [pid 10842] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10841] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 299] newfstatat(4, "", [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10845 ./strace-static-x86_64: Process 10845 attached [pid 10844] <... memfd_create resumed>) = 3 [pid 10843] munmap(0x7fe453fca000, 138412032 [pid 10842] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] getdents64(4, [pid 10844] <... mmap resumed>) = 0x7fe453fca000 [pid 10842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10845] set_robust_list(0x5555557b6760, 24 [pid 10844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10843] <... munmap resumed>) = 0 [pid 10842] <... mmap resumed>) = 0x7fe45c3ca000 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10845] <... set_robust_list resumed>) = 0 [pid 10843] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10842] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 299] getdents64(4, [pid 10845] chdir("./421" [pid 10843] <... openat resumed>) = 4 [pid 10842] <... mprotect resumed>) = 0 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10845] <... chdir resumed>) = 0 [pid 10843] ioctl(4, LOOP_SET_FD, 3 [pid 10842] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] close(4 [pid 10845] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10844] <... write resumed>) = 1048576 [pid 10842] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] <... close resumed>) = 0 [pid 10844] munmap(0x7fe453fca000, 138412032 [pid 10842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10844] <... munmap resumed>) = 0 [pid 10844] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10842] <... clone3 resumed> => {parent_tid=[10846]}, 88) = 10846 [pid 10844] <... openat resumed>) = 4 [pid 10842] rt_sigprocmask(SIG_SETMASK, [], [pid 10844] ioctl(4, LOOP_SET_FD, 3 [pid 10842] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 10846 attached [pid 10845] <... prctl resumed>) = 0 [pid 10843] <... ioctl resumed>) = 0 [pid 10842] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] rmdir("./415/file0" [pid 10846] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10845] setpgid(0, 0 [pid 10843] close(3 [pid 299] <... rmdir resumed>) = 0 [pid 10846] <... set_robust_list resumed>) = 0 [pid 10845] <... setpgid resumed>) = 0 [pid 10843] <... close resumed>) = 0 [pid 299] getdents64(3, [pid 10846] rt_sigprocmask(SIG_SETMASK, [], [pid 10845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10843] close(4 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10845] <... openat resumed>) = 3 [pid 10844] <... ioctl resumed>) = 0 [pid 10842] <... futex resumed>) = 0 [pid 299] close(3 [pid 10844] close(3 [pid 10842] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10844] <... close resumed>) = 0 [pid 10844] close(4 [pid 10846] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10845] write(3, "1000", 4 [pid 299] <... close resumed>) = 0 [pid 10846] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10845] <... write resumed>) = 4 [pid 299] rmdir("./415" [pid 10845] close(3 [pid 10846] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10842] <... futex resumed>) = 0 [pid 10846] memfd_create("syzkaller", 0 [pid 10845] <... close resumed>) = 0 [pid 10842] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... rmdir resumed>) = 0 [pid 10846] <... memfd_create resumed>) = 3 [pid 10842] <... futex resumed>) = 0 [pid 10846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10842] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10846] <... mmap resumed>) = 0x7fe453fca000 [pid 10845] symlink("/dev/binderfs", "./binderfs" [pid 299] mkdir("./416", 0777 [pid 10845] <... symlink resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 10845] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10845] <... futex resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 10845] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 299] ioctl(3, LOOP_CLR_FD [pid 10845] <... rt_sigaction resumed>NULL, 8) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10845] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 299] close(3 [pid 10845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... close resumed>) = 0 [pid 10845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10845] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10845] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10847 [pid 10845] <... mprotect resumed>) = 0 [pid 10845] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10845] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 10847 attached [pid 10846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10845] <... clone3 resumed> => {parent_tid=[10848]}, 88) = 10848 [pid 10845] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10845] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10845] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10848 attached [pid 10848] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10848] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10848] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10845] <... futex resumed>) = 0 [pid 10848] memfd_create("syzkaller", 0 [pid 10845] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10848] <... memfd_create resumed>) = 3 [pid 10845] <... futex resumed>) = 0 [pid 10848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10845] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10848] <... mmap resumed>) = 0x7fe453fca000 [pid 10847] set_robust_list(0x5555557b6760, 24 [pid 10846] <... write resumed>) = 1048576 [pid 10847] <... set_robust_list resumed>) = 0 [pid 10847] chdir("./416" [pid 10846] munmap(0x7fe453fca000, 138412032 [pid 10847] <... chdir resumed>) = 0 [pid 10847] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10846] <... munmap resumed>) = 0 [pid 10847] <... prctl resumed>) = 0 [pid 10847] setpgid(0, 0 [pid 10846] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10847] <... setpgid resumed>) = 0 [pid 10846] <... openat resumed>) = 4 [pid 10847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10846] ioctl(4, LOOP_SET_FD, 3 [pid 10848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10847] <... openat resumed>) = 3 [pid 10847] write(3, "1000", 4) = 4 [pid 10846] <... ioctl resumed>) = 0 [pid 10847] close(3 [pid 10846] close(3 [pid 10847] <... close resumed>) = 0 [pid 10847] symlink("/dev/binderfs", "./binderfs" [pid 10846] <... close resumed>) = 0 [pid 10847] <... symlink resumed>) = 0 [pid 10846] close(4 [pid 10847] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10847] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10847] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10848] <... write resumed>) = 1048576 [pid 10847] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10848] munmap(0x7fe453fca000, 138412032 [pid 10847] <... mprotect resumed>) = 0 [pid 10847] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10849]}, 88) = 10849 ./strace-static-x86_64: Process 10849 attached [pid 10848] <... munmap resumed>) = 0 [pid 10847] rt_sigprocmask(SIG_SETMASK, [], [pid 10849] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10849] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10849] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10848] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10848] ioctl(4, LOOP_SET_FD, 3 [ 149.940749][T10843] loop3: detected capacity change from 0 to 2048 [ 149.944393][T10844] loop2: detected capacity change from 0 to 2048 [ 149.972521][T10846] loop0: detected capacity change from 0 to 2048 [pid 10847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10847] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10847] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10849] <... futex resumed>) = 0 [pid 10849] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10849] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10847] <... futex resumed>) = 0 [pid 10849] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10847] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10849] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10847] <... futex resumed>) = 0 [pid 10848] <... ioctl resumed>) = 0 [pid 10848] close(3) = 0 [pid 10848] close(4 [pid 10847] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10849] memfd_create("syzkaller", 0 [pid 10844] <... close resumed>) = 0 [pid 10843] <... close resumed>) = 0 [pid 10849] <... memfd_create resumed>) = 3 [pid 10849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10846] <... close resumed>) = 0 [pid 10844] mkdir("./file0", 0777 [pid 10843] mkdir("./file0", 0777 [pid 10846] mkdir("./file0", 0777) = 0 [pid 10844] <... mkdir resumed>) = 0 [pid 10846] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10844] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10843] <... mkdir resumed>) = 0 [pid 10849] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10843] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10849] <... write resumed>) = 1048576 [pid 10849] munmap(0x7fe453fca000, 138412032) = 0 [pid 10849] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10849] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10849] close(3) = 0 [pid 10849] close(4 [pid 10846] <... mount resumed>) = 0 [pid 10846] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10846] chdir("./file0") = 0 [pid 10846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10846] ioctl(4, LOOP_CLR_FD) = 0 [pid 10846] close(4) = 0 [pid 10846] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10842] <... futex resumed>) = 0 [pid 10848] <... close resumed>) = 0 [pid 10846] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10842] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10848] mkdir("./file0", 0777) = 0 [pid 10842] <... futex resumed>) = 0 [pid 10848] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10842] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10846] <... openat resumed>) = 4 [pid 10846] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10842] <... futex resumed>) = 0 [pid 10846] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10842] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10846] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10842] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10846] <... write resumed>) = 16 [pid 10842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10846] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10842] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10846] <... futex resumed>) = 0 [pid 10842] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10846] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10842] <... mprotect resumed>) = 0 [pid 10842] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10852]}, 88) = 10852 [pid 10842] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 10852 attached [pid 10842] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10852] set_robust_list(0x7fe45c3c99a0, 24 [pid 10842] <... futex resumed>) = 0 [pid 10852] <... set_robust_list resumed>) = 0 [pid 10842] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10852] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10852] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10852] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10842] <... futex resumed>) = 0 [pid 10852] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10842] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10846] <... futex resumed>) = 0 [pid 10842] <... futex resumed>) = 1 [pid 10846] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10842] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10849] <... close resumed>) = 0 [pid 10846] <... mmap resumed>) = 0x20000000 [pid 10849] mkdir("./file0", 0777 [pid 10846] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10849] <... mkdir resumed>) = 0 [pid 10846] <... futex resumed>) = 1 [pid 10842] <... futex resumed>) = 0 [pid 10846] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10842] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10849] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10842] <... futex resumed>) = 0 [pid 10844] <... mount resumed>) = 0 [ 149.987319][T10848] loop1: detected capacity change from 0 to 2048 [ 150.010797][T10849] loop4: detected capacity change from 0 to 2048 [pid 10842] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10844] chdir("./file0") = 0 [pid 10844] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10844] ioctl(4, LOOP_CLR_FD) = 0 [pid 10844] close(4) = 0 [pid 10844] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10841] <... futex resumed>) = 0 [pid 10844] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10841] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10844] <... futex resumed>) = 0 [pid 10843] <... mount resumed>) = 0 [pid 10841] <... futex resumed>) = 1 [pid 10844] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10841] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10848] <... mount resumed>) = 0 [pid 10844] <... openat resumed>) = 4 [pid 10843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10846] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10844] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10841] <... futex resumed>) = 0 [pid 10844] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10841] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10844] <... write resumed>) = 16 [pid 10841] <... futex resumed>) = 0 [pid 10848] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10846] sendfile(-1, -1, [0] [pid 10843] <... openat resumed>) = 3 [pid 10844] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10841] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10844] <... futex resumed>) = 0 [pid 10841] <... futex resumed>) = 0 [pid 10844] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10841] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10848] <... openat resumed>) = 3 [pid 10843] chdir("./file0" [pid 10848] chdir("./file0" [pid 10843] <... chdir resumed>) = 0 [pid 10841] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10846] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10841] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10848] <... chdir resumed>) = 0 [pid 10843] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10841] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10846] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10848] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10841] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10841] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10859 attached [pid 10848] <... openat resumed>) = 4 [pid 10846] <... futex resumed>) = 1 [pid 10843] <... openat resumed>) = 4 [pid 10842] <... futex resumed>) = 0 [pid 10841] <... clone3 resumed> => {parent_tid=[10859]}, 88) = 10859 [pid 10841] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10841] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10841] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10848] ioctl(4, LOOP_CLR_FD [pid 10843] ioctl(4, LOOP_CLR_FD [pid 10842] exit_group(0 [pid 10846] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10859] set_robust_list(0x7fe45c3c99a0, 24 [pid 10848] <... ioctl resumed>) = 0 [pid 10843] <... ioctl resumed>) = 0 [pid 10852] <... futex resumed>) = ? [pid 10842] <... exit_group resumed>) = ? [pid 10852] +++ exited with 0 +++ [pid 10859] <... set_robust_list resumed>) = 0 [pid 10848] close(4 [pid 10846] <... futex resumed>) = ? [pid 10843] close(4 [pid 10859] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10859] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10848] <... close resumed>) = 0 [pid 10843] <... close resumed>) = 0 [pid 10859] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10841] <... futex resumed>) = 0 [pid 10841] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10844] <... futex resumed>) = 0 [pid 10841] <... futex resumed>) = 1 [pid 10844] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10841] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10846] +++ exited with 0 +++ [pid 10844] <... mmap resumed>) = 0x20000000 [pid 10842] +++ exited with 0 +++ [pid 10848] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10843] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10844] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10841] <... futex resumed>) = 0 [pid 10844] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10841] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10841] <... futex resumed>) = 0 [pid 10848] <... futex resumed>) = 1 [pid 10845] <... futex resumed>) = 0 [pid 10843] <... futex resumed>) = 1 [pid 10841] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10840] <... futex resumed>) = 0 [pid 10848] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10845] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10843] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10840] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10842, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 10848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10845] <... futex resumed>) = 0 [pid 10843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10840] <... futex resumed>) = 0 [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 10848] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10845] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10843] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10840] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... restart_syscall resumed>) = 0 [pid 10859] <... futex resumed>) = 1 [pid 10859] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10844] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 295] umount2("./420", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10848] <... openat resumed>) = 4 [pid 10843] <... openat resumed>) = 4 [pid 10848] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10844] sendfile(-1, -1, [0] [pid 10843] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] openat(AT_FDCWD, "./420", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10848] <... futex resumed>) = 1 [pid 10845] <... futex resumed>) = 0 [pid 10843] <... futex resumed>) = 1 [pid 10840] <... futex resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 10848] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10845] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10843] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10840] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] newfstatat(3, "", [pid 10848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10845] <... futex resumed>) = 0 [pid 10843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10840] <... futex resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10848] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10845] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10843] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10840] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] getdents64(3, [pid 10848] <... write resumed>) = 16 [pid 10845] <... futex resumed>) = 0 [pid 10840] <... futex resumed>) = 0 [pid 10845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10848] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10845] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10843] <... write resumed>) = 16 [pid 10840] <... mmap resumed>) = 0x7fe45c3a9000 [pid 295] umount2("./420/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10848] <... futex resumed>) = 0 [pid 10845] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10843] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10840] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10848] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10845] <... mprotect resumed>) = 0 [pid 10843] <... futex resumed>) = 0 [pid 10840] <... mprotect resumed>) = 0 [pid 295] newfstatat(AT_FDCWD, "./420/binderfs", [pid 10845] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10843] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10840] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10845] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10840] <... rt_sigprocmask resumed>[], 8) = 0 [pid 295] unlink("./420/binderfs" [pid 10845] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 295] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 10860 attached [pid 10845] <... clone3 resumed> => {parent_tid=[10861]}, 88) = 10861 [pid 10844] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10840] <... clone3 resumed> => {parent_tid=[10860]}, 88) = 10860 [pid 10845] rt_sigprocmask(SIG_SETMASK, [], [pid 10840] rt_sigprocmask(SIG_SETMASK, [], [pid 295] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10860] set_robust_list(0x7fe45c3c99a0, 24 [pid 10845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10844] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10840] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 10861 attached [pid 10845] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10844] <... futex resumed>) = 1 [pid 10841] <... futex resumed>) = 0 [pid 10840] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10860] <... set_robust_list resumed>) = 0 [pid 10845] <... futex resumed>) = 0 [pid 10844] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10841] exit_group(0 [pid 10840] <... futex resumed>) = 0 [pid 10861] set_robust_list(0x7fe45c3c99a0, 24 [pid 10860] rt_sigprocmask(SIG_SETMASK, [], [pid 10859] <... futex resumed>) = ? [pid 10845] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10844] <... futex resumed>) = ? [pid 10841] <... exit_group resumed>) = ? [pid 10840] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10859] +++ exited with 0 +++ [pid 10861] <... set_robust_list resumed>) = 0 [pid 10861] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10861] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10861] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10845] <... futex resumed>) = 0 [pid 10845] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10848] <... futex resumed>) = 0 [pid 10845] <... futex resumed>) = 1 [pid 10848] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10845] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10844] +++ exited with 0 +++ [pid 10841] +++ exited with 0 +++ [pid 10848] <... mmap resumed>) = 0x20000000 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10841, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 10848] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 10848] <... futex resumed>) = 1 [pid 10845] <... futex resumed>) = 0 [pid 10848] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10845] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... restart_syscall resumed>) = 0 [pid 10848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10845] <... futex resumed>) = 0 [pid 10861] <... futex resumed>) = 1 [pid 10860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10845] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10860] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10860] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10860] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10861] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] umount2("./421", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./421", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [ 150.035836][T10846] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 150.061047][T10844] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 297] umount2("./421/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./421/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./421/binderfs") = 0 [pid 297] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10840] <... futex resumed>) = 0 [pid 10840] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10840] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10843] <... futex resumed>) = 0 [pid 10843] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10843] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10840] <... futex resumed>) = 0 [pid 10848] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10840] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10848] sendfile(-1, -1, [0] [pid 10840] <... futex resumed>) = 0 [pid 10848] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10848] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10845] <... futex resumed>) = 0 [pid 10848] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10845] exit_group(0 [pid 10861] <... futex resumed>) = ? [pid 10848] <... futex resumed>) = ? [pid 10845] <... exit_group resumed>) = ? [pid 10861] +++ exited with 0 +++ [pid 10848] +++ exited with 0 +++ [pid 10845] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10845, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 296] umount2("./421", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./421", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./421/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./421/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./421/binderfs") = 0 [pid 296] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10840] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10843] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10843] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10843] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10840] <... futex resumed>) = 0 [pid 10840] exit_group(0 [pid 10860] <... futex resumed>) = ? [pid 10840] <... exit_group resumed>) = ? [pid 10860] +++ exited with 0 +++ [pid 10843] +++ exited with 0 +++ [pid 10840] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10840, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./421", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./421", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./421/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./421/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./421/binderfs" [pid 10849] <... mount resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 298] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10849] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10849] chdir("./file0") = 0 [pid 10849] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10849] ioctl(4, LOOP_CLR_FD) = 0 [pid 10849] close(4) = 0 [pid 10849] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10847] <... futex resumed>) = 0 [pid 10849] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10847] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10847] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... umount2 resumed>) = 0 [pid 10849] <... openat resumed>) = 4 [pid 10849] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10847] <... futex resumed>) = 0 [pid 10849] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10847] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10849] <... write resumed>) = 16 [pid 10847] <... futex resumed>) = 0 [pid 10849] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10847] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10849] <... futex resumed>) = 0 [pid 10847] <... futex resumed>) = 0 [pid 10849] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10847] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10847] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10864]}, 88) = 10864 [pid 10847] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10847] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10847] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./420/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./420/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./420/file0") = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./420") = 0 [pid 295] mkdir("./421", 0777./strace-static-x86_64: Process 10864 attached ) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10864] set_robust_list(0x7fe45c3c99a0, 24 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10865 ./strace-static-x86_64: Process 10865 attached [pid 10865] set_robust_list(0x5555557b6760, 24) = 0 [pid 10865] chdir("./421") = 0 [pid 10865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10865] setpgid(0, 0) = 0 [pid 10865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10865] write(3, "1000", 4) = 4 [pid 10865] close(3) = 0 [pid 10864] <... set_robust_list resumed>) = 0 [pid 10865] symlink("/dev/binderfs", "./binderfs" [pid 10864] rt_sigprocmask(SIG_SETMASK, [], [pid 10865] <... symlink resumed>) = 0 [pid 10865] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10865] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10865] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10865] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10865] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10865] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10864] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10865] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10864] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10847] <... futex resumed>) = 0 [pid 10864] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10847] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10849] <... futex resumed>) = 0 [pid 10847] <... futex resumed>) = 1 [pid 10849] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10847] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10849] <... mmap resumed>) = 0x20000000 [pid 10849] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10847] <... futex resumed>) = 0 [pid 10849] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10847] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10849] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10847] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10866 attached [pid 10865] <... clone3 resumed> => {parent_tid=[10866]}, 88) = 10866 [pid 10847] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10865] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10865] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10865] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10866] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10866] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10866] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10866] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10865] <... futex resumed>) = 0 [pid 10865] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10865] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10866] <... futex resumed>) = 1 [pid 10866] memfd_create("syzkaller", 0) = 3 [ 150.086318][T10848] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 150.103462][T10843] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10849] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10866] <... write resumed>) = 1048576 [pid 10849] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10866] munmap(0x7fe453fca000, 138412032 [pid 10849] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10847] <... futex resumed>) = 0 [pid 10849] <... futex resumed>) = 1 [pid 10866] <... munmap resumed>) = 0 [pid 10866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10866] ioctl(4, LOOP_SET_FD, 3 [pid 10849] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10847] exit_group(0 [pid 10864] <... futex resumed>) = ? [pid 10847] <... exit_group resumed>) = ? [pid 10864] +++ exited with 0 +++ [pid 10849] <... futex resumed>) = ? [pid 10849] +++ exited with 0 +++ [pid 10847] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10847, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 297] <... umount2 resumed>) = 0 [pid 299] <... restart_syscall resumed>) = 0 [pid 299] umount2("./416", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./416", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10866] <... ioctl resumed>) = 0 [pid 299] getdents64(3, [pid 297] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./421/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./421/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4 [pid 297] newfstatat(AT_FDCWD, "./421/file0", [pid 296] <... close resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] rmdir("./421/file0" [pid 297] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... rmdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./421/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./421/file0") = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./421" [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 297] rmdir("./421") = 0 [pid 296] mkdir("./422", 0777 [pid 297] mkdir("./422", 0777) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./416/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10868 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10867 [pid 10866] close(3) = 0 [pid 10866] close(4 [pid 298] <... umount2 resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./416/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./416/binderfs") = 0 [pid 299] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10867 attached [pid 10867] set_robust_list(0x5555557b6760, 24) = 0 [pid 10867] chdir("./422") = 0 [pid 10867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10867] setpgid(0, 0) = 0 [pid 10867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10867] write(3, "1000", 4) = 4 [pid 10867] close(3) = 0 [pid 10867] symlink("/dev/binderfs", "./binderfs") = 0 [pid 298] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./421/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10868 attached ) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./421/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", [pid 10868] set_robust_list(0x5555557b6760, 24 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./421/file0") = 0 [pid 298] getdents64(3, [pid 10868] <... set_robust_list resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10868] chdir("./422" [pid 298] close(3 [pid 10868] <... chdir resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 10868] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] rmdir("./421" [pid 10868] <... prctl resumed>) = 0 [pid 10868] setpgid(0, 0 [pid 298] <... rmdir resumed>) = 0 [pid 10868] <... setpgid resumed>) = 0 [pid 10868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] mkdir("./422", 0777 [pid 10868] <... openat resumed>) = 3 [pid 10867] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10868] write(3, "1000", 4 [pid 298] <... openat resumed>) = 3 [pid 10868] <... write resumed>) = 4 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 10868] close(3 [pid 10867] <... futex resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10868] <... close resumed>) = 0 [pid 10868] symlink("/dev/binderfs", "./binderfs" [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10869 ./strace-static-x86_64: Process 10869 attached [pid 10868] <... symlink resumed>) = 0 [pid 10868] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10868] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10868] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10868] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10867] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10869] set_robust_list(0x5555557b6760, 24 [pid 10868] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10867] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10867] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10867] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10869] <... set_robust_list resumed>) = 0 [pid 10868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10867] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10867] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10870]}, 88) = 10870 [pid 10867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10867] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10867] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10870 attached [pid 10868] <... clone3 resumed> => {parent_tid=[10871]}, 88) = 10871 [pid 10870] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10870] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10870] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10870] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10867] <... futex resumed>) = 0 [pid 10867] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10867] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10870] <... futex resumed>) = 1 [pid 10870] memfd_create("syzkaller", 0 [pid 10868] rt_sigprocmask(SIG_SETMASK, [], [pid 10870] <... memfd_create resumed>) = 3 [pid 10870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10868] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10869] chdir("./422" [pid 10868] <... futex resumed>) = 0 [pid 10868] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10871 attached [pid 10869] <... chdir resumed>) = 0 [pid 10869] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10871] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10869] <... prctl resumed>) = 0 [pid 10871] <... set_robust_list resumed>) = 0 [pid 10869] setpgid(0, 0 [pid 10871] rt_sigprocmask(SIG_SETMASK, [], [pid 10869] <... setpgid resumed>) = 0 [pid 10871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10871] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10871] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10869] write(3, "1000", 4 [pid 10871] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10869] <... write resumed>) = 4 [pid 10871] <... futex resumed>) = 1 [pid 10868] <... futex resumed>) = 0 [pid 10869] close(3 [pid 10868] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10869] <... close resumed>) = 0 [pid 10868] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10869] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10871] memfd_create("syzkaller", 0 [pid 10866] <... close resumed>) = 0 [pid 10869] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [ 150.138278][T10849] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 150.155159][T10866] loop0: detected capacity change from 0 to 2048 [pid 10866] mkdir("./file0", 0777 [pid 10871] <... memfd_create resumed>) = 3 [pid 10869] <... futex resumed>) = 0 [pid 10866] <... mkdir resumed>) = 0 [pid 10866] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10869] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10869] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10871] <... mmap resumed>) = 0x7fe453fca000 [pid 10869] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10869] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10869] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10869] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10872]}, 88) = 10872 [pid 10869] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10869] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10869] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 10872 attached [pid 10872] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10872] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10870] <... write resumed>) = 1048576 [pid 10872] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10872] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10869] <... futex resumed>) = 0 [pid 10869] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10872] memfd_create("syzkaller", 0 [pid 10870] munmap(0x7fe453fca000, 138412032 [pid 10869] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10872] <... memfd_create resumed>) = 3 [pid 10872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10870] <... munmap resumed>) = 0 [pid 10871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10872] <... mmap resumed>) = 0x7fe453fca000 [pid 10870] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10870] ioctl(4, LOOP_SET_FD, 3 [pid 10871] <... write resumed>) = 1048576 [pid 299] <... umount2 resumed>) = 0 [pid 10872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10871] munmap(0x7fe453fca000, 138412032 [pid 10870] <... ioctl resumed>) = 0 [pid 299] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./416/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./416/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 10870] close(3 [pid 299] rmdir("./416/file0" [pid 10870] <... close resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 299] getdents64(3, [pid 10870] close(4 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./416") = 0 [pid 10872] <... write resumed>) = 1048576 [pid 299] mkdir("./417", 0777) = 0 [pid 10872] munmap(0x7fe453fca000, 138412032 [pid 10871] <... munmap resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10872] <... munmap resumed>) = 0 [pid 10871] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 10873 attached [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10873 [pid 10873] set_robust_list(0x5555557b6760, 24) = 0 [pid 10872] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10871] <... openat resumed>) = 4 [pid 10872] <... openat resumed>) = 4 [pid 10872] ioctl(4, LOOP_SET_FD, 3 [pid 10873] chdir("./417" [pid 10872] <... ioctl resumed>) = 0 [pid 10871] ioctl(4, LOOP_SET_FD, 3 [pid 10873] <... chdir resumed>) = 0 [pid 10866] <... mount resumed>) = 0 [pid 10866] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10866] chdir("./file0") = 0 [pid 10866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10866] ioctl(4, LOOP_CLR_FD) = 0 [pid 10866] close(4) = 0 [pid 10866] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10865] <... futex resumed>) = 0 [pid 10865] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10865] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10866] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 10866] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10865] <... futex resumed>) = 0 [pid 10865] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10865] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10866] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10865] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10866] <... write resumed>) = 16 [pid 10865] <... mprotect resumed>) = 0 [pid 10866] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10865] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10866] <... futex resumed>) = 0 [pid 10865] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10866] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10865] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10876]}, 88) = 10876 [pid 10865] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10865] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10865] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10876 attached [pid 10876] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10876] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10876] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10876] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10865] <... futex resumed>) = 0 [pid 10865] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10866] <... futex resumed>) = 0 [pid 10865] <... futex resumed>) = 1 [pid 10866] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10865] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10873] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10872] close(3 [pid 10871] <... ioctl resumed>) = 0 [pid 10866] <... mmap resumed>) = 0x20000000 [pid 10876] <... futex resumed>) = 1 [pid 10873] <... prctl resumed>) = 0 [pid 10866] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10865] <... futex resumed>) = 0 [pid 10876] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10873] setpgid(0, 0 [pid 10872] <... close resumed>) = 0 [pid 10871] close(3 [pid 10865] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10873] <... setpgid resumed>) = 0 [pid 10873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10873] write(3, "1000", 4) = 4 [pid 10873] close(3) = 0 [pid 10873] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10873] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10873] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10873] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10873] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10873] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10873] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10877]}, 88) = 10877 [pid 10873] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10873] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10873] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10872] close(4 [pid 10871] <... close resumed>) = 0 [pid 10871] close(4./strace-static-x86_64: Process 10877 attached [pid 10877] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10877] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10877] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10877] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10873] <... futex resumed>) = 0 [pid 10873] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10873] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10877] <... futex resumed>) = 1 [pid 10877] memfd_create("syzkaller", 0 [pid 10865] <... futex resumed>) = 0 [pid 10866] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10865] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10877] <... memfd_create resumed>) = 3 [pid 10866] sendfile(-1, -1, [0] [pid 10877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10866] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10866] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10865] <... futex resumed>) = 0 [pid 10865] exit_group(0 [pid 10876] <... futex resumed>) = ? [pid 10865] <... exit_group resumed>) = ? [pid 10876] +++ exited with 0 +++ [pid 10866] <... futex resumed>) = ? [pid 10870] <... close resumed>) = 0 [pid 10866] +++ exited with 0 +++ [pid 10865] +++ exited with 0 +++ [pid 10870] mkdir("./file0", 0777 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10865, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 10870] <... mkdir resumed>) = 0 [pid 10870] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 295] umount2("./421", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./421", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./421/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./421/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./421/binderfs") = 0 [pid 295] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10877] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10877] munmap(0x7fe453fca000, 138412032) = 0 [pid 10877] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 150.219489][T10870] loop2: detected capacity change from 0 to 2048 [ 150.238469][T10872] loop3: detected capacity change from 0 to 2048 [ 150.245464][T10871] loop1: detected capacity change from 0 to 2048 [ 150.252650][T10866] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10877] ioctl(4, LOOP_SET_FD, 3 [pid 10872] <... close resumed>) = 0 [pid 10871] <... close resumed>) = 0 [pid 10872] mkdir("./file0", 0777 [pid 10871] mkdir("./file0", 0777 [pid 295] <... umount2 resumed>) = 0 [pid 10877] <... ioctl resumed>) = 0 [pid 10877] close(3) = 0 [pid 10877] close(4 [pid 10871] <... mkdir resumed>) = 0 [pid 10872] <... mkdir resumed>) = 0 [pid 10871] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 295] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10872] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./421/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./421/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./421/file0") = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./421") = 0 [pid 295] mkdir("./422", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10878 ./strace-static-x86_64: Process 10878 attached [pid 10878] set_robust_list(0x5555557b6760, 24 [pid 10877] <... close resumed>) = 0 [pid 10877] mkdir("./file0", 0777) = 0 [pid 10877] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10878] <... set_robust_list resumed>) = 0 [pid 10872] <... mount resumed>) = 0 [pid 10871] <... mount resumed>) = 0 [pid 10871] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10872] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10878] chdir("./422" [pid 10871] <... openat resumed>) = 3 [pid 10872] <... openat resumed>) = 3 [pid 10872] chdir("./file0" [pid 10871] chdir("./file0" [pid 10878] <... chdir resumed>) = 0 [pid 10878] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10872] <... chdir resumed>) = 0 [pid 10871] <... chdir resumed>) = 0 [pid 10878] <... prctl resumed>) = 0 [pid 10872] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10871] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10872] <... openat resumed>) = 4 [pid 10871] <... openat resumed>) = 4 [pid 10872] ioctl(4, LOOP_CLR_FD [pid 10878] setpgid(0, 0 [pid 10872] <... ioctl resumed>) = 0 [pid 10871] ioctl(4, LOOP_CLR_FD [pid 10878] <... setpgid resumed>) = 0 [pid 10872] close(4 [pid 10871] <... ioctl resumed>) = 0 [pid 10872] <... close resumed>) = 0 [pid 10871] close(4 [pid 10878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10872] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10871] <... close resumed>) = 0 [pid 10871] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10872] <... futex resumed>) = 1 [pid 10869] <... futex resumed>) = 0 [pid 10872] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10871] <... futex resumed>) = 1 [pid 10868] <... futex resumed>) = 0 [pid 10878] <... openat resumed>) = 3 [pid 10869] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10868] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10878] write(3, "1000", 4 [pid 10872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10871] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10869] <... futex resumed>) = 0 [pid 10868] <... futex resumed>) = 0 [pid 10869] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10868] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10872] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10871] <... openat resumed>) = 4 [pid 10872] <... openat resumed>) = 4 [pid 10878] <... write resumed>) = 4 [pid 10871] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10872] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10871] <... futex resumed>) = 1 [pid 10868] <... futex resumed>) = 0 [pid 10878] close(3 [pid 10868] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10872] <... futex resumed>) = 1 [pid 10869] <... futex resumed>) = 0 [pid 10868] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10878] <... close resumed>) = 0 [pid 10872] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10871] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10869] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10868] <... futex resumed>) = 0 [pid 10878] symlink("/dev/binderfs", "./binderfs" [pid 10869] <... futex resumed>) = 0 [pid 10872] <... write resumed>) = 16 [pid 10868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10869] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10871] <... write resumed>) = 16 [pid 10869] <... futex resumed>) = 0 [pid 10868] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10878] <... symlink resumed>) = 0 [pid 10869] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10872] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10868] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10871] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10878] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10869] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10878] <... futex resumed>) = 0 [pid 10872] <... futex resumed>) = 0 [pid 10871] <... futex resumed>) = 0 [pid 10869] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10868] <... mprotect resumed>) = 0 [pid 10869] <... mprotect resumed>) = 0 [pid 10872] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10868] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10869] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10878] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10871] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10869] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10868] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10869] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10878] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10883 attached [pid 10878] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10869] <... clone3 resumed> => {parent_tid=[10883]}, 88) = 10883 [pid 10868] <... clone3 resumed> => {parent_tid=[10886]}, 88) = 10886 [pid 10869] rt_sigprocmask(SIG_SETMASK, [], [pid 10868] rt_sigprocmask(SIG_SETMASK, [], [pid 10869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10869] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10868] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10869] <... futex resumed>) = 0 [pid 10868] <... futex resumed>) = 0 [pid 10869] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10868] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10883] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10883] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10883] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10878] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10883] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10883] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10878] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10869] <... futex resumed>) = 0 [pid 10878] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10869] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10887 attached [pid 10872] <... futex resumed>) = 0 [pid 10869] <... futex resumed>) = 1 [pid 10878] <... clone3 resumed> => {parent_tid=[10887]}, 88) = 10887 [pid 10872] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10869] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10887] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10878] rt_sigprocmask(SIG_SETMASK, [], [pid 10872] <... mmap resumed>) = 0x20000000 [pid 10878] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 150.285425][T10877] loop4: detected capacity change from 0 to 2048 [pid 10878] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10872] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10878] <... futex resumed>) = 0 [pid 10872] <... futex resumed>) = 1 [pid 10869] <... futex resumed>) = 0 [pid 10878] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10872] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 10869] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10887] <... set_robust_list resumed>) = 0 [pid 10887] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10869] <... futex resumed>) = 0 [pid 10887] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10887] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10887] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10878] <... futex resumed>) = 0 [pid 10869] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10878] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10887] <... futex resumed>) = 0 [pid 10887] memfd_create("syzkaller", 0 [pid 10878] <... futex resumed>) = 1 [pid 10887] <... memfd_create resumed>) = 3 [pid 10878] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 10886 attached [pid 10886] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10886] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 150.325235][T10872] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10886] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10886] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10868] <... futex resumed>) = 0 [pid 10886] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10868] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10868] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10871] <... futex resumed>) = 0 [pid 10871] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10871] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10868] <... futex resumed>) = 0 [pid 10871] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10868] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10868] <... futex resumed>) = 0 [pid 10872] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10872] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10872] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10872] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10887] <... write resumed>) = 1048576 [pid 10887] munmap(0x7fe453fca000, 138412032) = 0 [pid 10887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10887] ioctl(4, LOOP_SET_FD, 3 [pid 10877] <... mount resumed>) = 0 [pid 10869] <... futex resumed>) = 0 [pid 10868] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10877] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10869] exit_group(0 [pid 10877] <... openat resumed>) = 3 [pid 10883] <... futex resumed>) = ? [pid 10872] <... futex resumed>) = ? [pid 10869] <... exit_group resumed>) = ? [pid 10883] +++ exited with 0 +++ [pid 10877] chdir("./file0" [pid 10872] +++ exited with 0 +++ [pid 10887] <... ioctl resumed>) = 0 [pid 10887] close(3) = 0 [pid 10887] close(4 [pid 10869] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10869, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 10877] <... chdir resumed>) = 0 [pid 10877] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10877] ioctl(4, LOOP_CLR_FD [pid 10871] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10877] <... ioctl resumed>) = 0 [pid 10877] close(4 [pid 10871] sendfile(-1, -1, [0] [pid 10877] <... close resumed>) = 0 [pid 10877] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10873] <... futex resumed>) = 0 [pid 10877] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10873] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10871] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10873] <... futex resumed>) = 0 [pid 10877] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10873] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10871] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./422", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10877] <... openat resumed>) = 4 [pid 10868] <... futex resumed>) = 0 [pid 10877] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10868] exit_group(0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10886] <... futex resumed>) = ? [pid 10877] <... futex resumed>) = 1 [pid 10873] <... futex resumed>) = 0 [pid 10868] <... exit_group resumed>) = ? [pid 298] openat(AT_FDCWD, "./422", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10871] <... futex resumed>) = ? [pid 10886] +++ exited with 0 +++ [pid 10873] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10873] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... openat resumed>) = 3 [pid 10873] <... futex resumed>) = 0 [pid 298] newfstatat(3, "", [pid 10877] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10877] <... write resumed>) = 16 [pid 10873] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10877] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10873] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 298] getdents64(3, [pid 10877] <... futex resumed>) = 0 [pid 10873] <... mprotect resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10877] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10873] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] umount2("./422/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10873] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10873] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 298] newfstatat(AT_FDCWD, "./422/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10873] <... clone3 resumed> => {parent_tid=[10890]}, 88) = 10890 [pid 298] unlink("./422/binderfs" [pid 10873] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... unlink resumed>) = 0 [pid 10873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10873] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10873] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10890 attached [pid 10890] set_robust_list(0x7fe45c3c99a0, 24 [pid 10871] +++ exited with 0 +++ [pid 10868] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10868, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 10890] <... set_robust_list resumed>) = 0 [pid 10890] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10890] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10890] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10873] <... futex resumed>) = 0 [pid 10890] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10873] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... restart_syscall resumed>) = 0 [pid 10877] <... futex resumed>) = 0 [pid 10873] <... futex resumed>) = 1 [pid 10877] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10873] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10877] <... mmap resumed>) = 0x20000000 [pid 10877] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./422", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10877] <... futex resumed>) = 1 [pid 10873] <... futex resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10873] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] openat(AT_FDCWD, "./422", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10873] <... futex resumed>) = 0 [pid 10873] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... openat resumed>) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./422/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./422/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./422/binderfs") = 0 [pid 296] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10870] <... mount resumed>) = 0 [pid 10870] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10870] chdir("./file0") = 0 [pid 10870] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10870] ioctl(4, LOOP_CLR_FD) = 0 [pid 10870] close(4) = 0 [pid 10870] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10867] <... futex resumed>) = 0 [pid 10870] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10867] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10870] <... openat resumed>) = 4 [pid 10867] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10877] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10877] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10877] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10873] <... futex resumed>) = 0 [pid 10873] exit_group(0) = ? [pid 10870] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10890] <... futex resumed>) = ? [pid 10877] <... futex resumed>) = ? [pid 10870] <... futex resumed>) = 1 [pid 10867] <... futex resumed>) = 0 [pid 10890] +++ exited with 0 +++ [pid 10867] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10870] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10867] <... futex resumed>) = 0 [pid 10870] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10867] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10870] <... futex resumed>) = 0 [pid 10867] <... futex resumed>) = 0 [pid 10867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10870] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10867] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10867] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10867] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10867] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10891]}, 88) = 10891 [pid 10867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10867] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 10891 attached [pid 10867] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10891] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10891] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10891] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10877] +++ exited with 0 +++ [pid 10873] +++ exited with 0 +++ [pid 10891] <... write resumed>) = 16 [pid 10891] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10873, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 10867] <... futex resumed>) = 0 [pid 10867] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... restart_syscall resumed>) = 0 [pid 10870] <... futex resumed>) = 0 [pid 10867] <... futex resumed>) = 1 [pid 10870] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10867] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10870] <... mmap resumed>) = 0x20000000 [pid 299] umount2("./417", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10870] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10870] <... futex resumed>) = 1 [pid 10867] <... futex resumed>) = 0 [pid 299] openat(AT_FDCWD, "./417", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10891] <... futex resumed>) = 1 [pid 10870] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10867] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 3 [pid 10891] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10870] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 150.363591][T10871] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 150.368083][T10887] loop0: detected capacity change from 0 to 2048 [ 150.393343][T10877] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10867] <... futex resumed>) = 0 [pid 299] newfstatat(3, "", [pid 10867] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./417/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./417/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./417/binderfs") = 0 [pid 299] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10870] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10870] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10870] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10867] <... futex resumed>) = 0 [pid 10870] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10867] exit_group(0 [pid 10891] <... futex resumed>) = ? [pid 10870] <... futex resumed>) = ? [pid 10867] <... exit_group resumed>) = ? [pid 10891] +++ exited with 0 +++ [pid 10870] +++ exited with 0 +++ [pid 10867] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10867, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./422", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./422", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./422/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./422/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./422/binderfs") = 0 [pid 297] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10887] <... close resumed>) = 0 [pid 10887] mkdir("./file0", 0777) = 0 [pid 10887] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 298] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./422/file0", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] newfstatat(AT_FDCWD, "./422/file0", [pid 298] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] openat(AT_FDCWD, "./422/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(4, "", [pid 296] openat(AT_FDCWD, "./422/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 296] <... openat resumed>) = 4 [pid 296] newfstatat(4, "", [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] getdents64(4, [pid 298] close(4) = 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] rmdir("./422/file0") = 0 [pid 296] getdents64(4, [pid 298] getdents64(3, [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(4 [pid 298] close(3 [pid 296] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 296] rmdir("./422/file0" [pid 298] rmdir("./422") = 0 [pid 296] <... rmdir resumed>) = 0 [pid 298] mkdir("./423", 0777) = 0 [pid 296] getdents64(3, [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10892 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./422") = 0 [pid 296] mkdir("./423", 0777 [pid 299] <... umount2 resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 10892 attached [pid 299] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10892] set_robust_list(0x5555557b6760, 24 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... openat resumed>) = 3 [pid 10892] <... set_robust_list resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./417/file0", [pid 296] ioctl(3, LOOP_CLR_FD [pid 10892] chdir("./423" [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10892] <... chdir resumed>) = 0 [pid 296] close(3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10892] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] openat(AT_FDCWD, "./417/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... close resumed>) = 0 [pid 10892] <... prctl resumed>) = 0 [pid 299] <... openat resumed>) = 4 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] newfstatat(4, "", [pid 10892] setpgid(0, 0) = 0 [pid 10892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10893 [pid 299] getdents64(4, [pid 10892] write(3, "1000", 4 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, [pid 10892] <... write resumed>) = 4 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10892] close(3 [pid 299] close(4 [pid 10892] <... close resumed>) = 0 [pid 10892] symlink("/dev/binderfs", "./binderfs" [pid 299] <... close resumed>) = 0 [pid 10892] <... symlink resumed>) = 0 [pid 299] rmdir("./417/file0"./strace-static-x86_64: Process 10893 attached [pid 10893] set_robust_list(0x5555557b6760, 24) = 0 [pid 10893] chdir("./423") = 0 [pid 10893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 10892] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] getdents64(3, [pid 10893] setpgid(0, 0 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10892] <... futex resumed>) = 0 [pid 299] close(3 [pid 10892] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 299] <... close resumed>) = 0 [pid 10893] <... setpgid resumed>) = 0 [pid 299] rmdir("./417" [pid 10892] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10892] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 10893] write(3, "1000", 4 [pid 10892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] mkdir("./418", 0777 [pid 10893] <... write resumed>) = 4 [pid 10893] close(3) = 0 [pid 10893] symlink("/dev/binderfs", "./binderfs") = 0 [pid 299] <... mkdir resumed>) = 0 [pid 10892] <... mmap resumed>) = 0x7fe45c3ca000 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10893] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 3 [pid 10892] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 299] ioctl(3, LOOP_CLR_FD [pid 10893] <... futex resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10892] <... mprotect resumed>) = 0 [pid 299] close(3 [pid 10893] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 299] <... close resumed>) = 0 [pid 10893] <... rt_sigaction resumed>NULL, 8) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10893] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10893] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10893] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10892] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10894 [pid 10892] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 10895 attached ./strace-static-x86_64: Process 10894 attached [pid 10893] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10895] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10894] set_robust_list(0x5555557b6760, 24 [pid 10893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10895] <... set_robust_list resumed>) = 0 [pid 10894] <... set_robust_list resumed>) = 0 [pid 10895] rt_sigprocmask(SIG_SETMASK, [], [pid 10894] chdir("./418" [pid 10893] <... clone3 resumed> => {parent_tid=[10896]}, 88) = 10896 [pid 10895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10894] <... chdir resumed>) = 0 [pid 10893] rt_sigprocmask(SIG_SETMASK, [], [pid 10895] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10894] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10894] <... prctl resumed>) = 0 [pid 10893] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10894] setpgid(0, 0 [pid 10893] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 10896 attached [pid 10894] <... setpgid resumed>) = 0 [pid 10893] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10892] <... clone3 resumed> => {parent_tid=[10895]}, 88) = 10895 [pid 297] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10892] rt_sigprocmask(SIG_SETMASK, [], [pid 10894] <... openat resumed>) = 3 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10892] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10894] write(3, "1000", 4 [pid 297] newfstatat(AT_FDCWD, "./422/file0", [pid 10894] <... write resumed>) = 4 [pid 10892] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10894] close(3 [pid 297] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10892] <... futex resumed>) = 1 [pid 10894] <... close resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10894] symlink("/dev/binderfs", "./binderfs" [pid 297] openat(AT_FDCWD, "./422/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10894] <... symlink resumed>) = 0 [pid 10892] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10894] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... openat resumed>) = 4 [pid 10894] <... futex resumed>) = 0 [pid 297] newfstatat(4, "", [pid 10894] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10894] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 297] getdents64(4, [pid 10894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10894] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 297] getdents64(4, [pid 10894] <... mprotect resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10896] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10895] <... futex resumed>) = 0 [pid 10894] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10894] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 297] close(4 [pid 10896] <... set_robust_list resumed>) = 0 [pid 10895] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10894] <... clone3 resumed> => {parent_tid=[10897]}, 88) = 10897 [pid 297] <... close resumed>) = 0 [pid 10894] rt_sigprocmask(SIG_SETMASK, [], [pid 297] rmdir("./422/file0" [pid 10894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10894] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10894] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10897 attached [pid 10897] set_robust_list(0x7fe45c3ea9a0, 24 [pid 297] <... rmdir resumed>) = 0 [pid 297] getdents64(3, [pid 10897] <... set_robust_list resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3 [pid 10897] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... close resumed>) = 0 [pid 10897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] rmdir("./422" [pid 10897] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10897] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10894] <... futex resumed>) = 0 [ 150.418645][T10870] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10894] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10896] rt_sigprocmask(SIG_SETMASK, [], [pid 10895] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 297] <... rmdir resumed>) = 0 [pid 297] mkdir("./423", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10898 [pid 10895] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10892] <... futex resumed>) = 0 [pid 10892] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10892] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10895] <... futex resumed>) = 1 [pid 10895] memfd_create("syzkaller", 0) = 3 [pid 10895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10894] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10897] <... futex resumed>) = 1 [pid 10896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10897] memfd_create("syzkaller", 0 [pid 10896] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10897] <... memfd_create resumed>) = 3 [pid 10896] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10896] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10897] <... mmap resumed>) = 0x7fe453fca000 [pid 10896] <... futex resumed>) = 1 [pid 10896] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10893] <... futex resumed>) = 0 [pid 10893] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10896] <... futex resumed>) = 0 [pid 10893] <... futex resumed>) = 1 [pid 10896] memfd_create("syzkaller", 0 [pid 10893] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10896] <... memfd_create resumed>) = 3 [pid 10896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 10898 attached ) = 0x7fe453fca000 [pid 10898] set_robust_list(0x5555557b6760, 24) = 0 [pid 10898] chdir("./423" [pid 10895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10898] <... chdir resumed>) = 0 [pid 10898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10898] setpgid(0, 0) = 0 [pid 10898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10898] write(3, "1000", 4) = 4 [pid 10898] close(3) = 0 [pid 10898] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10898] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10898] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10898] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10898] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10898] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10895] <... write resumed>) = 1048576 [pid 10898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10896] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10898] <... clone3 resumed> => {parent_tid=[10901]}, 88) = 10901 [pid 10898] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10898] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 10901 attached [pid 10898] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10895] munmap(0x7fe453fca000, 138412032 [pid 10901] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10895] <... munmap resumed>) = 0 [pid 10887] <... mount resumed>) = 0 [pid 10901] <... set_robust_list resumed>) = 0 [pid 10897] <... write resumed>) = 1048576 [pid 10895] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10887] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10901] rt_sigprocmask(SIG_SETMASK, [], [pid 10897] munmap(0x7fe453fca000, 138412032 [pid 10895] <... openat resumed>) = 4 [pid 10887] <... openat resumed>) = 3 [pid 10901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10897] <... munmap resumed>) = 0 [pid 10895] ioctl(4, LOOP_SET_FD, 3 [pid 10887] chdir("./file0" [pid 10901] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10887] <... chdir resumed>) = 0 [pid 10887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10887] ioctl(4, LOOP_CLR_FD) = 0 [pid 10887] close(4) = 0 [pid 10901] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10897] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10895] <... ioctl resumed>) = 0 [pid 10887] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10901] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10897] <... openat resumed>) = 4 [pid 10896] <... write resumed>) = 1048576 [pid 10895] close(3 [pid 10887] <... futex resumed>) = 1 [pid 10878] <... futex resumed>) = 0 [pid 10901] <... futex resumed>) = 1 [pid 10898] <... futex resumed>) = 0 [pid 10897] ioctl(4, LOOP_SET_FD, 3 [pid 10896] munmap(0x7fe453fca000, 138412032 [pid 10895] <... close resumed>) = 0 [pid 10887] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10878] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10901] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10898] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10878] <... futex resumed>) = 0 [pid 10898] <... futex resumed>) = 0 [pid 10887] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10878] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10898] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10887] <... openat resumed>) = 4 [pid 10887] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10878] <... futex resumed>) = 0 [pid 10887] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10878] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10878] <... futex resumed>) = 0 [pid 10887] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10878] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10887] <... write resumed>) = 16 [pid 10878] <... futex resumed>) = 0 [pid 10901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10897] <... ioctl resumed>) = 0 [pid 10895] close(4 [pid 10887] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10901] memfd_create("syzkaller", 0 [pid 10897] close(3 [pid 10896] <... munmap resumed>) = 0 [pid 10895] <... close resumed>) = 0 [pid 10887] <... futex resumed>) = 0 [pid 10878] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10897] <... close resumed>) = 0 [pid 10896] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10895] mkdir("./file0", 0777 [pid 10887] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10901] <... memfd_create resumed>) = 3 [pid 10897] close(4 [pid 10896] <... openat resumed>) = 4 [pid 10895] <... mkdir resumed>) = 0 [pid 10878] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10896] ioctl(4, LOOP_SET_FD, 3 [pid 10895] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10878] <... mprotect resumed>) = 0 [pid 10901] <... mmap resumed>) = 0x7fe453fca000 [pid 10878] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10896] <... ioctl resumed>) = 0 [pid 10878] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10896] close(3 [pid 10878] <... clone3 resumed> => {parent_tid=[10902]}, 88) = 10902 [pid 10878] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10878] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10896] <... close resumed>) = 0 [pid 10878] <... futex resumed>) = 0 [pid 10896] close(4 [pid 10878] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10902 attached [pid 10902] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10902] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10895] <... mount resumed>) = 0 [pid 10895] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10895] chdir("./file0") = 0 [pid 10895] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10895] ioctl(4, LOOP_CLR_FD) = 0 [pid 10895] close(4) = 0 [pid 10895] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10892] <... futex resumed>) = 0 [pid 10895] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10892] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10892] <... futex resumed>) = 0 [pid 10895] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10892] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10902] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10895] <... openat resumed>) = 4 [pid 10895] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10892] <... futex resumed>) = 0 [pid 10895] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10892] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10892] <... futex resumed>) = 0 [pid 10895] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10892] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10895] <... write resumed>) = 16 [pid 10892] <... futex resumed>) = 0 [pid 10895] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10895] <... futex resumed>) = 0 [pid 10892] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10895] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10892] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10905]}, 88) = 10905 [pid 10892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10892] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10892] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10905 attached [pid 10905] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10905] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10905] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10905] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10892] <... futex resumed>) = 0 [pid 10892] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10895] <... futex resumed>) = 0 [pid 10892] <... futex resumed>) = 1 [pid 10895] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10892] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10895] <... mmap resumed>) = 0x20000000 [pid 10895] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10892] <... futex resumed>) = 0 [pid 10905] <... futex resumed>) = 1 [pid 10902] <... write resumed>) = 16 [pid 10901] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10892] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10902] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10878] <... futex resumed>) = 0 [pid 10902] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10878] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10887] <... futex resumed>) = 0 [pid 10878] <... futex resumed>) = 1 [pid 10887] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10878] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10887] <... mmap resumed>) = 0x20000000 [pid 10887] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10878] <... futex resumed>) = 0 [pid 10887] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 150.552517][T10895] loop3: detected capacity change from 0 to 2048 [ 150.563825][T10897] loop4: detected capacity change from 0 to 2048 [ 150.573096][T10896] loop1: detected capacity change from 0 to 2048 [pid 10878] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10878] <... futex resumed>) = 0 [pid 10905] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10901] <... write resumed>) = 1048576 [pid 10895] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10892] <... futex resumed>) = 0 [pid 10895] sendfile(-1, -1, [0] [pid 10892] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10895] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10895] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10892] <... futex resumed>) = 0 [pid 10895] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10892] exit_group(0 [pid 10905] <... futex resumed>) = ? [pid 10895] <... futex resumed>) = ? [pid 10892] <... exit_group resumed>) = ? [pid 10905] +++ exited with 0 +++ [pid 10895] +++ exited with 0 +++ [pid 10892] +++ exited with 0 +++ [pid 10901] munmap(0x7fe453fca000, 138412032) = 0 [pid 10901] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10901] ioctl(4, LOOP_SET_FD, 3 [pid 10887] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10878] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10892, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 298] umount2("./423", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./423", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./423/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./423/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./423/binderfs") = 0 [pid 298] umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10887] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10887] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10878] <... futex resumed>) = 0 [pid 10878] exit_group(0 [pid 10902] <... futex resumed>) = ? [pid 10878] <... exit_group resumed>) = ? [pid 10902] +++ exited with 0 +++ [pid 10901] <... ioctl resumed>) = 0 [pid 10897] <... close resumed>) = 0 [pid 10896] <... close resumed>) = 0 [pid 10887] <... futex resumed>) = ? [pid 10897] mkdir("./file0", 0777 [pid 10896] mkdir("./file0", 0777 [pid 10897] <... mkdir resumed>) = 0 [pid 10896] <... mkdir resumed>) = 0 [pid 10897] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10896] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10901] close(3 [pid 10887] +++ exited with 0 +++ [pid 10878] +++ exited with 0 +++ [pid 10901] <... close resumed>) = 0 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10878, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./422", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./422", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./422/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./422/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./422/binderfs") = 0 [pid 295] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10901] close(4 [pid 10896] <... mount resumed>) = 0 [pid 10896] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10896] chdir("./file0") = 0 [pid 10896] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10896] ioctl(4, LOOP_CLR_FD) = 0 [pid 10896] close(4) = 0 [pid 10896] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10893] <... futex resumed>) = 0 [pid 10896] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10893] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10893] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10896] <... openat resumed>) = 4 [pid 10896] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10893] <... futex resumed>) = 0 [pid 10896] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10893] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10896] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10893] <... futex resumed>) = 0 [pid 10896] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10893] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10896] <... write resumed>) = 16 [pid 10893] <... futex resumed>) = 0 [pid 10893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10896] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10893] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10896] <... futex resumed>) = 0 [pid 10893] <... mprotect resumed>) = 0 [pid 10896] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10893] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10908 attached [pid 10908] set_robust_list(0x7fe45c3c99a0, 24 [pid 10893] <... clone3 resumed> => {parent_tid=[10908]}, 88) = 10908 [pid 10908] <... set_robust_list resumed>) = 0 [pid 10893] rt_sigprocmask(SIG_SETMASK, [], [pid 10908] rt_sigprocmask(SIG_SETMASK, [], [pid 10893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10893] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10908] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10893] <... futex resumed>) = 0 [pid 10893] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10908] <... write resumed>) = 16 [pid 10908] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10893] <... futex resumed>) = 0 [pid 10908] <... futex resumed>) = 1 [pid 10893] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10908] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10896] <... futex resumed>) = 0 [pid 10893] <... futex resumed>) = 1 [pid 10896] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10893] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10896] <... mmap resumed>) = 0x20000000 [pid 10896] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10893] <... futex resumed>) = 0 [pid 10893] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 150.588646][T10895] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 150.595854][T10887] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 150.610034][T10901] loop2: detected capacity change from 0 to 2048 [pid 10893] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10901] <... close resumed>) = 0 [pid 10897] <... mount resumed>) = 0 [pid 10896] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 298] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 10901] mkdir("./file0", 0777 [pid 10896] sendfile(-1, -1, [0] [pid 10901] <... mkdir resumed>) = 0 [pid 10897] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10901] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10897] <... openat resumed>) = 3 [pid 10896] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10897] chdir("./file0" [pid 10896] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10897] <... chdir resumed>) = 0 [pid 10896] <... futex resumed>) = 1 [pid 10893] <... futex resumed>) = 0 [pid 10897] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10896] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10893] exit_group(0 [pid 298] newfstatat(AT_FDCWD, "./423/file0", [pid 295] newfstatat(AT_FDCWD, "./422/file0", [pid 10908] <... futex resumed>) = ? [pid 10897] <... openat resumed>) = 4 [pid 10896] <... futex resumed>) = ? [pid 10893] <... exit_group resumed>) = ? [pid 10908] +++ exited with 0 +++ [pid 10897] ioctl(4, LOOP_CLR_FD [pid 10896] +++ exited with 0 +++ [pid 10893] +++ exited with 0 +++ [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10897] <... ioctl resumed>) = 0 [pid 298] umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10893, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10897] close(4 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10897] <... close resumed>) = 0 [pid 298] openat(AT_FDCWD, "./423/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] openat(AT_FDCWD, "./422/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10897] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... openat resumed>) = 4 [pid 295] <... openat resumed>) = 4 [pid 10897] <... futex resumed>) = 1 [pid 10894] <... futex resumed>) = 0 [pid 298] newfstatat(4, "", [pid 296] umount2("./423", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] newfstatat(4, "", [pid 10897] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10894] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10894] <... futex resumed>) = 0 [pid 298] getdents64(4, [pid 296] openat(AT_FDCWD, "./423", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] getdents64(4, [pid 10897] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10894] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] <... openat resumed>) = 3 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, [pid 295] getdents64(4, [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10897] <... openat resumed>) = 4 [pid 298] close(4 [pid 296] newfstatat(3, "", [pid 295] close(4 [pid 10897] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... close resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... close resumed>) = 0 [pid 10897] <... futex resumed>) = 1 [pid 10894] <... futex resumed>) = 0 [pid 298] rmdir("./423/file0" [pid 296] getdents64(3, [pid 295] rmdir("./422/file0" [pid 10897] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10894] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... rmdir resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] <... rmdir resumed>) = 0 [pid 10897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10894] <... futex resumed>) = 0 [pid 298] getdents64(3, [pid 296] umount2("./423/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] getdents64(3, [pid 10897] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10894] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10897] <... write resumed>) = 16 [pid 10894] <... futex resumed>) = 0 [pid 298] close(3 [pid 296] newfstatat(AT_FDCWD, "./423/binderfs", [pid 295] close(3 [pid 10897] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... close resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... close resumed>) = 0 [pid 10897] <... futex resumed>) = 0 [pid 10894] <... mmap resumed>) = 0x7fe45c3a9000 [pid 298] rmdir("./423" [pid 296] unlink("./423/binderfs" [pid 295] rmdir("./422" [pid 10897] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10894] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 298] <... rmdir resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 10894] <... mprotect resumed>) = 0 [pid 298] mkdir("./424", 0777 [pid 296] umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] mkdir("./423", 0777 [pid 10894] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] <... mkdir resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 10894] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10894] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10913 attached => {parent_tid=[10913]}, 88) = 10913 [pid 10894] rt_sigprocmask(SIG_SETMASK, [], [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10894] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 10913] set_robust_list(0x7fe45c3c99a0, 24 [pid 10894] <... futex resumed>) = 0 [pid 10894] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] ioctl(3, LOOP_CLR_FD [pid 10913] <... set_robust_list resumed>) = 0 [pid 10913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10913] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 298] ioctl(3, LOOP_CLR_FD [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] close(3 [pid 298] close(3) = 0 [pid 295] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10913] <... write resumed>) = 16 [pid 10913] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 10914 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10915 [pid 10913] <... futex resumed>) = 1 [pid 10894] <... futex resumed>) = 0 [pid 10913] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 150.640767][T10896] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10894] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10897] <... futex resumed>) = 0 [pid 10894] <... futex resumed>) = 1 [pid 10897] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10894] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10897] <... mmap resumed>) = 0x20000000 [pid 10897] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10914 attached ) = 1 [pid 10894] <... futex resumed>) = 0 [pid 10914] set_robust_list(0x5555557b6760, 24) = 0 [pid 10901] <... mount resumed>) = 0 [pid 10894] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10914] chdir("./423") = 0 [pid 10914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10914] setpgid(0, 0) = 0 [pid 10914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10914] write(3, "1000", 4) = 4 [pid 10914] close(3) = 0 [pid 10914] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10914] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10914] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10914] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10914] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10916]}, 88) = 10916 [pid 10914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10914] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10914] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10916 attached [pid 10916] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10916] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10916] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10916] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10914] <... futex resumed>) = 0 [pid 10914] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10914] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10916] <... futex resumed>) = 1 [pid 10916] memfd_create("syzkaller", 0) = 3 [pid 10916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10894] <... futex resumed>) = 0 [pid 10901] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10894] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10901] <... openat resumed>) = 3 [pid 10901] chdir("./file0") = 0 [pid 10901] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10901] ioctl(4, LOOP_CLR_FD) = 0 [pid 10901] close(4) = 0 [pid 10901] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10898] <... futex resumed>) = 0 [pid 10901] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10898] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10898] <... futex resumed>) = 0 [pid 10901] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10898] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10901] <... openat resumed>) = 4 [pid 10901] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10898] <... futex resumed>) = 0 [pid 10901] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10898] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10898] <... futex resumed>) = 0 [pid 10901] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10898] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10901] <... write resumed>) = 16 [pid 10898] <... futex resumed>) = 0 [pid 10901] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10901] <... futex resumed>) = 0 [pid 10901] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10898] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10898] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10898] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10917]}, 88) = 10917 [pid 10898] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10898] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10915 attached ) = 0 [pid 10898] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10915] set_robust_list(0x5555557b6760, 24 [pid 10916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10915] <... set_robust_list resumed>) = 0 [pid 10915] chdir("./424"./strace-static-x86_64: Process 10917 attached [pid 10917] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10917] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10917] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10917] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10917] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] <... umount2 resumed>) = 0 [pid 10898] <... futex resumed>) = 0 [pid 10898] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10901] <... futex resumed>) = 0 [pid 10898] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10901] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 296] umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10901] <... mmap resumed>) = 0x20000000 [pid 10897] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10901] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10897] sendfile(-1, -1, [0] [pid 296] newfstatat(AT_FDCWD, "./423/file0", [pid 10901] <... futex resumed>) = 1 [pid 10898] <... futex resumed>) = 0 [pid 10901] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10898] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10898] <... futex resumed>) = 0 [pid 10897] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 296] umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10915] <... chdir resumed>) = 0 [pid 10915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10915] setpgid(0, 0) = 0 [pid 10915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10915] write(3, "1000", 4) = 4 [pid 10915] close(3) = 0 [pid 10915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10915] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10915] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10915] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10915] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10915] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10915] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10918]}, 88) = 10918 [pid 10915] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10915] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10915] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10918 attached [pid 10918] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10918] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10918] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10918] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10915] <... futex resumed>) = 0 [pid 10915] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10915] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10918] <... futex resumed>) = 1 [pid 10918] memfd_create("syzkaller", 0) = 3 [pid 10898] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10897] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] openat(AT_FDCWD, "./423/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10897] <... futex resumed>) = 1 [pid 10894] <... futex resumed>) = 0 [pid 10897] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10894] exit_group(0 [pid 296] <... openat resumed>) = 4 [pid 10913] <... futex resumed>) = ? [pid 10894] <... exit_group resumed>) = ? [pid 296] newfstatat(4, "", [pid 10913] +++ exited with 0 +++ [pid 10897] <... futex resumed>) = ? [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, [pid 10897] +++ exited with 0 +++ [pid 10894] +++ exited with 0 +++ [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10894, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 296] close(4 [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] <... close resumed>) = 0 [pid 296] rmdir("./423/file0" [pid 299] umount2("./418", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./418", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 299] getdents64(3, [pid 296] getdents64(3, [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] umount2("./418/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] close(3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... close resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./418/binderfs", [pid 296] rmdir("./423" [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./418/binderfs") = 0 [pid 299] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... rmdir resumed>) = 0 [pid 296] mkdir("./424", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10919 [pid 10916] <... write resumed>) = 1048576 [pid 10916] munmap(0x7fe453fca000, 138412032) = 0 [pid 10916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 150.695890][T10897] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 150.726350][T10901] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10916] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 10919 attached [pid 10918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10901] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10919] set_robust_list(0x5555557b6760, 24 [pid 10916] <... ioctl resumed>) = 0 [pid 10901] sendfile(-1, -1, [0] [pid 10918] <... write resumed>) = 1048576 [pid 10918] munmap(0x7fe453fca000, 138412032 [pid 10916] close(3 [pid 10919] <... set_robust_list resumed>) = 0 [pid 10918] <... munmap resumed>) = 0 [pid 10916] <... close resumed>) = 0 [pid 10919] chdir("./424" [pid 10918] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10916] close(4 [pid 10901] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10918] <... openat resumed>) = 4 [pid 10919] <... chdir resumed>) = 0 [pid 10919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10919] setpgid(0, 0) = 0 [pid 10919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10919] write(3, "1000", 4) = 4 [pid 10919] close(3) = 0 [pid 10919] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10919] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10919] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10919] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10918] ioctl(4, LOOP_SET_FD, 3 [pid 10916] <... close resumed>) = 0 [pid 10901] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10916] mkdir("./file0", 0777 [pid 10901] <... futex resumed>) = 1 [pid 10898] <... futex resumed>) = 0 [pid 10898] exit_group(0 [pid 10917] <... futex resumed>) = ? [pid 10898] <... exit_group resumed>) = ? [pid 10917] +++ exited with 0 +++ [pid 10919] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10916] <... mkdir resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./418/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./418/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./418/file0") = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./418") = 0 [pid 299] mkdir("./419", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10920 [pid 10901] +++ exited with 0 +++ [pid 10898] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10898, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 10920 attached [pid 10919] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10918] <... ioctl resumed>) = 0 [pid 10916] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10920] set_robust_list(0x5555557b6760, 24 [pid 10919] <... mprotect resumed>) = 0 [pid 10918] close(3 [pid 297] <... restart_syscall resumed>) = 0 [pid 10920] <... set_robust_list resumed>) = 0 [pid 10919] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10920] chdir("./419" [pid 10919] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10918] <... close resumed>) = 0 [pid 10920] <... chdir resumed>) = 0 [pid 10919] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10918] close(4./strace-static-x86_64: Process 10921 attached [pid 10920] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] umount2("./423", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10921] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10920] <... prctl resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10921] <... set_robust_list resumed>) = 0 [pid 10920] setpgid(0, 0 [pid 297] openat(AT_FDCWD, "./423", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10919] <... clone3 resumed> => {parent_tid=[10921]}, 88) = 10921 [pid 10919] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... openat resumed>) = 3 [pid 10919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10919] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] newfstatat(3, "", [pid 10919] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10921] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10921] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10921] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10919] <... futex resumed>) = 0 [pid 10921] memfd_create("syzkaller", 0 [pid 10919] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10921] <... memfd_create resumed>) = 3 [pid 10919] <... futex resumed>) = 0 [pid 10921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10919] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10921] <... mmap resumed>) = 0x7fe453fca000 [pid 10920] <... setpgid resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] getdents64(3, [pid 10920] <... openat resumed>) = 3 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10920] write(3, "1000", 4 [pid 297] umount2("./423/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10920] <... write resumed>) = 4 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10920] close(3 [pid 297] newfstatat(AT_FDCWD, "./423/binderfs", [pid 10920] <... close resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10920] symlink("/dev/binderfs", "./binderfs" [pid 297] unlink("./423/binderfs" [pid 10921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10920] <... symlink resumed>) = 0 [pid 10920] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10916] <... mount resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 10920] <... futex resumed>) = 0 [pid 10916] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [ 150.760564][T10916] loop0: detected capacity change from 0 to 2048 [ 150.777767][T10918] loop3: detected capacity change from 0 to 2048 [pid 297] umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10921] <... write resumed>) = 1048576 [pid 10920] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10916] <... openat resumed>) = 3 [pid 10921] munmap(0x7fe453fca000, 138412032) = 0 [pid 10921] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10921] ioctl(4, LOOP_SET_FD, 3 [pid 10920] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10916] chdir("./file0" [pid 10920] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10916] <... chdir resumed>) = 0 [pid 10920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10916] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10916] <... openat resumed>) = 4 [pid 10920] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10916] ioctl(4, LOOP_CLR_FD [pid 10920] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10916] <... ioctl resumed>) = 0 [pid 10920] <... mprotect resumed>) = 0 [pid 10916] close(4 [pid 10920] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10916] <... close resumed>) = 0 [pid 10920] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10916] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10916] <... futex resumed>) = 1 [pid 10914] <... futex resumed>) = 0 [pid 10916] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10914] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10920] <... clone3 resumed> => {parent_tid=[10924]}, 88) = 10924 [pid 10916] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10914] <... futex resumed>) = 0 [pid 10920] rt_sigprocmask(SIG_SETMASK, [], [pid 10916] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10914] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10924 attached [pid 10921] <... ioctl resumed>) = 0 [pid 10920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10924] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10921] close(3 [pid 10924] <... set_robust_list resumed>) = 0 [pid 10921] <... close resumed>) = 0 [pid 10920] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10924] rt_sigprocmask(SIG_SETMASK, [], [pid 10921] close(4 [pid 10924] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10920] <... futex resumed>) = 0 [pid 10918] <... close resumed>) = 0 [pid 10916] <... openat resumed>) = 4 [pid 10924] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10918] mkdir("./file0", 0777 [pid 10924] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10920] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10918] <... mkdir resumed>) = 0 [pid 10916] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10924] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10918] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10916] <... futex resumed>) = 1 [pid 10914] <... futex resumed>) = 0 [pid 10924] <... futex resumed>) = 1 [pid 10920] <... futex resumed>) = 0 [pid 10914] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10916] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10924] memfd_create("syzkaller", 0 [pid 10920] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10914] <... futex resumed>) = 0 [pid 10920] <... futex resumed>) = 0 [pid 10916] <... write resumed>) = 16 [pid 10914] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10924] <... memfd_create resumed>) = 3 [pid 10914] <... futex resumed>) = 0 [pid 10920] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10916] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10914] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10916] <... futex resumed>) = 0 [pid 10914] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10924] <... mmap resumed>) = 0x7fe453fca000 [pid 10916] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10914] <... mprotect resumed>) = 0 [pid 10914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10926]}, 88) = 10926 [pid 10914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10914] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10914] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10926 attached [pid 10924] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10926] set_robust_list(0x7fe45c3c99a0, 24 [pid 10918] <... mount resumed>) = 0 [pid 10918] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10918] chdir("./file0") = 0 [pid 10918] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10926] <... set_robust_list resumed>) = 0 [pid 10924] <... write resumed>) = 1048576 [pid 10918] ioctl(4, LOOP_CLR_FD [pid 10926] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10924] munmap(0x7fe453fca000, 138412032 [pid 10926] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10924] <... munmap resumed>) = 0 [pid 10918] <... ioctl resumed>) = 0 [pid 10926] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10924] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10914] <... futex resumed>) = 0 [pid 10926] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10924] <... openat resumed>) = 4 [pid 10918] close(4 [pid 10914] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10924] ioctl(4, LOOP_SET_FD, 3 [pid 10916] <... futex resumed>) = 0 [pid 10914] <... futex resumed>) = 1 [pid 10918] <... close resumed>) = 0 [pid 10916] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10914] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10918] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10916] <... mmap resumed>) = 0x20000000 [pid 10916] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10914] <... futex resumed>) = 0 [pid 10916] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10914] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10916] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10914] <... futex resumed>) = 0 [pid 10924] <... ioctl resumed>) = 0 [pid 10918] <... futex resumed>) = 1 [pid 10924] close(3 [pid 10918] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10924] <... close resumed>) = 0 [ 150.810084][T10921] loop1: detected capacity change from 0 to 2048 [ 150.839349][T10924] loop4: detected capacity change from 0 to 2048 [pid 10924] close(4 [pid 10915] <... futex resumed>) = 0 [pid 10914] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10916] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10915] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10918] <... futex resumed>) = 0 [pid 10916] sendfile(-1, -1, [0] [pid 10915] <... futex resumed>) = 1 [pid 10918] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10916] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10915] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10918] <... openat resumed>) = 4 [pid 10916] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10918] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10916] <... futex resumed>) = 1 [pid 10915] <... futex resumed>) = 0 [pid 10914] <... futex resumed>) = 0 [pid 10918] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10916] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10915] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10914] exit_group(0 [pid 10926] <... futex resumed>) = ? [pid 10918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10916] <... futex resumed>) = ? [pid 10915] <... futex resumed>) = 0 [pid 10914] <... exit_group resumed>) = ? [pid 10926] +++ exited with 0 +++ [pid 10918] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10916] +++ exited with 0 +++ [pid 10915] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10918] <... write resumed>) = 16 [pid 10915] <... futex resumed>) = 0 [pid 10914] +++ exited with 0 +++ [pid 10918] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10918] <... futex resumed>) = 0 [pid 10915] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10918] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10915] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10915] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10915] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10929]}, 88) = 10929 [pid 10915] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10915] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10915] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10929 attached [pid 10929] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10929] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10929] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10915] <... futex resumed>) = 0 [pid 10915] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10918] <... futex resumed>) = 0 [pid 10915] <... futex resumed>) = 1 [pid 10918] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10915] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10918] <... mmap resumed>) = 0x20000000 [pid 10918] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10915] <... futex resumed>) = 0 [pid 10918] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10915] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10915] <... futex resumed>) = 0 [pid 10929] <... futex resumed>) = 1 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10914, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 10921] <... close resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 295] <... restart_syscall resumed>) = 0 [pid 10921] mkdir("./file0", 0777 [pid 297] umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10921] <... mkdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10921] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 297] newfstatat(AT_FDCWD, "./423/file0", [pid 295] umount2("./423", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] openat(AT_FDCWD, "./423", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... openat resumed>) = 3 [pid 297] openat(AT_FDCWD, "./423/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] newfstatat(3, "", [pid 297] <... openat resumed>) = 4 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(4, "", [pid 295] getdents64(3, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] getdents64(4, [pid 295] umount2("./423/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10915] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] getdents64(4, [pid 295] newfstatat(AT_FDCWD, "./423/binderfs", [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] close(4 [pid 295] unlink("./423/binderfs" [pid 297] <... close resumed>) = 0 [pid 295] <... unlink resumed>) = 0 [pid 297] rmdir("./423/file0" [pid 295] umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... rmdir resumed>) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./423") = 0 [pid 297] mkdir("./424", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10930 ./strace-static-x86_64: Process 10930 attached [pid 10930] set_robust_list(0x5555557b6760, 24) = 0 [pid 10930] chdir("./424") = 0 [pid 10930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10930] setpgid(0, 0) = 0 [pid 10930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10930] write(3, "1000", 4) = 4 [pid 10930] close(3) = 0 [pid 10930] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10930] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10930] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10930] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10930] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10930] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10930] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10929] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10930] <... clone3 resumed> => {parent_tid=[10931]}, 88) = 10931 [pid 10930] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10930] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10930] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10931 attached [pid 10931] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10918] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10931] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10918] sendfile(-1, -1, [0] [pid 10931] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10931] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10930] <... futex resumed>) = 0 [pid 10930] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10930] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10918] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10931] <... futex resumed>) = 1 [pid 10931] memfd_create("syzkaller", 0 [pid 10918] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10924] <... close resumed>) = 0 [pid 10924] mkdir("./file0", 0777 [pid 10918] <... futex resumed>) = 1 [pid 10915] <... futex resumed>) = 0 [pid 10931] <... memfd_create resumed>) = 3 [pid 10931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10924] <... mkdir resumed>) = 0 [pid 10915] exit_group(0) = ? [pid 10929] <... futex resumed>) = 231 [pid 10924] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10929] +++ exited with 0 +++ [pid 10918] +++ exited with 0 +++ [pid 10915] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10915, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./424", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./424", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./424/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./424/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./424/binderfs") = 0 [pid 298] umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10921] <... mount resumed>) = 0 [pid 10921] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10921] chdir("./file0") = 0 [pid 10921] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10921] ioctl(4, LOOP_CLR_FD) = 0 [pid 10921] close(4) = 0 [pid 10931] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10921] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10919] <... futex resumed>) = 0 [pid 10919] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10921] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10931] <... write resumed>) = 1048576 [pid 10931] munmap(0x7fe453fca000, 138412032) = 0 [pid 10931] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10919] <... futex resumed>) = 0 [ 150.846470][T10916] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 150.870471][T10918] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10931] ioctl(4, LOOP_SET_FD, 3 [pid 10921] <... openat resumed>) = 4 [pid 10919] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10921] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10919] <... futex resumed>) = 0 [pid 10919] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10919] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10919] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10919] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10919] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10935]}, 88) = 10935 [pid 10919] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10919] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10919] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10921] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10921] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10921] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10924] <... mount resumed>) = 0 [pid 10924] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 ./strace-static-x86_64: Process 10935 attached [pid 10931] <... ioctl resumed>) = 0 [pid 10935] set_robust_list(0x7fe45c3c99a0, 24 [pid 10931] close(3 [pid 10924] chdir("./file0") = 0 [pid 10924] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10924] ioctl(4, LOOP_CLR_FD) = 0 [pid 10924] close(4 [pid 10935] <... set_robust_list resumed>) = 0 [pid 10931] <... close resumed>) = 0 [pid 10924] <... close resumed>) = 0 [pid 10935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10935] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10935] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10935] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10931] close(4 [pid 10924] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10920] <... futex resumed>) = 0 [pid 10924] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10920] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10920] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10919] <... futex resumed>) = 0 [pid 10919] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10919] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10924] <... openat resumed>) = 4 [pid 10924] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10920] <... futex resumed>) = 0 [pid 10924] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10921] <... futex resumed>) = 0 [pid 10920] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... umount2 resumed>) = 0 [pid 10924] <... write resumed>) = 16 [pid 10921] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10920] <... futex resumed>) = 0 [pid 10924] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10920] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10924] <... futex resumed>) = 0 [pid 10920] <... futex resumed>) = 0 [pid 10924] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10920] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10920] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10937 attached [pid 10921] <... mmap resumed>) = 0x20000000 [pid 295] umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10937] set_robust_list(0x7fe45c3c99a0, 24 [pid 10921] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10920] <... clone3 resumed> => {parent_tid=[10937]}, 88) = 10937 [pid 10937] <... set_robust_list resumed>) = 0 [pid 10921] <... futex resumed>) = 1 [pid 10920] rt_sigprocmask(SIG_SETMASK, [], [pid 10919] <... futex resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10937] rt_sigprocmask(SIG_SETMASK, [], [pid 10921] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] newfstatat(AT_FDCWD, "./423/file0", [pid 10919] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10937] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10920] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10937] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10919] <... futex resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10920] <... futex resumed>) = 0 [pid 10920] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10937] <... write resumed>) = 16 [pid 10937] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10920] <... futex resumed>) = 0 [pid 10920] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10924] <... futex resumed>) = 0 [pid 10920] <... futex resumed>) = 1 [pid 10924] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10920] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10924] <... mmap resumed>) = 0x20000000 [pid 10924] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10920] <... futex resumed>) = 0 [ 150.920119][T10931] loop2: detected capacity change from 0 to 2048 [ 150.940690][T10921] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10924] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10920] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10937] <... futex resumed>) = 1 [pid 10924] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10920] <... futex resumed>) = 0 [pid 10937] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10924] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10921] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10920] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10919] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10924] sendfile(-1, -1, [0] [pid 10921] sendfile(-1, -1, [0] [pid 10924] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10921] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10924] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10921] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10924] <... futex resumed>) = 1 [pid 10921] <... futex resumed>) = 0 [pid 10920] <... futex resumed>) = 0 [pid 10924] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10921] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10920] exit_group(0 [pid 10937] <... futex resumed>) = ? [pid 10924] <... futex resumed>) = ? [pid 10920] <... exit_group resumed>) = ? [pid 10937] +++ exited with 0 +++ [pid 10924] +++ exited with 0 +++ [pid 10920] +++ exited with 0 +++ [pid 10919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10919] exit_group(0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10920, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 298] umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] openat(AT_FDCWD, "./423/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10935] <... futex resumed>) = ? [pid 10921] <... futex resumed>) = ? [pid 10919] <... exit_group resumed>) = ? [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10935] +++ exited with 0 +++ [pid 10921] +++ exited with 0 +++ [pid 295] <... openat resumed>) = 4 [pid 299] umount2("./419", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./419", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, [pid 10919] +++ exited with 0 +++ [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] newfstatat(AT_FDCWD, "./424/file0", [pid 295] newfstatat(4, "", [pid 299] umount2("./419/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10919, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 299] newfstatat(AT_FDCWD, "./419/binderfs", [pid 296] <... restart_syscall resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] unlink("./419/binderfs" [pid 298] umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... unlink resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./424", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] getdents64(4, [pid 299] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./424/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./424", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] <... openat resumed>) = 3 [pid 298] <... openat resumed>) = 4 [pid 296] newfstatat(3, "", [pid 295] getdents64(4, [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] newfstatat(4, "", [pid 296] getdents64(3, [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] close(4 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] umount2("./424/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] getdents64(4, [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... close resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./424/binderfs", [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] rmdir("./423/file0" [pid 298] getdents64(4, [pid 296] unlink("./424/binderfs" [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] <... unlink resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 298] close(4 [pid 296] umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] getdents64(3, [pid 298] <... close resumed>) = 0 [pid 10931] <... close resumed>) = 0 [pid 298] rmdir("./424/file0" [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10931] mkdir("./file0", 0777) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 295] close(3 [pid 10931] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] getdents64(3, [pid 295] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3 [pid 295] rmdir("./423" [pid 298] <... close resumed>) = 0 [pid 298] rmdir("./424" [pid 295] <... rmdir resumed>) = 0 [pid 295] mkdir("./424", 0777 [pid 298] <... rmdir resumed>) = 0 [pid 298] mkdir("./425", 0777) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 298] ioctl(3, LOOP_CLR_FD [pid 295] <... openat resumed>) = 3 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 295] ioctl(3, LOOP_CLR_FD [pid 298] <... close resumed>) = 0 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] close(3) = 0 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10938 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 10939 attached , child_tidptr=0x5555557b6750) = 10939 [pid 10939] set_robust_list(0x5555557b6760, 24./strace-static-x86_64: Process 10938 attached ) = 0 [pid 10938] set_robust_list(0x5555557b6760, 24) = 0 [pid 10939] chdir("./424") = 0 [pid 10939] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10938] chdir("./425") = 0 [pid 10938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10938] setpgid(0, 0) = 0 [pid 10938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10939] <... prctl resumed>) = 0 [pid 10939] setpgid(0, 0 [pid 10938] <... openat resumed>) = 3 [pid 10938] write(3, "1000", 4) = 4 [pid 10938] close(3) = 0 [pid 10939] <... setpgid resumed>) = 0 [pid 10938] symlink("/dev/binderfs", "./binderfs" [pid 10939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10938] <... symlink resumed>) = 0 [pid 10938] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10938] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10938] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10939] write(3, "1000", 4 [pid 10938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10939] <... write resumed>) = 4 [pid 10938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10939] close(3 [pid 10938] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10938] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10939] <... close resumed>) = 0 [pid 10938] rt_sigprocmask(SIG_BLOCK, ~[], [ 150.946269][T10924] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10939] symlink("/dev/binderfs", "./binderfs" [pid 10938] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10939] <... symlink resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 10938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10940]}, 88) = 10940 [pid 10938] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10938] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10938] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10939] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10939] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10939] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10939] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10939] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10939] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10939] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10941]}, 88) = 10941 [pid 10939] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10939] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10939] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./419/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./419/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./419/file0") = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./419") = 0 [pid 299] mkdir("./420", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 296] umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] newfstatat(AT_FDCWD, "./424/file0", [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10943 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10943 attached ) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./424/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 10941 attached ./strace-static-x86_64: Process 10940 attached [pid 10943] set_robust_list(0x5555557b6760, 24 [pid 10931] <... mount resumed>) = 0 [pid 296] <... openat resumed>) = 4 [pid 10943] <... set_robust_list resumed>) = 0 [pid 10941] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10940] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10931] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 296] newfstatat(4, "", [pid 10931] <... openat resumed>) = 3 [pid 10943] chdir("./420" [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10940] <... set_robust_list resumed>) = 0 [pid 10943] <... chdir resumed>) = 0 [pid 10931] chdir("./file0" [pid 10940] rt_sigprocmask(SIG_SETMASK, [], [pid 296] getdents64(4, [pid 10931] <... chdir resumed>) = 0 [pid 10931] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 10943] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10931] <... openat resumed>) = 4 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10931] ioctl(4, LOOP_CLR_FD [pid 10943] <... prctl resumed>) = 0 [pid 10940] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10931] <... ioctl resumed>) = 0 [pid 296] getdents64(4, [pid 10931] close(4 [pid 10943] setpgid(0, 0 [pid 10941] <... set_robust_list resumed>) = 0 [pid 10940] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10931] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10943] <... setpgid resumed>) = 0 [pid 10941] rt_sigprocmask(SIG_SETMASK, [], [pid 10940] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10931] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] close(4 [pid 10943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10940] <... futex resumed>) = 1 [pid 10938] <... futex resumed>) = 0 [pid 10931] <... futex resumed>) = 1 [pid 10930] <... futex resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 10943] <... openat resumed>) = 3 [pid 10941] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10940] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] rmdir("./424/file0" [pid 10943] write(3, "1000", 4 [pid 10941] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 296] <... rmdir resumed>) = 0 [pid 10943] <... write resumed>) = 4 [pid 10941] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] getdents64(3, [pid 10943] close(3 [pid 10941] <... futex resumed>) = 1 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10943] <... close resumed>) = 0 [pid 10941] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] close(3 [pid 10943] symlink("/dev/binderfs", "./binderfs" [pid 10931] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10930] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... close resumed>) = 0 [pid 10943] <... symlink resumed>) = 0 [pid 10939] <... futex resumed>) = 0 [pid 10938] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10930] <... futex resumed>) = 0 [pid 296] rmdir("./424" [pid 10943] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10940] <... futex resumed>) = 0 [pid 10939] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10938] <... futex resumed>) = 1 [pid 10931] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10930] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... rmdir resumed>) = 0 [pid 10943] <... futex resumed>) = 0 [pid 296] mkdir("./425", 0777 [pid 10943] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 296] <... mkdir resumed>) = 0 [pid 10943] <... rt_sigaction resumed>NULL, 8) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 10943] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 296] <... openat resumed>) = 3 [pid 10943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 10943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10943] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10941] <... futex resumed>) = 0 [pid 10940] memfd_create("syzkaller", 0 [pid 10939] <... futex resumed>) = 1 [pid 10938] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10931] <... openat resumed>) = 4 [pid 296] close(3 [pid 10943] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10941] memfd_create("syzkaller", 0 [pid 10940] <... memfd_create resumed>) = 3 [pid 10939] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10931] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10943] <... mprotect resumed>) = 0 [pid 10941] <... memfd_create resumed>) = 3 [pid 10940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10931] <... futex resumed>) = 1 [pid 10930] <... futex resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 10943] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10940] <... mmap resumed>) = 0x7fe453fca000 [pid 10931] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10930] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10943] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10941] <... mmap resumed>) = 0x7fe453fca000 [pid 10931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10930] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10945 attached [pid 10943] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10940] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10931] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10930] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10945 [pid 10945] set_robust_list(0x5555557b6760, 24 [pid 10941] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10931] <... write resumed>) = 16 [pid 10930] <... futex resumed>) = 0 ./strace-static-x86_64: Process 10946 attached [pid 10945] <... set_robust_list resumed>) = 0 [pid 10943] <... clone3 resumed> => {parent_tid=[10946]}, 88) = 10946 [pid 10940] <... write resumed>) = 1048576 [pid 10931] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10946] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10945] chdir("./425" [pid 10943] rt_sigprocmask(SIG_SETMASK, [], [pid 10940] munmap(0x7fe453fca000, 138412032 [pid 10931] <... futex resumed>) = 0 [pid 10930] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10946] <... set_robust_list resumed>) = 0 [pid 10945] <... chdir resumed>) = 0 [pid 10943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10940] <... munmap resumed>) = 0 [pid 10931] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10930] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10946] rt_sigprocmask(SIG_SETMASK, [], [pid 10945] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10943] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10940] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10930] <... mprotect resumed>) = 0 [pid 10946] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10945] <... prctl resumed>) = 0 [pid 10943] <... futex resumed>) = 0 [pid 10940] <... openat resumed>) = 4 [pid 10930] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10946] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10945] setpgid(0, 0 [pid 10943] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10940] ioctl(4, LOOP_SET_FD, 3 [pid 10930] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10946] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10945] <... setpgid resumed>) = 0 [pid 10941] <... write resumed>) = 1048576 [pid 10930] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10941] munmap(0x7fe453fca000, 138412032) = 0 [pid 10941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10941] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 10947 attached [pid 10946] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10940] <... ioctl resumed>) = 0 [pid 10946] <... futex resumed>) = 1 [pid 10945] <... openat resumed>) = 3 [pid 10943] <... futex resumed>) = 0 [pid 10930] <... clone3 resumed> => {parent_tid=[10947]}, 88) = 10947 [pid 10946] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10945] write(3, "1000", 4 [pid 10943] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10930] rt_sigprocmask(SIG_SETMASK, [], [pid 10946] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10945] <... write resumed>) = 4 [pid 10943] <... futex resumed>) = 0 [pid 10930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10946] memfd_create("syzkaller", 0 [pid 10945] close(3 [pid 10943] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10930] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10946] <... memfd_create resumed>) = 3 [pid 10945] <... close resumed>) = 0 [pid 10930] <... futex resumed>) = 0 [pid 10946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10945] symlink("/dev/binderfs", "./binderfs" [pid 10930] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10946] <... mmap resumed>) = 0x7fe453fca000 [pid 10945] <... symlink resumed>) = 0 [pid 10947] set_robust_list(0x7fe45c3c99a0, 24 [pid 10941] <... ioctl resumed>) = 0 [pid 10940] close(3 [pid 10947] <... set_robust_list resumed>) = 0 [pid 10945] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10947] rt_sigprocmask(SIG_SETMASK, [], [pid 10945] <... futex resumed>) = 0 [pid 10947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10945] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10947] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10945] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10947] <... write resumed>) = 16 [pid 10945] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10947] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10947] <... futex resumed>) = 1 [pid 10930] <... futex resumed>) = 0 [pid 10947] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10930] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10945] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10945] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10931] <... futex resumed>) = 0 [pid 10930] <... futex resumed>) = 1 [pid 10945] <... mprotect resumed>) = 0 [pid 10931] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10930] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10941] close(3 [pid 10940] <... close resumed>) = 0 [pid 10945] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10931] <... mmap resumed>) = 0x20000000 [pid 10945] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10941] <... close resumed>) = 0 [pid 10940] close(4 [pid 10931] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10945] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10941] close(4 [pid 10931] <... futex resumed>) = 1 [pid 10930] <... futex resumed>) = 0 [pid 10930] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10948 attached [pid 10948] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10948] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10946] munmap(0x7fe453fca000, 138412032) = 0 [pid 10946] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10946] ioctl(4, LOOP_SET_FD, 3 [pid 10945] <... clone3 resumed> => {parent_tid=[10948]}, 88) = 10948 [pid 10931] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10930] <... futex resumed>) = 0 [pid 10945] rt_sigprocmask(SIG_SETMASK, [], [pid 10930] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10945] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10948] <... futex resumed>) = 0 [pid 10945] <... futex resumed>) = 1 [pid 10948] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10945] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10948] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10948] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10945] <... futex resumed>) = 0 [pid 10948] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10945] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10945] <... futex resumed>) = 0 [pid 10948] memfd_create("syzkaller", 0 [pid 10945] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10948] <... memfd_create resumed>) = 3 [pid 10948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10946] <... ioctl resumed>) = 0 [pid 10931] sendfile(-1, -1, [0] [pid 10946] close(3) = 0 [pid 10931] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10946] close(4 [pid 10931] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10930] <... futex resumed>) = 0 [pid 10930] exit_group(0 [pid 10947] <... futex resumed>) = ? [pid 10930] <... exit_group resumed>) = ? [pid 10947] +++ exited with 0 +++ [pid 10931] +++ exited with 0 +++ [pid 10930] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10930, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./424", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./424", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./424/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./424/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./424/binderfs" [pid 10948] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 297] <... unlink resumed>) = 0 [pid 297] umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10948] <... write resumed>) = 1048576 [pid 10948] munmap(0x7fe453fca000, 138412032) = 0 [pid 10948] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 151.063042][T10940] loop3: detected capacity change from 0 to 2048 [ 151.065516][T10941] loop0: detected capacity change from 0 to 2048 [ 151.082606][T10931] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 151.089865][T10946] loop4: detected capacity change from 0 to 2048 [pid 10948] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10948] close(3) = 0 [pid 10948] close(4 [pid 10941] <... close resumed>) = 0 [pid 10940] <... close resumed>) = 0 [pid 10941] mkdir("./file0", 0777 [pid 10940] mkdir("./file0", 0777 [pid 10941] <... mkdir resumed>) = 0 [pid 10940] <... mkdir resumed>) = 0 [pid 10941] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10940] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10941] <... mount resumed>) = 0 [pid 10941] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10941] chdir("./file0") = 0 [pid 10941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10941] ioctl(4, LOOP_CLR_FD) = 0 [pid 10941] close(4) = 0 [pid 10941] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10939] <... futex resumed>) = 0 [pid 10939] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10941] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10939] <... futex resumed>) = 0 [pid 10939] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10941] <... openat resumed>) = 4 [pid 10941] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10939] <... futex resumed>) = 0 [pid 10939] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10939] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10939] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10939] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10941] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10939] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10939] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10951 attached => {parent_tid=[10951]}, 88) = 10951 [pid 10951] set_robust_list(0x7fe45c3c99a0, 24 [pid 10939] rt_sigprocmask(SIG_SETMASK, [], [pid 10941] <... write resumed>) = 16 [pid 10939] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10951] <... set_robust_list resumed>) = 0 [pid 10941] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10939] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10941] <... futex resumed>) = 0 [pid 10939] <... futex resumed>) = 0 [pid 10939] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10941] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10946] <... close resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 10946] mkdir("./file0", 0777 [pid 297] umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./424/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10946] <... mkdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10946] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 297] openat(AT_FDCWD, "./424/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./424/file0") = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./424") = 0 [pid 297] mkdir("./425", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 10951] rt_sigprocmask(SIG_SETMASK, [], [pid 297] ioctl(3, LOOP_CLR_FD [pid 10951] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10951] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10951] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10939] <... futex resumed>) = 0 [pid 297] close(3 [pid 10939] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10951] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10939] <... futex resumed>) = 1 [pid 10941] <... futex resumed>) = 0 [pid 10939] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... close resumed>) = 0 [ 151.117826][T10948] loop1: detected capacity change from 0 to 2048 [pid 10941] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10941] <... mmap resumed>) = 0x20000000 [pid 10941] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10939] <... futex resumed>) = 0 [pid 10941] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10939] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 10952 [pid 10941] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10939] <... futex resumed>) = 0 [pid 10939] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10952 attached [pid 10952] set_robust_list(0x5555557b6760, 24) = 0 [pid 10952] chdir("./425") = 0 [pid 10952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10952] setpgid(0, 0) = 0 [pid 10952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10952] write(3, "1000", 4) = 4 [pid 10952] close(3) = 0 [pid 10952] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10952] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10952] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10952] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10952] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10952] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10952] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10953]}, 88) = 10953 [pid 10952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10952] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10952] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10953 attached [pid 10953] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10953] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10953] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10953] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10952] <... futex resumed>) = 0 [pid 10952] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10952] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10953] <... futex resumed>) = 1 [pid 10953] memfd_create("syzkaller", 0) = 3 [pid 10953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10953] munmap(0x7fe453fca000, 138412032) = 0 [pid 10953] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10953] ioctl(4, LOOP_SET_FD, 3 [pid 10948] <... close resumed>) = 0 [pid 10941] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10948] mkdir("./file0", 0777 [pid 10941] sendfile(-1, -1, [0] [pid 10953] <... ioctl resumed>) = 0 [pid 10953] close(3) = 0 [pid 10953] close(4 [pid 10948] <... mkdir resumed>) = 0 [pid 10948] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10946] <... mount resumed>) = 0 [pid 10946] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10941] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10946] chdir("./file0" [pid 10941] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10946] <... chdir resumed>) = 0 [pid 10941] <... futex resumed>) = 1 [pid 10939] <... futex resumed>) = 0 [pid 10939] exit_group(0 [pid 10946] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10941] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10951] <... futex resumed>) = ? [pid 10939] <... exit_group resumed>) = ? [pid 10946] <... openat resumed>) = 4 [pid 10941] <... futex resumed>) = ? [pid 10951] +++ exited with 0 +++ [pid 10946] ioctl(4, LOOP_CLR_FD [pid 10941] +++ exited with 0 +++ [pid 10939] +++ exited with 0 +++ [pid 10946] <... ioctl resumed>) = 0 [pid 10946] close(4 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10939, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10946] <... close resumed>) = 0 [pid 10946] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10943] <... futex resumed>) = 0 [pid 295] umount2("./424", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10946] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10943] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10943] <... futex resumed>) = 0 [pid 10943] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] openat(AT_FDCWD, "./424", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10946] <... openat resumed>) = 4 [pid 295] getdents64(3, [pid 10946] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./424/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10946] <... futex resumed>) = 1 [pid 10943] <... futex resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10943] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10946] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 295] newfstatat(AT_FDCWD, "./424/binderfs", [pid 10943] <... futex resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10943] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10946] <... write resumed>) = 16 [pid 10943] <... futex resumed>) = 0 [pid 295] unlink("./424/binderfs" [pid 10946] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 295] <... unlink resumed>) = 0 [pid 10946] <... futex resumed>) = 0 [pid 10943] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 295] umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10943] <... mprotect resumed>) = 0 [pid 10946] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10943] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10943] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10959]}, 88) = 10959 [pid 10943] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 10959 attached [pid 10943] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10959] set_robust_list(0x7fe45c3c99a0, 24 [pid 10943] <... futex resumed>) = 0 [pid 10959] <... set_robust_list resumed>) = 0 [pid 10943] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10959] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10959] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10959] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10943] <... futex resumed>) = 0 [pid 10943] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10946] <... futex resumed>) = 0 [pid 10943] <... futex resumed>) = 1 [pid 10946] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10943] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10946] <... mmap resumed>) = 0x20000000 [pid 10946] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10943] <... futex resumed>) = 0 [pid 10946] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10943] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10946] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 151.161085][T10941] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 151.178575][T10953] loop2: detected capacity change from 0 to 2048 [pid 10943] <... futex resumed>) = 0 [pid 10959] <... futex resumed>) = 1 [pid 10959] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10948] <... mount resumed>) = 0 [pid 10948] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10948] chdir("./file0") = 0 [pid 10948] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10948] ioctl(4, LOOP_CLR_FD) = 0 [pid 10948] close(4) = 0 [pid 10948] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10948] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10943] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10940] <... mount resumed>) = 0 [pid 10940] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10940] chdir("./file0") = 0 [pid 10940] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10940] ioctl(4, LOOP_CLR_FD) = 0 [pid 10940] close(4) = 0 [pid 10940] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10940] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10945] <... futex resumed>) = 0 [pid 10945] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10948] <... futex resumed>) = 0 [pid 10945] <... futex resumed>) = 1 [pid 10948] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10945] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10948] <... openat resumed>) = 4 [pid 10938] <... futex resumed>) = 0 [pid 10948] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10945] <... futex resumed>) = 0 [pid 10948] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10945] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10938] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10953] <... close resumed>) = 0 [pid 10948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10945] <... futex resumed>) = 0 [pid 10938] <... futex resumed>) = 1 [pid 10953] mkdir("./file0", 0777 [pid 10948] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10945] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10948] <... write resumed>) = 16 [pid 10945] <... futex resumed>) = 0 [pid 10953] <... mkdir resumed>) = 0 [pid 10948] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10938] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10953] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10948] <... futex resumed>) = 0 [pid 10945] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10948] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10945] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10945] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10945] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[10961]}, 88) = 10961 [pid 10945] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10945] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10961 attached [pid 10946] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10945] <... futex resumed>) = 0 [pid 10940] <... futex resumed>) = 0 [pid 10961] set_robust_list(0x7fe45c3c99a0, 24 [pid 10945] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10940] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10946] sendfile(-1, -1, [0] [pid 10961] <... set_robust_list resumed>) = 0 [pid 10940] <... openat resumed>) = 4 [pid 10940] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10938] <... futex resumed>) = 0 [pid 10946] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10940] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10938] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10946] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10940] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10938] <... futex resumed>) = 0 [pid 10946] <... futex resumed>) = 1 [pid 10943] <... futex resumed>) = 0 [pid 10940] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10938] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10946] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10943] exit_group(0 [pid 10940] <... write resumed>) = 16 [pid 10938] <... futex resumed>) = 0 [pid 10959] <... futex resumed>) = ? [pid 10946] <... futex resumed>) = ? [pid 10943] <... exit_group resumed>) = ? [pid 10940] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10961] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10938] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10961] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10940] <... futex resumed>) = 0 [pid 10938] <... mprotect resumed>) = 0 [pid 10959] +++ exited with 0 +++ [pid 10961] <... write resumed>) = 16 [pid 10938] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10940] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10938] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10961] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10945] <... futex resumed>) = 0 [pid 10961] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10945] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10938] <... clone3 resumed> => {parent_tid=[10962]}, 88) = 10962 [pid 10948] <... futex resumed>) = 0 [pid 10945] <... futex resumed>) = 1 [pid 10938] rt_sigprocmask(SIG_SETMASK, [], [pid 10948] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10945] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10948] <... mmap resumed>) = 0x20000000 [pid 10946] +++ exited with 0 +++ [pid 10943] +++ exited with 0 +++ [pid 10938] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10948] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10938] <... futex resumed>) = 0 [pid 10948] <... futex resumed>) = 1 [pid 10945] <... futex resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10943, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10948] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10945] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10938] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./420", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10945] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10945] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] openat(AT_FDCWD, "./420", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./420/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./420/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./420/binderfs") = 0 [pid 299] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 10962 attached [pid 10962] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10962] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10962] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10962] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10962] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10938] <... futex resumed>) = 0 [pid 10938] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10938] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10940] <... futex resumed>) = 0 [pid 10940] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 10940] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10938] <... futex resumed>) = 0 [pid 10940] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10938] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10940] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10938] <... futex resumed>) = 0 [ 151.205550][T10946] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 151.231911][T10948] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10938] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10948] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 295] <... umount2 resumed>) = 0 [pid 10948] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10948] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10945] <... futex resumed>) = 0 [pid 10945] exit_group(0 [pid 10961] <... futex resumed>) = ? [pid 10945] <... exit_group resumed>) = ? [pid 10961] +++ exited with 0 +++ [pid 10948] <... futex resumed>) = ? [pid 10948] +++ exited with 0 +++ [pid 10945] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10945, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 296] umount2("./425", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./425", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./425/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./425/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./425/binderfs") = 0 [pid 296] umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10940] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10940] sendfile(-1, -1, [0] [pid 295] newfstatat(AT_FDCWD, "./424/file0", [pid 10940] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10940] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10938] <... futex resumed>) = 0 [pid 10938] exit_group(0 [pid 10962] <... futex resumed>) = ? [pid 10938] <... exit_group resumed>) = ? [pid 10962] +++ exited with 0 +++ [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10940] <... futex resumed>) = ? [pid 295] umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./424/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./424/file0") = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./424") = 0 [pid 295] mkdir("./425", 0777 [pid 10940] +++ exited with 0 +++ [pid 10938] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10938, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 295] <... mkdir resumed>) = 0 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD [pid 298] <... restart_syscall resumed>) = 0 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] umount2("./425", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./425", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./425/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./425/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./425/binderfs") = 0 [pid 298] umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10965 [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 10953] <... mount resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./425/file0", ./strace-static-x86_64: Process 10965 attached [pid 10953] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10965] set_robust_list(0x5555557b6760, 24 [pid 10953] <... openat resumed>) = 3 [pid 298] umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10953] chdir("./file0" [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10953] <... chdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "./425/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10953] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 298] <... openat resumed>) = 4 [pid 10953] <... openat resumed>) = 4 [pid 298] newfstatat(4, "", [pid 10953] ioctl(4, LOOP_CLR_FD [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10953] <... ioctl resumed>) = 0 [pid 298] getdents64(4, [pid 10953] close(4 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10953] <... close resumed>) = 0 [pid 298] getdents64(4, [pid 10953] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10953] <... futex resumed>) = 1 [pid 10952] <... futex resumed>) = 0 [pid 298] close(4 [pid 10953] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10952] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... close resumed>) = 0 [pid 10953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10952] <... futex resumed>) = 0 [pid 298] rmdir("./425/file0" [pid 10953] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10952] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... rmdir resumed>) = 0 [pid 10953] <... openat resumed>) = 4 [pid 298] getdents64(3, [pid 10953] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10953] <... futex resumed>) = 1 [pid 10952] <... futex resumed>) = 0 [pid 298] close(3 [pid 10953] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10952] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... close resumed>) = 0 [pid 10953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10952] <... futex resumed>) = 0 [pid 298] rmdir("./425" [pid 10953] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10952] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... rmdir resumed>) = 0 [pid 10953] <... write resumed>) = 16 [pid 10952] <... futex resumed>) = 0 [pid 298] mkdir("./426", 0777 [pid 10953] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... mkdir resumed>) = 0 [pid 10953] <... futex resumed>) = 0 [pid 10952] <... mmap resumed>) = 0x7fe45c3a9000 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10953] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10952] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 298] <... openat resumed>) = 3 [pid 10952] <... mprotect resumed>) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 10952] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10952] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] close(3 [pid 10952] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 298] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10952] <... clone3 resumed> => {parent_tid=[10966]}, 88) = 10966 [pid 10952] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10967 [pid 10952] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10952] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10952] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10965] <... set_robust_list resumed>) = 0 [pid 10965] chdir("./425") = 0 [pid 10965] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10965] setpgid(0, 0) = 0 [pid 10965] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10965] write(3, "1000", 4) = 4 [pid 10965] close(3) = 0 [pid 10965] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10965] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10965] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10965] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], ./strace-static-x86_64: Process 10967 attached ./strace-static-x86_64: Process 10966 attached [pid 299] <... umount2 resumed>) = 0 [pid 10966] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10966] rt_sigprocmask(SIG_SETMASK, [], [pid 10967] set_robust_list(0x5555557b6760, 24 [pid 10966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10967] <... set_robust_list resumed>) = 0 [pid 10966] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10967] chdir("./426" [pid 10966] <... write resumed>) = 16 [pid 10967] <... chdir resumed>) = 0 [pid 10966] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10967] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10966] <... futex resumed>) = 1 [pid 10952] <... futex resumed>) = 0 [pid 10967] <... prctl resumed>) = 0 [pid 10966] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10952] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = 0 [pid 10967] setpgid(0, 0 [pid 10965] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10953] <... futex resumed>) = 0 [pid 10952] <... futex resumed>) = 1 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10967] <... setpgid resumed>) = 0 [pid 10953] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10952] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10965] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10953] <... mmap resumed>) = 0x20000000 [pid 299] newfstatat(AT_FDCWD, "./420/file0", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10967] <... openat resumed>) = 3 [pid 10965] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10953] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] newfstatat(AT_FDCWD, "./425/file0", [pid 10967] write(3, "1000", 4 [pid 10965] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10953] <... futex resumed>) = 1 [pid 10952] <... futex resumed>) = 0 [pid 299] umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10967] <... write resumed>) = 4 [pid 10965] <... mprotect resumed>) = 0 [pid 10953] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10952] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 151.235700][T10940] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 296] umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10967] close(3 [pid 10965] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10952] <... futex resumed>) = 0 [pid 299] openat(AT_FDCWD, "./420/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10965] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] <... openat resumed>) = 4 [pid 296] openat(AT_FDCWD, "./425/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10965] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 299] newfstatat(4, "", [pid 296] <... openat resumed>) = 4 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] newfstatat(4, "", [pid 10965] <... clone3 resumed> => {parent_tid=[10968]}, 88) = 10968 [pid 299] getdents64(4, [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10965] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, [pid 10965] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] getdents64(4, [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10965] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] getdents64(4, [pid 10965] <... futex resumed>) = 0 [pid 299] close(4 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10965] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... close resumed>) = 0 [pid 296] close(4 [pid 299] rmdir("./420/file0" [pid 296] <... close resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 296] rmdir("./425/file0" [pid 299] getdents64(3, [pid 296] <... rmdir resumed>) = 0 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] getdents64(3, [pid 299] close(3 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] <... close resumed>) = 0 [pid 296] close(3 [pid 299] rmdir("./420" [pid 296] <... close resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 296] rmdir("./425" [pid 299] mkdir("./421", 0777 [pid 296] <... rmdir resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 296] mkdir("./426", 0777 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] <... mkdir resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 299] ioctl(3, LOOP_CLR_FD [pid 296] <... openat resumed>) = 3 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] ioctl(3, LOOP_CLR_FD [pid 299] close(3 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] <... close resumed>) = 0 [pid 296] close(3 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... close resumed>) = 0 [pid 10967] <... close resumed>) = 0 [pid 10952] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10953] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10967] symlink("/dev/binderfs", "./binderfs" [pid 10953] sendfile(-1, -1, [0] [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10969 ./strace-static-x86_64: Process 10969 attached ./strace-static-x86_64: Process 10968 attached [pid 10967] <... symlink resumed>) = 0 [pid 10953] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 10969] set_robust_list(0x5555557b6760, 24 [pid 10968] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10967] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10970 [pid 10969] <... set_robust_list resumed>) = 0 [pid 10968] <... set_robust_list resumed>) = 0 [pid 10967] <... futex resumed>) = 0 [pid 10969] chdir("./421" [pid 10968] rt_sigprocmask(SIG_SETMASK, [], [pid 10967] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10969] <... chdir resumed>) = 0 [pid 10968] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10967] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10953] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10969] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10968] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10967] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10952] <... futex resumed>) = 0 [pid 10953] <... futex resumed>) = 1 [pid 10969] <... prctl resumed>) = 0 [pid 10968] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10967] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10952] exit_group(0 [pid 10953] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10969] setpgid(0, 0 [pid 10968] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10966] <... futex resumed>) = ? [pid 10952] <... exit_group resumed>) = ? [pid 10969] <... setpgid resumed>) = 0 [pid 10968] <... futex resumed>) = 1 [pid 10967] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10966] +++ exited with 0 +++ [pid 10965] <... futex resumed>) = 0 [pid 10953] +++ exited with 0 +++ ./strace-static-x86_64: Process 10970 attached [pid 10969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10968] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10967] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10965] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10952] +++ exited with 0 +++ [pid 10967] <... mprotect resumed>) = 0 [pid 10965] <... futex resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10952, si_uid=0, si_status=0, si_utime=1, si_stime=1} --- [pid 10968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10967] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10965] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 297] umount2("./425", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10968] memfd_create("syzkaller", 0 [pid 10967] <... rt_sigprocmask resumed>[], 8) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10967] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 297] openat(AT_FDCWD, "./425", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10968] <... memfd_create resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 297] newfstatat(3, "", [pid 10968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10967] <... clone3 resumed> => {parent_tid=[10971]}, 88) = 10971 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10968] <... mmap resumed>) = 0x7fe453fca000 [pid 10967] rt_sigprocmask(SIG_SETMASK, [], [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./425/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./425/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./425/binderfs") = 0 [pid 297] umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10967] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 10971 attached [pid 10971] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10967] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10971] <... set_robust_list resumed>) = 0 [pid 10971] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10971] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10967] <... futex resumed>) = 0 [pid 10967] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10971] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10967] <... futex resumed>) = 0 [pid 10971] memfd_create("syzkaller", 0 [pid 10967] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10967] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10971] <... memfd_create resumed>) = 3 [pid 10971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10969] <... openat resumed>) = 3 [pid 10969] write(3, "1000", 4) = 4 [pid 10969] close(3) = 0 [pid 10969] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10970] set_robust_list(0x5555557b6760, 24 [pid 10969] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10968] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 297] <... umount2 resumed>) = 0 [pid 10969] <... futex resumed>) = 0 [pid 10969] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10970] <... set_robust_list resumed>) = 0 [pid 10969] <... rt_sigaction resumed>NULL, 8) = 0 [pid 297] umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10969] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] newfstatat(AT_FDCWD, "./425/file0", [pid 10969] <... mmap resumed>) = 0x7fe45c3ca000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10969] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 297] umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10969] <... mprotect resumed>) = 0 [pid 10969] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10969] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 297] openat(AT_FDCWD, "./425/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10969] <... clone3 resumed> => {parent_tid=[10972]}, 88) = 10972 [pid 297] <... openat resumed>) = 4 [pid 10969] rt_sigprocmask(SIG_SETMASK, [], [pid 297] newfstatat(4, "", [pid 10970] chdir("./426" [pid 10971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 151.312706][T10953] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10969] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(4, ./strace-static-x86_64: Process 10972 attached [pid 10971] <... write resumed>) = 1048576 [pid 10970] <... chdir resumed>) = 0 [pid 10969] <... futex resumed>) = 0 [pid 10968] <... write resumed>) = 1048576 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10969] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10971] munmap(0x7fe453fca000, 138412032 [pid 10970] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] getdents64(4, [pid 10971] <... munmap resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10971] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10971] ioctl(4, LOOP_SET_FD, 3 [pid 297] close(4 [pid 10970] <... prctl resumed>) = 0 [pid 10972] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10970] setpgid(0, 0 [pid 10968] munmap(0x7fe453fca000, 138412032 [pid 297] <... close resumed>) = 0 [pid 297] rmdir("./425/file0") = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./425") = 0 [pid 297] mkdir("./426", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10973 [pid 10970] <... setpgid resumed>) = 0 [pid 10970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10970] write(3, "1000", 4) = 4 [pid 10970] close(3) = 0 [pid 10970] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10970] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10970] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10970] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10970] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10974]}, 88) = 10974 [pid 10970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10970] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10970] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10968] <... munmap resumed>) = 0 [pid 10972] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 10974 attached ./strace-static-x86_64: Process 10973 attached [pid 10972] rt_sigprocmask(SIG_SETMASK, [], [pid 10971] <... ioctl resumed>) = 0 [pid 10968] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 10974] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10973] set_robust_list(0x5555557b6760, 24 [pid 10972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10971] close(3 [pid 10968] <... openat resumed>) = 4 [pid 10974] <... set_robust_list resumed>) = 0 [pid 10973] <... set_robust_list resumed>) = 0 [pid 10972] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10971] <... close resumed>) = 0 [pid 10974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10973] chdir("./426" [pid 10974] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10973] <... chdir resumed>) = 0 [pid 10968] ioctl(4, LOOP_SET_FD, 3 [pid 10974] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10973] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10972] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10971] close(4 [pid 10974] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10973] <... prctl resumed>) = 0 [pid 10972] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10968] <... ioctl resumed>) = 0 [pid 10972] <... futex resumed>) = 1 [pid 10969] <... futex resumed>) = 0 [pid 10968] close(3 [pid 10972] memfd_create("syzkaller", 0 [pid 10969] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10968] <... close resumed>) = 0 [pid 10972] <... memfd_create resumed>) = 3 [pid 10969] <... futex resumed>) = 0 [pid 10968] close(4 [pid 10972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10969] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10972] <... mmap resumed>) = 0x7fe453fca000 [pid 10974] <... futex resumed>) = 1 [pid 10970] <... futex resumed>) = 0 [pid 10970] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10970] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10974] memfd_create("syzkaller", 0) = 3 [pid 10973] setpgid(0, 0 [pid 10974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10973] <... setpgid resumed>) = 0 [pid 10974] <... mmap resumed>) = 0x7fe453fca000 [pid 10973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 10973] write(3, "1000", 4) = 4 [pid 10973] close(3) = 0 [pid 10973] symlink("/dev/binderfs", "./binderfs" [pid 10972] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10973] <... symlink resumed>) = 0 [pid 10973] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10973] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10973] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10973] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10973] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10973] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10975]}, 88) = 10975 [pid 10973] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10973] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 151.383246][T10971] loop3: detected capacity change from 0 to 2048 [ 151.397230][T10968] loop0: detected capacity change from 0 to 2048 [pid 10973] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10974] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 10975 attached [pid 10972] <... write resumed>) = 1048576 [pid 10972] munmap(0x7fe453fca000, 138412032) = 0 [pid 10972] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10972] ioctl(4, LOOP_SET_FD, 3 [pid 10975] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10974] <... write resumed>) = 1048576 [pid 10975] <... set_robust_list resumed>) = 0 [pid 10975] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10975] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10975] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10973] <... futex resumed>) = 0 [pid 10973] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10973] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10975] <... futex resumed>) = 1 [pid 10975] memfd_create("syzkaller", 0) = 3 [pid 10975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10972] <... ioctl resumed>) = 0 [pid 10972] close(3 [pid 10974] munmap(0x7fe453fca000, 138412032 [pid 10972] <... close resumed>) = 0 [pid 10972] close(4 [pid 10974] <... munmap resumed>) = 0 [pid 10974] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10974] ioctl(4, LOOP_SET_FD, 3 [pid 10975] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10974] <... ioctl resumed>) = 0 [pid 10974] close(3) = 0 [pid 10974] close(4 [pid 10975] <... write resumed>) = 1048576 [pid 10968] <... close resumed>) = 0 [pid 10968] mkdir("./file0", 0777 [pid 10975] munmap(0x7fe453fca000, 138412032 [pid 10968] <... mkdir resumed>) = 0 [pid 10975] <... munmap resumed>) = 0 [pid 10968] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10975] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 10975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 10974] <... close resumed>) = 0 [pid 10972] <... close resumed>) = 0 [pid 10971] <... close resumed>) = 0 [pid 10972] mkdir("./file0", 0777 [pid 10975] close(3 [pid 10974] mkdir("./file0", 0777 [pid 10971] mkdir("./file0", 0777 [pid 10972] <... mkdir resumed>) = 0 [pid 10972] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10971] <... mkdir resumed>) = 0 [pid 10971] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10975] <... close resumed>) = 0 [pid 10974] <... mkdir resumed>) = 0 [pid 10974] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10975] close(4 [pid 10971] <... mount resumed>) = 0 [pid 10971] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10971] chdir("./file0") = 0 [pid 10971] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 10971] ioctl(4, LOOP_CLR_FD) = 0 [pid 10971] close(4) = 0 [pid 10971] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10967] <... futex resumed>) = 0 [pid 10967] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10971] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10967] <... futex resumed>) = 0 [pid 10967] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10971] <... openat resumed>) = 4 [pid 10971] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10967] <... futex resumed>) = 0 [pid 10967] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10967] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10971] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 10971] <... write resumed>) = 16 [pid 10967] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10971] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10967] <... mprotect resumed>) = 0 [pid 10967] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10971] <... futex resumed>) = 0 [pid 10967] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10971] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10967] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 10978 attached => {parent_tid=[10978]}, 88) = 10978 [pid 10967] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10967] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10978] set_robust_list(0x7fe45c3c99a0, 24 [pid 10967] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10978] <... set_robust_list resumed>) = 0 [pid 10978] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10978] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10978] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10967] <... futex resumed>) = 0 [pid 10978] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10967] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10971] <... futex resumed>) = 0 [pid 10967] <... futex resumed>) = 1 [pid 10972] <... mount resumed>) = 0 [pid 10971] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10967] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10971] <... mmap resumed>) = 0x20000000 [pid 10968] <... mount resumed>) = 0 [pid 10974] <... mount resumed>) = 0 [pid 10972] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10971] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10974] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10972] <... openat resumed>) = 3 [pid 10971] <... futex resumed>) = 1 [ 151.424430][T10972] loop4: detected capacity change from 0 to 2048 [ 151.432887][T10974] loop1: detected capacity change from 0 to 2048 [ 151.444478][T10975] loop2: detected capacity change from 0 to 2048 [pid 10968] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10967] <... futex resumed>) = 0 [pid 10974] <... openat resumed>) = 3 [pid 10972] chdir("./file0" [pid 10971] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10968] <... openat resumed>) = 3 [pid 10967] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10974] chdir("./file0" [pid 10972] <... chdir resumed>) = 0 [pid 10971] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10968] chdir("./file0" [pid 10967] <... futex resumed>) = 0 [pid 10974] <... chdir resumed>) = 0 [pid 10972] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10968] <... chdir resumed>) = 0 [pid 10967] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10968] ioctl(4, LOOP_CLR_FD) = 0 [pid 10968] close(4) = 0 [pid 10968] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10965] <... futex resumed>) = 0 [pid 10968] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10965] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10965] <... futex resumed>) = 0 [pid 10968] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10965] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10974] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 10974] ioctl(4, LOOP_CLR_FD) = 0 [pid 10974] close(4) = 0 [pid 10974] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10970] <... futex resumed>) = 0 [pid 10974] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10970] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10974] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10970] <... futex resumed>) = 0 [pid 10974] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10970] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10972] <... openat resumed>) = 4 [pid 10972] ioctl(4, LOOP_CLR_FD) = 0 [pid 10972] close(4) = 0 [pid 10972] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10969] <... futex resumed>) = 0 [pid 10972] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10969] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10972] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10969] <... futex resumed>) = 0 [pid 10972] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10969] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10975] <... close resumed>) = 0 [pid 10974] <... openat resumed>) = 4 [pid 10972] <... openat resumed>) = 4 [pid 10968] <... openat resumed>) = 4 [pid 10975] mkdir("./file0", 0777 [pid 10974] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10972] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10968] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10975] <... mkdir resumed>) = 0 [pid 10974] <... futex resumed>) = 1 [pid 10972] <... futex resumed>) = 1 [pid 10970] <... futex resumed>) = 0 [pid 10969] <... futex resumed>) = 0 [pid 10968] <... futex resumed>) = 1 [pid 10965] <... futex resumed>) = 0 [pid 10975] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10974] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10972] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10970] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10969] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10968] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10965] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10974] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10972] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10970] <... futex resumed>) = 0 [pid 10969] <... futex resumed>) = 0 [pid 10968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10965] <... futex resumed>) = 0 [pid 10974] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10972] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10970] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10969] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10968] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10965] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10974] <... write resumed>) = 16 [pid 10972] <... write resumed>) = 16 [pid 10970] <... futex resumed>) = 0 [pid 10969] <... futex resumed>) = 0 [pid 10968] <... write resumed>) = 16 [pid 10965] <... futex resumed>) = 0 [pid 10974] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10972] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10968] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10965] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10974] <... futex resumed>) = 0 [pid 10972] <... futex resumed>) = 0 [pid 10970] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10969] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10968] <... futex resumed>) = 0 [pid 10965] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10974] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10972] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10970] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10969] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10968] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10965] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 10970] <... mprotect resumed>) = 0 [pid 10969] <... mprotect resumed>) = 0 [pid 10965] <... mprotect resumed>) = 0 [pid 10970] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10969] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10965] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10970] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10969] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10965] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10965] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 10970] <... clone3 resumed> => {parent_tid=[10985]}, 88) = 10985 [pid 10969] <... clone3 resumed> => {parent_tid=[10986]}, 88) = 10986 [pid 10965] <... clone3 resumed> => {parent_tid=[10987]}, 88) = 10987 [pid 10970] rt_sigprocmask(SIG_SETMASK, [], [pid 10969] rt_sigprocmask(SIG_SETMASK, [], [pid 10965] rt_sigprocmask(SIG_SETMASK, [], [pid 10970] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10965] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10970] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10969] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10965] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10970] <... futex resumed>) = 0 [pid 10969] <... futex resumed>) = 0 [pid 10965] <... futex resumed>) = 0 [pid 10970] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10969] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10965] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10985 attached [pid 10971] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10971] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10971] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10967] <... futex resumed>) = 0 [pid 10971] <... futex resumed>) = 1 [pid 10967] exit_group(0 [pid 10971] ????( [pid 10967] <... exit_group resumed>) = ? [pid 10978] <... futex resumed>) = ? [pid 10971] <... ???? resumed>) = -1 (errno 18446744073709551555) [pid 10978] +++ exited with 0 +++ [pid 10985] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10985] rt_sigprocmask(SIG_SETMASK, [], [pid 10971] +++ exited with 0 +++ [pid 10967] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10967, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./426", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./426", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 10987 attached ./strace-static-x86_64: Process 10986 attached ) = 3 [pid 10987] set_robust_list(0x7fe45c3c99a0, 24 [pid 10986] set_robust_list(0x7fe45c3c99a0, 24 [pid 10987] <... set_robust_list resumed>) = 0 [pid 10986] <... set_robust_list resumed>) = 0 [pid 10987] rt_sigprocmask(SIG_SETMASK, [], [pid 10986] rt_sigprocmask(SIG_SETMASK, [], [pid 10987] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10986] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./426/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./426/binderfs", [pid 10987] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10986] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10987] <... write resumed>) = 16 [pid 10986] <... write resumed>) = 16 [pid 298] unlink("./426/binderfs" [pid 10987] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10986] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... unlink resumed>) = 0 [pid 10987] <... futex resumed>) = 1 [pid 10986] <... futex resumed>) = 1 [pid 10969] <... futex resumed>) = 0 [pid 10965] <... futex resumed>) = 0 [pid 298] umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10987] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10986] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10969] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10965] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10972] <... futex resumed>) = 0 [pid 10969] <... futex resumed>) = 1 [pid 10968] <... futex resumed>) = 0 [pid 10965] <... futex resumed>) = 1 [pid 10972] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10969] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10968] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10965] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10972] <... mmap resumed>) = 0x20000000 [pid 10968] <... mmap resumed>) = 0x20000000 [pid 10972] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10968] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10972] <... futex resumed>) = 1 [pid 10969] <... futex resumed>) = 0 [pid 10968] <... futex resumed>) = 1 [pid 10965] <... futex resumed>) = 0 [pid 10969] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10985] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10985] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10970] <... futex resumed>) = 0 [pid 10970] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10974] <... futex resumed>) = 0 [pid 10970] <... futex resumed>) = 1 [pid 10974] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10970] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10974] <... mmap resumed>) = 0x20000000 [pid 10974] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10970] <... futex resumed>) = 0 [pid 10974] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10970] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10974] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10970] <... futex resumed>) = 0 [pid 10970] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10985] <... futex resumed>) = 1 [pid 10985] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10968] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 151.486366][T10971] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10965] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10968] <... futex resumed>) = 0 [pid 10965] <... futex resumed>) = 1 [pid 10969] <... futex resumed>) = 0 [pid 10968] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10965] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10969] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10968] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10968] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10965] <... futex resumed>) = 0 [pid 10968] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10965] exit_group(0 [pid 10987] <... futex resumed>) = ? [pid 10968] <... futex resumed>) = ? [pid 10965] <... exit_group resumed>) = ? [pid 10987] +++ exited with 0 +++ [pid 10974] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10974] sendfile(-1, -1, [0] [pid 10968] +++ exited with 0 +++ [pid 10965] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10965, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 10974] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 10974] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10970] <... futex resumed>) = 0 [pid 10974] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10972] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10972] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10972] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10975] <... mount resumed>) = 0 [pid 10970] exit_group(0 [pid 10985] <... futex resumed>) = ? [pid 10975] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 10974] <... futex resumed>) = ? [pid 10970] <... exit_group resumed>) = ? [pid 295] <... restart_syscall resumed>) = 0 [pid 10985] +++ exited with 0 +++ [pid 295] umount2("./425", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./425", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", [pid 10974] +++ exited with 0 +++ [pid 10970] +++ exited with 0 +++ [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10975] <... openat resumed>) = 3 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10970, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] getdents64(3, [pid 10975] chdir("./file0") = 0 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10975] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 295] umount2("./425/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10975] <... openat resumed>) = 4 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10975] ioctl(4, LOOP_CLR_FD [pid 296] <... restart_syscall resumed>) = 0 [pid 295] newfstatat(AT_FDCWD, "./425/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./426", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] unlink("./425/binderfs" [pid 10975] <... ioctl resumed>) = 0 [pid 296] openat(AT_FDCWD, "./426", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... unlink resumed>) = 0 [pid 10975] close(4 [pid 296] <... openat resumed>) = 3 [pid 296] newfstatat(3, "", [pid 295] umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10975] <... close resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 10975] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./426/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./426/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./426/binderfs") = 0 [pid 296] umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./426/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./426/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", [pid 10975] <... futex resumed>) = 1 [pid 10973] <... futex resumed>) = 0 [pid 10975] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10973] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 10973] <... futex resumed>) = 0 [pid 10975] <... openat resumed>) = 4 [pid 10973] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10975] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10973] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10975] <... futex resumed>) = 0 [pid 10973] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10975] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10973] <... futex resumed>) = 0 [pid 10973] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] getdents64(4, [pid 10975] <... write resumed>) = 16 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10973] <... futex resumed>) = 0 [pid 10975] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10973] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10975] <... futex resumed>) = 0 [pid 10973] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10975] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10973] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 298] close(4 [pid 10973] <... mprotect resumed>) = 0 [pid 10973] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] <... close resumed>) = 0 [pid 10973] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10973] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 298] rmdir("./426/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 10973] <... clone3 resumed> => {parent_tid=[10990]}, 88) = 10990 [pid 298] close(3) = 0 [pid 298] rmdir("./426" [pid 10973] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 298] mkdir("./427", 0777) = 0 [pid 10969] <... futex resumed>) = 0 [pid 10969] exit_group(0 [pid 10986] <... futex resumed>) = ? [pid 10969] <... exit_group resumed>) = ? [pid 10986] +++ exited with 0 +++ [pid 10972] <... futex resumed>) = ? [pid 10972] +++ exited with 0 +++ [pid 10969] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10969, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 10973] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./421", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./421", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10973] <... futex resumed>) = 0 [pid 299] getdents64(3, [pid 10973] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] <... openat resumed>) = 3 [pid 299] umount2("./421/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] ioctl(3, LOOP_CLR_FD [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... ioctl resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./421/binderfs", [pid 298] close(3 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... close resumed>) = 0 [pid 299] unlink("./421/binderfs") = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 10991 ./strace-static-x86_64: Process 10990 attached [pid 10990] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 10990] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10990] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 10990] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10973] <... futex resumed>) = 0 [pid 10990] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10973] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 10991 attached [pid 10975] <... futex resumed>) = 0 [pid 10973] <... futex resumed>) = 1 [pid 10991] set_robust_list(0x5555557b6760, 24 [pid 10975] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10973] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10991] <... set_robust_list resumed>) = 0 [pid 10991] chdir("./427") = 0 [pid 10975] <... mmap resumed>) = 0x20000000 [pid 10991] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10991] setpgid(0, 0 [pid 10975] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10991] <... setpgid resumed>) = 0 [pid 10991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10975] <... futex resumed>) = 1 [pid 10973] <... futex resumed>) = 0 [ 151.524273][T10972] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 151.534960][T10968] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 151.543585][T10974] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 10973] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10991] <... openat resumed>) = 3 [pid 10991] write(3, "1000", 4) = 4 [pid 10991] close(3) = 0 [pid 10991] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10991] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10991] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 10991] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 10991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 10991] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10991] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[10992]}, 88) = 10992 [pid 10991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10991] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10991] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 10992 attached [pid 10992] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 10992] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10992] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 10992] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10991] <... futex resumed>) = 0 [pid 10991] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10991] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10992] <... futex resumed>) = 1 [pid 10992] memfd_create("syzkaller", 0) = 3 [pid 10992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10992] munmap(0x7fe453fca000, 138412032) = 0 [pid 10992] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 10973] <... futex resumed>) = 0 [pid 10973] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10975] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10975] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10975] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10973] <... futex resumed>) = 0 [pid 10975] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10973] exit_group(0 [pid 10990] <... futex resumed>) = ? [pid 10975] <... futex resumed>) = ? [pid 10973] <... exit_group resumed>) = ? [pid 10990] +++ exited with 0 +++ [pid 10975] +++ exited with 0 +++ [pid 10973] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10973, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./426", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./426", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./426/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./426/binderfs", [pid 10992] <... openat resumed>) = 4 [pid 296] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./426/binderfs" [pid 10992] ioctl(4, LOOP_SET_FD, 3 [pid 299] <... umount2 resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 297] umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./421/file0", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] newfstatat(AT_FDCWD, "./426/file0", [pid 299] umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./421/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./425/file0", [pid 299] <... openat resumed>) = 4 [pid 296] openat(AT_FDCWD, "./426/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] newfstatat(4, "", [pid 296] <... openat resumed>) = 4 [pid 295] umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] newfstatat(4, "", [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] getdents64(4, [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] openat(AT_FDCWD, "./425/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] getdents64(4, [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, [pid 295] <... openat resumed>) = 4 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] getdents64(4, [pid 295] newfstatat(4, "", [pid 299] close(4 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [ 151.598175][T10975] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 299] <... close resumed>) = 0 [pid 296] close(4 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] rmdir("./421/file0" [pid 296] <... close resumed>) = 0 [pid 295] getdents64(4, [pid 10992] <... ioctl resumed>) = 0 [pid 10992] close(3 [pid 299] <... rmdir resumed>) = 0 [pid 296] rmdir("./426/file0" [pid 299] getdents64(3, [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] <... rmdir resumed>) = 0 [pid 295] getdents64(4, [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] getdents64(3, [pid 299] close(3 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] <... close resumed>) = 0 [pid 296] close(3 [pid 295] close(4 [pid 299] rmdir("./421" [pid 296] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 10992] <... close resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 296] rmdir("./426" [pid 295] rmdir("./425/file0" [pid 296] <... rmdir resumed>) = 0 [pid 10992] close(4 [pid 295] <... rmdir resumed>) = 0 [pid 299] mkdir("./422", 0777 [pid 296] mkdir("./427", 0777 [pid 295] getdents64(3, [pid 10992] <... close resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 295] close(3 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10992] mkdir("./file0", 0777 [pid 299] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 295] <... close resumed>) = 0 [pid 10992] <... mkdir resumed>) = 0 [pid 10992] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 295] rmdir("./425" [pid 296] ioctl(3, LOOP_CLR_FD [pid 299] ioctl(3, LOOP_CLR_FD [pid 295] <... rmdir resumed>) = 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 296] close(3 [pid 295] mkdir("./426", 0777 [pid 296] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... mkdir resumed>) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 10993 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 10994 [pid 295] <... openat resumed>) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 10995 ./strace-static-x86_64: Process 10993 attached [pid 10993] set_robust_list(0x5555557b6760, 24) = 0 [pid 10993] chdir("./427") = 0 [pid 10993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 10993] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 10994 attached ./strace-static-x86_64: Process 10995 attached [pid 10994] set_robust_list(0x5555557b6760, 24 [pid 10995] set_robust_list(0x5555557b6760, 24 [pid 10994] <... set_robust_list resumed>) = 0 [pid 10995] <... set_robust_list resumed>) = 0 [pid 10995] chdir("./426" [pid 10993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10995] <... chdir resumed>) = 0 [pid 10994] chdir("./422") = 0 [pid 10995] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10994] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10995] <... prctl resumed>) = 0 [pid 10994] <... prctl resumed>) = 0 [pid 10995] setpgid(0, 0 [pid 10994] setpgid(0, 0 [pid 10995] <... setpgid resumed>) = 0 [pid 10994] <... setpgid resumed>) = 0 [pid 10995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10995] <... openat resumed>) = 3 [pid 10994] <... openat resumed>) = 3 [pid 10994] write(3, "1000", 4 [pid 10995] write(3, "1000", 4 [pid 10993] <... openat resumed>) = 3 [pid 10993] write(3, "1000", 4) = 4 [pid 10995] <... write resumed>) = 4 [pid 10994] <... write resumed>) = 4 [pid 10995] close(3 [pid 10994] close(3 [pid 10995] <... close resumed>) = 0 [pid 10994] <... close resumed>) = 0 [pid 10995] symlink("/dev/binderfs", "./binderfs" [pid 10994] symlink("/dev/binderfs", "./binderfs" [pid 10993] close(3 [pid 10995] <... symlink resumed>) = 0 [pid 10994] <... symlink resumed>) = 0 [pid 10993] <... close resumed>) = 0 [pid 10995] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10994] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10995] <... futex resumed>) = 0 [pid 10994] <... futex resumed>) = 0 [pid 10995] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10994] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10995] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10994] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10995] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10994] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10995] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 10995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10995] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10994] <... mmap resumed>) = 0x7fe45c3ca000 [pid 10995] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10994] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10995] <... mprotect resumed>) = 0 [pid 10994] <... mprotect resumed>) = 0 [pid 10994] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10995] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10994] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10995] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10995] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 10998 attached ./strace-static-x86_64: Process 10997 attached [pid 10994] <... clone3 resumed> => {parent_tid=[10997]}, 88) = 10997 [pid 10993] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10998] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10997] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10995] <... clone3 resumed> => {parent_tid=[10998]}, 88) = 10998 [pid 10994] rt_sigprocmask(SIG_SETMASK, [], [pid 10993] <... futex resumed>) = 0 [pid 10992] <... mount resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 10992] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 297] umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10992] <... openat resumed>) = 3 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10992] chdir("./file0" [pid 297] newfstatat(AT_FDCWD, "./426/file0", [pid 10992] <... chdir resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 10998] <... set_robust_list resumed>) = 0 [pid 10997] <... set_robust_list resumed>) = 0 [pid 10995] rt_sigprocmask(SIG_SETMASK, [], [pid 10994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10993] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 10992] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 10998] rt_sigprocmask(SIG_SETMASK, [], [pid 10997] rt_sigprocmask(SIG_SETMASK, [], [pid 10992] <... openat resumed>) = 4 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 10998] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10997] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10995] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10994] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10993] <... rt_sigaction resumed>NULL, 8) = 0 [pid 10992] ioctl(4, LOOP_CLR_FD [pid 297] openat(AT_FDCWD, "./426/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 10998] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10997] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10995] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10994] <... futex resumed>) = 0 [pid 10993] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 10992] <... ioctl resumed>) = 0 [pid 297] <... openat resumed>) = 4 [pid 10998] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10997] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10995] <... futex resumed>) = 0 [pid 10994] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10993] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10992] close(4 [pid 297] newfstatat(4, "", [pid 10998] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10997] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10995] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10994] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10992] <... close resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 10998] <... futex resumed>) = 0 [pid 10997] <... futex resumed>) = 0 [pid 10995] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10994] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10993] <... mmap resumed>) = 0x7fe45c3ca000 [pid 297] getdents64(4, [pid 10998] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10995] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10994] <... futex resumed>) = 0 [pid 10993] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 10992] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10995] <... futex resumed>) = 0 [pid 10994] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 10993] <... mprotect resumed>) = 0 [pid 10995] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 10992] <... futex resumed>) = 1 [pid 10991] <... futex resumed>) = 0 [pid 10997] memfd_create("syzkaller", 0 [pid 10998] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10997] <... memfd_create resumed>) = 3 [pid 10993] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10992] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10991] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(4, [pid 10998] memfd_create("syzkaller", 0 [pid 10997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10993] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10992] <... openat resumed>) = 4 [pid 10991] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 10998] <... memfd_create resumed>) = 3 [pid 10997] <... mmap resumed>) = 0x7fe453fca000 [pid 10998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10993] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10991] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] close(4 [pid 10992] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10992] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10998] <... mmap resumed>) = 0x7fe453fca000 [ 151.640275][T10992] loop3: detected capacity change from 0 to 2048 ./strace-static-x86_64: Process 11000 attached [pid 10997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10991] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... close resumed>) = 0 [pid 10998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10993] <... clone3 resumed> => {parent_tid=[11000]}, 88) = 11000 [pid 10991] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] rmdir("./426/file0" [pid 11000] set_robust_list(0x7fe45c3ea9a0, 24 [pid 10997] <... write resumed>) = 1048576 [pid 10993] rt_sigprocmask(SIG_SETMASK, [], [pid 10992] <... futex resumed>) = 0 [pid 10991] <... futex resumed>) = 1 [pid 297] <... rmdir resumed>) = 0 [pid 11000] <... set_robust_list resumed>) = 0 [pid 10997] munmap(0x7fe453fca000, 138412032 [pid 10993] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10992] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10991] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(3, [pid 11000] rt_sigprocmask(SIG_SETMASK, [], [pid 10997] <... munmap resumed>) = 0 [pid 10993] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10992] <... write resumed>) = 16 [pid 10991] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 11000] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10997] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 10993] <... futex resumed>) = 0 [pid 10992] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] close(3 [pid 11000] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 10997] <... openat resumed>) = 4 [pid 10993] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10992] <... futex resumed>) = 0 [pid 10991] <... mmap resumed>) = 0x7fe45c3a9000 [pid 297] <... close resumed>) = 0 [pid 11000] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 10997] ioctl(4, LOOP_SET_FD, 3 [pid 10992] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10991] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 297] rmdir("./426" [pid 10998] <... write resumed>) = 1048576 [pid 10998] munmap(0x7fe453fca000, 138412032) = 0 [pid 10998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10998] ioctl(4, LOOP_SET_FD, 3 [pid 11000] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10997] <... ioctl resumed>) = 0 [pid 10991] <... mprotect resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 11000] <... futex resumed>) = 1 [pid 10993] <... futex resumed>) = 0 [pid 10991] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] mkdir("./427", 0777 [pid 11000] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10993] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10991] <... rt_sigprocmask resumed>[], 8) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 11000] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10993] <... futex resumed>) = 0 [pid 10991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11000] memfd_create("syzkaller", 0 [pid 10993] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 297] <... openat resumed>) = 3 [pid 11000] <... memfd_create resumed>) = 3 [pid 10991] <... clone3 resumed> => {parent_tid=[11001]}, 88) = 11001 [pid 297] ioctl(3, LOOP_CLR_FD [pid 11000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 10991] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11000] <... mmap resumed>) = 0x7fe453fca000 [pid 10991] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] close(3./strace-static-x86_64: Process 11001 attached [pid 11000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 10998] <... ioctl resumed>) = 0 [pid 10997] close(3 [pid 10991] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... close resumed>) = 0 [pid 10991] <... futex resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10991] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 11002 ./strace-static-x86_64: Process 11002 attached [pid 11001] set_robust_list(0x7fe45c3c99a0, 24 [pid 10998] close(3 [pid 10997] <... close resumed>) = 0 [pid 10998] <... close resumed>) = 0 [pid 10997] close(4 [pid 11001] <... set_robust_list resumed>) = 0 [pid 10998] close(4 [pid 11001] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11001] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11001] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10991] <... futex resumed>) = 0 [pid 11001] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10991] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11000] <... write resumed>) = 1048576 [pid 10991] <... futex resumed>) = 1 [pid 10992] <... futex resumed>) = 0 [pid 11002] set_robust_list(0x5555557b6760, 24 [pid 11000] munmap(0x7fe453fca000, 138412032 [pid 10991] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11002] <... set_robust_list resumed>) = 0 [pid 10992] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11000] <... munmap resumed>) = 0 [pid 10992] <... mmap resumed>) = 0x20000000 [pid 10992] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10991] <... futex resumed>) = 0 [pid 10992] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10991] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10991] <... futex resumed>) = 0 [pid 11000] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11000] ioctl(4, LOOP_SET_FD, 3 [pid 11002] chdir("./427" [pid 10992] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10991] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11000] <... ioctl resumed>) = 0 [pid 11000] close(3) = 0 [pid 11000] close(4 [pid 11002] <... chdir resumed>) = 0 [pid 11002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11002] setpgid(0, 0 [pid 10998] <... close resumed>) = 0 [pid 10997] <... close resumed>) = 0 [pid 11002] <... setpgid resumed>) = 0 [pid 10998] mkdir("./file0", 0777 [pid 10997] mkdir("./file0", 0777 [pid 11002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10997] <... mkdir resumed>) = 0 [pid 10992] sendfile(-1, -1, [0] [pid 10997] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10998] <... mkdir resumed>) = 0 [pid 11002] <... openat resumed>) = 3 [pid 10998] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10992] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11002] write(3, "1000", 4) = 4 [pid 11002] close(3) = 0 [pid 11002] symlink("/dev/binderfs", "./binderfs" [pid 10992] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10991] <... futex resumed>) = 0 [pid 10991] exit_group(0 [pid 11002] <... symlink resumed>) = 0 [pid 11001] <... futex resumed>) = ? [pid 10991] <... exit_group resumed>) = ? [pid 11002] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11001] +++ exited with 0 +++ [pid 10992] <... futex resumed>) = ? [pid 11002] <... futex resumed>) = 0 [pid 11002] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11002] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11002] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11002] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11002] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11003]}, 88) = 11003 [pid 11002] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 11003 attached NULL, 8) = 0 [pid 11003] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11002] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11003] <... set_robust_list resumed>) = 0 [pid 11002] <... futex resumed>) = 0 [pid 11003] rt_sigprocmask(SIG_SETMASK, [], [pid 11002] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11003] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11003] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11003] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11002] <... futex resumed>) = 0 [pid 11002] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11002] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11003] <... futex resumed>) = 1 [pid 11003] memfd_create("syzkaller", 0 [pid 10992] +++ exited with 0 +++ [pid 10991] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10991, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 11003] <... memfd_create resumed>) = 3 [pid 11003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 298] <... restart_syscall resumed>) = 0 [pid 298] umount2("./427", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./427", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./427/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./427/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./427/binderfs") = 0 [pid 298] umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 10998] <... mount resumed>) = 0 [pid 10998] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10998] chdir("./file0") = 0 [pid 10998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 10998] ioctl(4, LOOP_CLR_FD) = 0 [pid 10998] close(4) = 0 [pid 10998] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10995] <... futex resumed>) = 0 [pid 10998] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10995] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10995] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10998] <... openat resumed>) = 4 [pid 10998] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10995] <... futex resumed>) = 0 [pid 10995] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10998] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10995] <... futex resumed>) = 0 [pid 10998] <... write resumed>) = 16 [pid 10995] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10998] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10995] <... futex resumed>) = 0 [pid 10998] <... futex resumed>) = 0 [pid 10995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 10998] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10995] <... mmap resumed>) = 0x7fe45c3a9000 [pid 10995] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 10995] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 10995] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 11006 attached => {parent_tid=[11006]}, 88) = 11006 [pid 10995] rt_sigprocmask(SIG_SETMASK, [], [pid 11006] set_robust_list(0x7fe45c3c99a0, 24 [pid 10995] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10995] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10995] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11003] munmap(0x7fe453fca000, 138412032 [pid 11006] <... set_robust_list resumed>) = 0 [pid 11006] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11006] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11003] <... munmap resumed>) = 0 [pid 11003] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11006] <... write resumed>) = 16 [pid 11003] <... openat resumed>) = 4 [ 151.704672][T10997] loop4: detected capacity change from 0 to 2048 [ 151.707648][T10998] loop0: detected capacity change from 0 to 2048 [ 151.729307][T10992] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 151.729531][T11000] loop1: detected capacity change from 0 to 2048 [pid 11003] ioctl(4, LOOP_SET_FD, 3 [pid 11006] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11000] <... close resumed>) = 0 [pid 11000] mkdir("./file0", 0777) = 0 [pid 11000] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 10995] <... futex resumed>) = 0 [pid 10995] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10998] <... futex resumed>) = 0 [pid 10995] <... futex resumed>) = 1 [pid 10998] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10995] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10998] <... mmap resumed>) = 0x20000000 [pid 10998] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10995] <... futex resumed>) = 0 [pid 10998] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10995] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10998] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10995] <... futex resumed>) = 0 [pid 10995] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./427/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./427/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./427/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./427" [pid 11006] <... futex resumed>) = 1 [pid 11003] <... ioctl resumed>) = 0 [pid 10997] <... mount resumed>) = 0 [pid 10997] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 10997] chdir("./file0") = 0 [pid 10997] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 10997] ioctl(4, LOOP_CLR_FD) = 0 [pid 10997] close(4) = 0 [pid 10997] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10997] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11003] close(3 [pid 11006] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11003] <... close resumed>) = 0 [pid 11003] close(4 [pid 298] <... rmdir resumed>) = 0 [pid 298] mkdir("./428", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11009 [pid 10994] <... futex resumed>) = 0 [pid 10994] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10997] <... futex resumed>) = 0 [pid 10994] <... futex resumed>) = 1 [pid 10997] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10994] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10997] <... openat resumed>) = 4 [pid 10997] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10994] <... futex resumed>) = 0 [pid 10997] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10994] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10994] <... futex resumed>) = 0 [pid 10997] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10994] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10997] <... write resumed>) = 16 [pid 10994] <... futex resumed>) = 0 ./strace-static-x86_64: Process 11009 attached [pid 10998] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10997] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11009] set_robust_list(0x5555557b6760, 24 [pid 10997] <... futex resumed>) = 0 [pid 10994] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11009] <... set_robust_list resumed>) = 0 [pid 10998] sendfile(-1, -1, [0] [pid 10997] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10994] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11009] chdir("./428" [pid 10994] <... mprotect resumed>) = 0 [pid 11009] <... chdir resumed>) = 0 [pid 10998] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11009] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 10994] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11009] <... prctl resumed>) = 0 [pid 10998] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10994] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11009] setpgid(0, 0 [pid 10994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11009] <... setpgid resumed>) = 0 [pid 10998] <... futex resumed>) = 1 [pid 10995] <... futex resumed>) = 0 [pid 11009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 10998] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10995] exit_group(0./strace-static-x86_64: Process 11010 attached [pid 11009] <... openat resumed>) = 3 [pid 11006] <... futex resumed>) = ? [pid 10998] <... futex resumed>) = ? [pid 10995] <... exit_group resumed>) = ? [pid 11010] set_robust_list(0x7fe45c3c99a0, 24 [pid 11009] write(3, "1000", 4 [pid 11006] +++ exited with 0 +++ [pid 10998] +++ exited with 0 +++ [pid 10995] +++ exited with 0 +++ [pid 10994] <... clone3 resumed> => {parent_tid=[11010]}, 88) = 11010 [pid 11009] <... write resumed>) = 4 [pid 11009] close(3) = 0 [pid 11009] symlink("/dev/binderfs", "./binderfs" [pid 11010] <... set_robust_list resumed>) = 0 [pid 11009] <... symlink resumed>) = 0 [pid 10994] rt_sigprocmask(SIG_SETMASK, [], [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10995, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 11009] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11009] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11009] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11009] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11009] rt_sigprocmask(SIG_BLOCK, ~[], [pid 10994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11010] rt_sigprocmask(SIG_SETMASK, [], [pid 11009] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 10994] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11009] <... clone3 resumed> => {parent_tid=[11011]}, 88) = 11011 [pid 11010] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11009] rt_sigprocmask(SIG_SETMASK, [], [pid 10994] <... futex resumed>) = 0 [pid 295] umount2("./426", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 10994] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11009] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11009] <... futex resumed>) = 0 [pid 11009] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] openat(AT_FDCWD, "./426", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 ./strace-static-x86_64: Process 11011 attached [pid 295] newfstatat(3, "", [pid 11011] set_robust_list(0x7fe45c3ea9a0, 24 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11011] <... set_robust_list resumed>) = 0 [pid 295] getdents64(3, [pid 11011] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./426/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./426/binderfs", [pid 11011] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11011] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 295] unlink("./426/binderfs" [pid 11011] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11009] <... futex resumed>) = 0 [pid 11009] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11009] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 295] <... unlink resumed>) = 0 [pid 11011] <... futex resumed>) = 1 [pid 295] umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11011] memfd_create("syzkaller", 0 [pid 11010] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11011] <... memfd_create resumed>) = 3 [pid 11010] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 10994] <... futex resumed>) = 0 [pid 11010] <... futex resumed>) = 1 [pid 10994] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10997] <... futex resumed>) = 0 [pid 10994] <... futex resumed>) = 1 [pid 10997] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10994] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [ 151.789553][T11003] loop2: detected capacity change from 0 to 2048 [ 151.796317][T10998] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11010] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10997] <... mmap resumed>) = 0x20000000 [pid 10997] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10994] <... futex resumed>) = 0 [pid 10997] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10994] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 10997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10994] <... futex resumed>) = 0 [pid 11011] <... write resumed>) = 1048576 [pid 11011] munmap(0x7fe453fca000, 138412032) = 0 [pid 11011] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11011] ioctl(4, LOOP_SET_FD, 3 [pid 10997] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 10994] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10997] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 10997] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10994] <... futex resumed>) = 0 [pid 10994] exit_group(0 [pid 11010] <... futex resumed>) = ? [pid 10994] <... exit_group resumed>) = ? [pid 11010] +++ exited with 0 +++ [pid 10997] <... futex resumed>) = ? [pid 10997] +++ exited with 0 +++ [pid 10994] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10994, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] umount2("./422", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./422", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11011] <... ioctl resumed>) = 0 [pid 299] getdents64(3, [pid 11011] close(3 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./422/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11011] <... close resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./422/binderfs", [pid 11011] close(4 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./422/binderfs") = 0 [pid 299] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11003] <... close resumed>) = 0 [pid 11003] mkdir("./file0", 0777) = 0 [pid 11003] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./426/file0", [pid 11011] <... close resumed>) = 0 [pid 11011] mkdir("./file0", 0777 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11011] <... mkdir resumed>) = 0 [pid 11011] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./426/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 11000] <... mount resumed>) = 0 [pid 295] rmdir("./426/file0" [pid 11000] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 295] <... rmdir resumed>) = 0 [pid 11000] <... openat resumed>) = 3 [pid 11000] chdir("./file0" [pid 295] getdents64(3, [pid 11000] <... chdir resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 11000] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 295] close(3 [pid 11000] ioctl(4, LOOP_CLR_FD) = 0 [pid 11000] close(4 [pid 295] <... close resumed>) = 0 [pid 11000] <... close resumed>) = 0 [pid 295] rmdir("./426" [pid 11000] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10993] <... futex resumed>) = 0 [pid 11000] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 10993] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... rmdir resumed>) = 0 [pid 10993] <... futex resumed>) = 0 [pid 10993] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11000] <... openat resumed>) = 4 [pid 295] mkdir("./427", 0777 [pid 11000] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10993] <... futex resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 11000] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10993] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11000] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10993] <... futex resumed>) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11000] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 10993] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11000] <... write resumed>) = 16 [pid 10993] <... futex resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 11000] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 295] ioctl(3, LOOP_CLR_FD [pid 11000] <... futex resumed>) = 0 [pid 10993] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11000] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10993] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 10993] <... mprotect resumed>) = 0 [pid 10993] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] close(3 [pid 10993] <... rt_sigprocmask resumed>[], 8) = 0 [pid 10993] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 295] <... close resumed>) = 0 ./strace-static-x86_64: Process 11017 attached [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 10993] <... clone3 resumed> => {parent_tid=[11017]}, 88) = 11017 [pid 11017] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11017] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11017] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10993] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 10993] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 10993] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 11018 [pid 11017] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11017] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11017] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10993] <... futex resumed>) = 0 [pid 11017] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10993] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11000] <... futex resumed>) = 0 [pid 10993] <... futex resumed>) = 1 [pid 11000] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 10993] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11000] <... mmap resumed>) = 0x20000000 [pid 11000] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 10993] <... futex resumed>) = 0 [pid 11000] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 10993] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 151.828075][T10997] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 151.832580][T11011] loop3: detected capacity change from 0 to 2048 [pid 11000] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 10993] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11018 attached [pid 11018] set_robust_list(0x5555557b6760, 24) = 0 [pid 11018] chdir("./427") = 0 [pid 11018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11018] setpgid(0, 0) = 0 [pid 11018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11018] write(3, "1000", 4) = 4 [pid 11018] close(3) = 0 [pid 11018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11018] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11018] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11018] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11018] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11020]}, 88) = 11020 [pid 11018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11018] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11018] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11020 attached [pid 11020] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11020] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11020] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11020] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11018] <... futex resumed>) = 0 [pid 11018] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11018] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11020] <... futex resumed>) = 1 [pid 11020] memfd_create("syzkaller", 0) = 3 [pid 11020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11003] <... mount resumed>) = 0 [pid 11000] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11003] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11011] <... mount resumed>) = 0 [pid 11003] <... openat resumed>) = 3 [pid 11011] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11003] chdir("./file0" [pid 11011] <... openat resumed>) = 3 [pid 11011] chdir("./file0") = 0 [pid 11011] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11003] <... chdir resumed>) = 0 [pid 11011] ioctl(4, LOOP_CLR_FD) = 0 [pid 11011] close(4 [pid 11003] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11011] <... close resumed>) = 0 [pid 11003] <... openat resumed>) = 4 [pid 11011] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11003] ioctl(4, LOOP_CLR_FD [pid 11011] <... futex resumed>) = 1 [pid 11009] <... futex resumed>) = 0 [pid 11003] <... ioctl resumed>) = 0 [pid 11011] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11009] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11003] close(4 [pid 11011] <... openat resumed>) = 4 [pid 11009] <... futex resumed>) = 0 [pid 11003] <... close resumed>) = 0 [pid 11011] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11009] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11003] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11011] <... futex resumed>) = 0 [pid 11009] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11009] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11003] <... futex resumed>) = 1 [pid 11002] <... futex resumed>) = 0 [pid 11011] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11009] <... futex resumed>) = 0 [pid 11003] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11002] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11011] <... write resumed>) = 16 [pid 11009] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11011] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11009] <... futex resumed>) = 0 [pid 11003] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11002] <... futex resumed>) = 0 [pid 11011] <... futex resumed>) = 0 [pid 11009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11011] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11009] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11003] <... openat resumed>) = 4 [pid 11002] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11009] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11003] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11002] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11009] <... mprotect resumed>) = 0 [pid 11003] <... futex resumed>) = 0 [pid 11002] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11009] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11003] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11002] <... futex resumed>) = 0 [pid 11009] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11003] <... write resumed>) = 16 [pid 11002] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11003] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11002] <... futex resumed>) = 0 [pid 11003] <... futex resumed>) = 0 [pid 11002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11009] <... clone3 resumed> => {parent_tid=[11022]}, 88) = 11022 [pid 11003] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11002] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11009] rt_sigprocmask(SIG_SETMASK, [], [pid 11002] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11002] <... mprotect resumed>) = 0 [pid 11009] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11009] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11002] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11002] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11023]}, 88) = 11023 [pid 11002] rt_sigprocmask(SIG_SETMASK, [], [pid 11000] sendfile(-1, -1, [0] [pid 11002] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11002] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11000] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11000] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 10993] <... futex resumed>) = 0 [pid 11002] <... futex resumed>) = 0 [pid 10993] exit_group(0 [pid 11017] <... futex resumed>) = ? [pid 11002] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 10993] <... exit_group resumed>) = ? [pid 11017] +++ exited with 0 +++ [pid 11000] <... futex resumed>) = ? [pid 11000] +++ exited with 0 +++ [pid 10993] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10993, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./427", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./427", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./427/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./427/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./427/binderfs") = 0 [ 151.875943][T11000] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 296] umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 11023 attached ./strace-static-x86_64: Process 11022 attached [pid 11020] <... write resumed>) = 1048576 [pid 299] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 11023] set_robust_list(0x7fe45c3c99a0, 24 [pid 11022] set_robust_list(0x7fe45c3c99a0, 24 [pid 299] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11023] <... set_robust_list resumed>) = 0 [pid 11022] <... set_robust_list resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11023] rt_sigprocmask(SIG_SETMASK, [], [pid 11022] rt_sigprocmask(SIG_SETMASK, [], [pid 299] newfstatat(AT_FDCWD, "./422/file0", [pid 296] newfstatat(AT_FDCWD, "./427/file0", [pid 11023] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11022] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11023] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11022] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 299] umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11023] <... write resumed>) = 16 [pid 11022] <... write resumed>) = 16 [pid 11020] munmap(0x7fe453fca000, 138412032 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11023] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11022] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11020] <... munmap resumed>) = 0 [pid 299] openat(AT_FDCWD, "./422/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11020] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 296] openat(AT_FDCWD, "./427/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... openat resumed>) = 4 [pid 11022] <... futex resumed>) = 1 [pid 11020] <... openat resumed>) = 4 [pid 11009] <... futex resumed>) = 0 [pid 299] newfstatat(4, "", [pid 296] <... openat resumed>) = 4 [pid 11022] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11020] ioctl(4, LOOP_SET_FD, 3 [pid 11009] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] newfstatat(4, "", [pid 11023] <... futex resumed>) = 1 [pid 11011] <... futex resumed>) = 0 [pid 11009] <... futex resumed>) = 1 [pid 11002] <... futex resumed>) = 0 [pid 299] getdents64(4, [pid 11023] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11002] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11002] <... futex resumed>) = 1 [pid 299] getdents64(4, [pid 11002] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./422/file0") = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./422") = 0 [pid 299] mkdir("./423", 0777 [pid 11020] <... ioctl resumed>) = 0 [pid 11011] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11009] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11003] <... futex resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11020] close(3 [pid 11011] <... mmap resumed>) = 0x20000000 [pid 11003] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 299] <... mkdir resumed>) = 0 [pid 296] getdents64(4, [pid 11020] <... close resumed>) = 0 [pid 11011] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11003] <... mmap resumed>) = 0x20000000 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11020] close(4 [pid 11011] <... futex resumed>) = 1 [pid 11009] <... futex resumed>) = 0 [pid 11003] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 3 [pid 296] getdents64(4, [pid 11011] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11009] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11003] <... futex resumed>) = 1 [pid 11002] <... futex resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 11011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11009] <... futex resumed>) = 0 [pid 11003] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11002] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] close(4 [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11024 [pid 11009] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11002] <... futex resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 11002] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] rmdir("./427/file0") = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./427") = 0 [pid 296] mkdir("./428", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 11024 attached [pid 11024] set_robust_list(0x5555557b6760, 24) = 0 [pid 11024] chdir("./423") = 0 [pid 11024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11024] setpgid(0, 0) = 0 [pid 11024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11024] write(3, "1000", 4) = 4 [pid 11024] close(3) = 0 [pid 11024] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11024] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11024] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11024] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11024] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11025]}, 88) = 11025 [pid 11024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11024] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11024] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11025 attached [pid 11025] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11011] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11003] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11003] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11003] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11002] <... futex resumed>) = 0 [pid 11003] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11002] exit_group(0 [pid 11023] <... futex resumed>) = ? [pid 11003] <... futex resumed>) = ? [pid 11002] <... exit_group resumed>) = ? [pid 11003] +++ exited with 0 +++ [pid 11025] <... set_robust_list resumed>) = 0 [pid 11025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11025] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11025] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11011] sendfile(-1, -1, [0] [pid 11025] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11023] +++ exited with 0 +++ [pid 11011] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11002] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11002, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 11011] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11024] <... futex resumed>) = 0 [pid 11024] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11009] <... futex resumed>) = 0 [pid 11009] exit_group(0 [pid 11022] <... futex resumed>) = ? [pid 11009] <... exit_group resumed>) = ? [pid 11025] <... futex resumed>) = 0 [pid 11024] <... futex resumed>) = 1 [pid 11022] +++ exited with 0 +++ [pid 11024] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11011] <... futex resumed>) = ? [pid 11025] memfd_create("syzkaller", 0 [pid 11011] +++ exited with 0 +++ [pid 11009] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11009, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 11025] <... memfd_create resumed>) = 3 [pid 298] umount2("./428", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./427", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] openat(AT_FDCWD, "./428", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11025] <... mmap resumed>) = 0x7fe453fca000 [pid 298] <... openat resumed>) = 3 [pid 297] openat(AT_FDCWD, "./427", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] newfstatat(3, "", [pid 297] <... openat resumed>) = 3 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(3, "", [pid 298] getdents64(3, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] getdents64(3, [pid 298] umount2("./428/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./427/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] newfstatat(AT_FDCWD, "./428/binderfs", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] newfstatat(AT_FDCWD, "./427/binderfs", [pid 298] unlink("./428/binderfs" [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... unlink resumed>) = 0 [pid 297] unlink("./427/binderfs" [pid 11025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 298] umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... unlink resumed>) = 0 [pid 297] umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11025] <... write resumed>) = 1048576 [ 151.944534][T11020] loop0: detected capacity change from 0 to 2048 [ 151.953461][T11011] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 151.964122][T11003] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11025] munmap(0x7fe453fca000, 138412032) = 0 [pid 11025] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11025] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11025] close(3) = 0 [pid 11025] close(4 [pid 11020] <... close resumed>) = 0 [pid 11020] mkdir("./file0", 0777) = 0 [pid 11020] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 296] <... openat resumed>) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11026 [pid 297] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 11026 attached [pid 11026] set_robust_list(0x5555557b6760, 24) = 0 [pid 11026] chdir("./428" [pid 298] <... umount2 resumed>) = 0 [pid 297] umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11026] <... chdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11026] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] newfstatat(AT_FDCWD, "./427/file0", [pid 298] newfstatat(AT_FDCWD, "./428/file0", [pid 11026] <... prctl resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11026] setpgid(0, 0 [pid 297] umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11026] <... setpgid resumed>) = 0 [pid 298] umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./427/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] openat(AT_FDCWD, "./428/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] <... openat resumed>) = 4 [pid 297] <... openat resumed>) = 4 [pid 298] newfstatat(4, "", [pid 297] newfstatat(4, "", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11026] <... openat resumed>) = 3 [pid 11026] write(3, "1000", 4 [pid 11020] <... mount resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, [pid 11026] <... write resumed>) = 4 [pid 298] getdents64(4, [pid 11020] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11026] close(3) = 0 [pid 11020] <... openat resumed>) = 3 [pid 298] close(4 [pid 297] getdents64(4, [pid 11026] symlink("/dev/binderfs", "./binderfs" [pid 11020] chdir("./file0" [pid 298] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] rmdir("./428/file0" [pid 297] close(4 [pid 11020] <... chdir resumed>) = 0 [pid 11020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11020] ioctl(4, LOOP_CLR_FD) = 0 [pid 11026] <... symlink resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 11026] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11020] close(4 [pid 298] getdents64(3, [pid 297] rmdir("./427/file0" [pid 11026] <... futex resumed>) = 0 [pid 11020] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 11026] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11020] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] close(3 [pid 297] getdents64(3, [pid 11026] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11020] <... futex resumed>) = 1 [pid 11018] <... futex resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 11026] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11020] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11018] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] rmdir("./428" [pid 297] close(3 [pid 11026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11018] <... futex resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 11018] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... rmdir resumed>) = 0 [pid 11020] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 298] mkdir("./429", 0777 [pid 297] rmdir("./427" [pid 11026] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11020] <... openat resumed>) = 4 [pid 297] <... rmdir resumed>) = 0 [pid 11026] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11020] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11026] <... mprotect resumed>) = 0 [pid 11020] <... futex resumed>) = 1 [pid 11018] <... futex resumed>) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 297] mkdir("./428", 0777 [pid 11026] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11020] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11018] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11026] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11018] <... futex resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 11026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11020] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11018] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... openat resumed>) = 3 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11020] <... write resumed>) = 16 [pid 11018] <... futex resumed>) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 11026] <... clone3 resumed> => {parent_tid=[11029]}, 88) = 11029 [pid 11020] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... openat resumed>) = 3 [pid 11026] rt_sigprocmask(SIG_SETMASK, [], [pid 11020] <... futex resumed>) = 0 [pid 11018] <... mmap resumed>) = 0x7fe45c3a9000 [pid 298] close(3 [pid 11026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11020] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11018] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 297] ioctl(3, LOOP_CLR_FD [pid 11026] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11018] <... mprotect resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 11026] <... futex resumed>) = 0 [pid 11018] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11026] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11018] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11030]}, 88) = 11030 [pid 297] close(3 [pid 11018] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 11031 [pid 11018] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] <... close resumed>) = 0 [pid 11018] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11018] <... futex resumed>) = 0 [pid 11018] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11029 attached [pid 11029] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 11032 [pid 11029] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11029] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11026] <... futex resumed>) = 0 [pid 11026] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 11031 attached [pid 11026] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11029] <... futex resumed>) = 1 [pid 11029] memfd_create("syzkaller", 0 [pid 11031] set_robust_list(0x5555557b6760, 24./strace-static-x86_64: Process 11032 attached [pid 11029] <... memfd_create resumed>) = 3 [pid 11031] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 11030 attached [pid 11032] set_robust_list(0x5555557b6760, 24 [pid 11029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11032] <... set_robust_list resumed>) = 0 [pid 11031] chdir("./429" [pid 11030] set_robust_list(0x7fe45c3c99a0, 24 [pid 11029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11031] <... chdir resumed>) = 0 [pid 11032] chdir("./428" [pid 11030] <... set_robust_list resumed>) = 0 [pid 11031] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11032] <... chdir resumed>) = 0 [pid 11031] <... prctl resumed>) = 0 [pid 11032] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11030] rt_sigprocmask(SIG_SETMASK, [], [pid 11031] setpgid(0, 0 [pid 11032] <... prctl resumed>) = 0 [pid 11030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11031] <... setpgid resumed>) = 0 [pid 11032] setpgid(0, 0 [pid 11030] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11032] <... setpgid resumed>) = 0 [pid 11030] <... write resumed>) = 16 [pid 11031] <... openat resumed>) = 3 [pid 11031] write(3, "1000", 4) = 4 [pid 11032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11030] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11031] close(3 [pid 11032] <... openat resumed>) = 3 [pid 11031] <... close resumed>) = 0 [pid 11031] symlink("/dev/binderfs", "./binderfs" [pid 11032] write(3, "1000", 4 [pid 11030] <... futex resumed>) = 1 [pid 11018] <... futex resumed>) = 0 [pid 11018] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11032] <... write resumed>) = 4 [pid 11031] <... symlink resumed>) = 0 [pid 11032] close(3 [pid 11020] <... futex resumed>) = 0 [pid 11032] <... close resumed>) = 0 [pid 11018] <... futex resumed>) = 1 [pid 11020] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11018] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11032] symlink("/dev/binderfs", "./binderfs" [pid 11031] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11030] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11020] <... mmap resumed>) = 0x20000000 [pid 11020] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11018] <... futex resumed>) = 0 [pid 11020] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11018] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11032] <... symlink resumed>) = 0 [ 152.000588][T11025] loop4: detected capacity change from 0 to 2048 [pid 11031] <... futex resumed>) = 0 [pid 11020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11018] <... futex resumed>) = 0 [pid 11032] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11031] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11029] <... write resumed>) = 1048576 [pid 11025] <... close resumed>) = 0 [pid 11018] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11032] <... futex resumed>) = 0 [pid 11031] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11025] mkdir("./file0", 0777 [pid 11020] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11032] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11031] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11032] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11032] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11025] <... mkdir resumed>) = 0 [pid 11032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11031] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11025] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11031] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11032] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11031] <... mprotect resumed>) = 0 [pid 11031] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11032] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11029] munmap(0x7fe453fca000, 138412032 [pid 11020] sendfile(-1, -1, [0] [pid 11031] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11033]}, 88) = 11033 [pid 11031] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11031] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11031] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11032] <... mprotect resumed>) = 0 [pid 11032] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11034]}, 88) = 11034 [pid 11032] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11032] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11032] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11029] <... munmap resumed>) = 0 [pid 11029] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11029] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 11034 attached ./strace-static-x86_64: Process 11033 attached [pid 11020] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11020] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11018] <... futex resumed>) = 0 [pid 11034] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11033] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11020] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11018] exit_group(0 [pid 11034] <... set_robust_list resumed>) = 0 [pid 11033] <... set_robust_list resumed>) = 0 [pid 11030] <... futex resumed>) = ? [pid 11020] <... futex resumed>) = ? [pid 11018] <... exit_group resumed>) = ? [pid 11034] rt_sigprocmask(SIG_SETMASK, [], [pid 11033] rt_sigprocmask(SIG_SETMASK, [], [pid 11030] +++ exited with 0 +++ [pid 11029] <... ioctl resumed>) = 0 [pid 11020] +++ exited with 0 +++ [pid 11018] +++ exited with 0 +++ [pid 11029] close(3 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11018, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 11029] <... close resumed>) = 0 [pid 11029] close(4) = 0 [pid 295] umount2("./427", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11029] mkdir("./file0", 0777 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11029] <... mkdir resumed>) = 0 [pid 295] openat(AT_FDCWD, "./427", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11029] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 295] <... openat resumed>) = 3 [pid 11034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] newfstatat(3, "", [pid 11034] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11033] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./427/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./427/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./427/binderfs") = 0 [pid 295] umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11034] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11034] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11032] <... futex resumed>) = 0 [pid 11034] <... futex resumed>) = 1 [pid 11032] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11034] memfd_create("syzkaller", 0 [pid 11032] <... futex resumed>) = 0 [pid 11034] <... memfd_create resumed>) = 3 [pid 11032] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11025] <... mount resumed>) = 0 [pid 11034] <... mmap resumed>) = 0x7fe453fca000 [pid 11033] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11033] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11025] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11033] <... futex resumed>) = 1 [pid 11031] <... futex resumed>) = 0 [pid 11025] <... openat resumed>) = 3 [pid 11031] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11033] memfd_create("syzkaller", 0 [pid 11031] <... futex resumed>) = 0 [pid 11029] <... mount resumed>) = 0 [pid 11025] chdir("./file0" [pid 11033] <... memfd_create resumed>) = 3 [pid 11031] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11029] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11025] <... chdir resumed>) = 0 [pid 11033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11029] <... openat resumed>) = 3 [pid 11025] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11033] <... mmap resumed>) = 0x7fe453fca000 [pid 11029] chdir("./file0" [pid 11025] <... openat resumed>) = 4 [pid 11025] ioctl(4, LOOP_CLR_FD [pid 11029] <... chdir resumed>) = 0 [pid 11029] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11025] <... ioctl resumed>) = 0 [pid 11029] <... openat resumed>) = 4 [pid 11025] close(4 [pid 11029] ioctl(4, LOOP_CLR_FD [pid 11025] <... close resumed>) = 0 [pid 11034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 11029] <... ioctl resumed>) = 0 [pid 11025] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11029] close(4 [pid 11025] <... futex resumed>) = 1 [pid 11024] <... futex resumed>) = 0 [pid 11029] <... close resumed>) = 0 [pid 11025] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11024] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11029] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11024] <... futex resumed>) = 0 [pid 11029] <... futex resumed>) = 1 [ 152.041770][T11020] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 152.068298][T11029] loop1: detected capacity change from 0 to 2048 [pid 11026] <... futex resumed>) = 0 [pid 11025] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11024] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11029] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11026] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11025] <... openat resumed>) = 4 [pid 11026] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11029] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11025] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11034] munmap(0x7fe453fca000, 138412032 [pid 11025] <... futex resumed>) = 1 [pid 11024] <... futex resumed>) = 0 [pid 11024] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11025] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11024] <... futex resumed>) = 0 [pid 11029] <... openat resumed>) = 4 [pid 11025] <... write resumed>) = 16 [pid 11024] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11029] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11025] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11024] <... futex resumed>) = 0 [pid 11029] <... futex resumed>) = 1 [pid 11026] <... futex resumed>) = 0 [pid 11025] <... futex resumed>) = 0 [pid 11024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11029] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11026] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11025] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11024] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11029] <... write resumed>) = 16 [pid 11026] <... futex resumed>) = 0 [pid 11024] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11029] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11026] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11024] <... mprotect resumed>) = 0 [pid 11029] <... futex resumed>) = 0 [pid 11026] <... futex resumed>) = 0 [pid 11024] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11029] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11026] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11024] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11029] <... write resumed>) = 16 [pid 11024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11029] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11026] <... futex resumed>) = 0 [pid 11024] <... clone3 resumed> => {parent_tid=[11039]}, 88) = 11039 [pid 11034] <... munmap resumed>) = 0 [pid 11029] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11026] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11024] rt_sigprocmask(SIG_SETMASK, [], [pid 11034] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11026] <... futex resumed>) = 0 [pid 11024] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11034] <... openat resumed>) = 4 [pid 11029] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11026] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11024] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11034] ioctl(4, LOOP_SET_FD, 3 [pid 11029] <... mmap resumed>) = 0x20000000 [pid 11024] <... futex resumed>) = 0 [pid 11033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11029] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11024] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 11039 attached [pid 11039] set_robust_list(0x7fe45c3c99a0, 24 [pid 11029] <... futex resumed>) = 1 [pid 11026] <... futex resumed>) = 0 [pid 295] umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11029] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11026] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11026] <... futex resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11039] <... set_robust_list resumed>) = 0 [pid 11039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11039] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11039] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11024] <... futex resumed>) = 0 [pid 11024] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11025] <... futex resumed>) = 0 [pid 11024] <... futex resumed>) = 1 [pid 11025] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11024] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11025] <... mmap resumed>) = 0x20000000 [pid 11033] <... write resumed>) = 1048576 [pid 11026] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11025] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] newfstatat(AT_FDCWD, "./427/file0", [pid 11039] <... futex resumed>) = 1 [pid 11025] <... futex resumed>) = 1 [pid 11024] <... futex resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11039] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11025] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11024] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11024] <... futex resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11034] <... ioctl resumed>) = 0 [pid 11033] munmap(0x7fe453fca000, 138412032 [pid 11034] close(3 [pid 11033] <... munmap resumed>) = 0 [pid 11034] <... close resumed>) = 0 [pid 11034] close(4 [pid 11033] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11033] ioctl(4, LOOP_SET_FD, 3 [pid 11029] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11025] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11024] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] openat(AT_FDCWD, "./427/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11029] sendfile(-1, -1, [0] [pid 295] <... openat resumed>) = 4 [pid 11029] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 295] newfstatat(4, "", [pid 11029] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11029] <... futex resumed>) = 1 [pid 11026] <... futex resumed>) = 0 [pid 295] getdents64(4, [pid 11029] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11026] exit_group(0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11029] <... futex resumed>) = ? [pid 11026] <... exit_group resumed>) = ? [pid 295] getdents64(4, [pid 11029] +++ exited with 0 +++ [pid 11026] +++ exited with 0 +++ [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11026, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 295] close(4) = 0 [pid 295] rmdir("./427/file0" [pid 296] umount2("./428", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... rmdir resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] getdents64(3, [pid 11034] <... close resumed>) = 0 [pid 11033] <... ioctl resumed>) = 0 [pid 11034] mkdir("./file0", 0777 [pid 11033] close(3 [pid 11025] sendfile(-1, -1, [0] [pid 296] openat(AT_FDCWD, "./428", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] <... openat resumed>) = 3 [pid 295] close(3 [pid 296] newfstatat(3, "", [pid 295] <... close resumed>) = 0 [pid 11034] <... mkdir resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] rmdir("./427" [pid 11034] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11033] <... close resumed>) = 0 [pid 296] getdents64(3, [pid 295] <... rmdir resumed>) = 0 [pid 11025] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./428/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] mkdir("./428", 0777 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11033] close(4 [pid 11025] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] newfstatat(AT_FDCWD, "./428/binderfs", [pid 295] <... mkdir resumed>) = 0 [pid 11025] <... futex resumed>) = 1 [pid 11024] <... futex resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11024] exit_group(0 [pid 296] unlink("./428/binderfs" [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11039] <... futex resumed>) = ? [pid 11024] <... exit_group resumed>) = ? [pid 296] <... unlink resumed>) = 0 [pid 11039] +++ exited with 0 +++ [pid 11025] +++ exited with 0 +++ [pid 295] <... openat resumed>) = 3 [pid 11024] +++ exited with 0 +++ [pid 295] ioctl(3, LOOP_CLR_FD [pid 296] umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11024, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 11040 ./strace-static-x86_64: Process 11040 attached [pid 11040] set_robust_list(0x5555557b6760, 24) = 0 [pid 11040] chdir("./428") = 0 [pid 11040] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11040] setpgid(0, 0) = 0 [pid 299] <... restart_syscall resumed>) = 0 [pid 11040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] umount2("./423", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./423", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", [pid 11040] <... openat resumed>) = 3 [pid 11040] write(3, "1000", 4) = 4 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, [pid 11040] close(3) = 0 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11040] symlink("/dev/binderfs", "./binderfs" [pid 299] umount2("./423/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./423/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./423/binderfs") = 0 [pid 299] umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11040] <... symlink resumed>) = 0 [pid 11040] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11040] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11040] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11040] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11040] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11040] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11040] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11041]}, 88) = 11041 [pid 11040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11040] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11040] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11041 attached [pid 11041] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11041] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11041] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11040] <... futex resumed>) = 0 [pid 11040] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11040] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11041] <... futex resumed>) = 1 [pid 11041] memfd_create("syzkaller", 0) = 3 [pid 11041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 11041] munmap(0x7fe453fca000, 138412032) = 0 [pid 11041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 152.130056][T11034] loop2: detected capacity change from 0 to 2048 [ 152.138343][T11029] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 152.149890][T11025] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 152.154587][T11033] loop3: detected capacity change from 0 to 2048 [pid 11041] ioctl(4, LOOP_SET_FD, 3 [pid 11034] <... mount resumed>) = 0 [pid 11034] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11041] <... ioctl resumed>) = 0 [pid 11033] <... close resumed>) = 0 [pid 11041] close(3 [pid 11033] mkdir("./file0", 0777 [pid 11034] <... openat resumed>) = 3 [pid 11034] chdir("./file0") = 0 [pid 11034] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11033] <... mkdir resumed>) = 0 [pid 11041] <... close resumed>) = 0 [pid 11034] <... openat resumed>) = 4 [pid 11034] ioctl(4, LOOP_CLR_FD [pid 11033] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11034] <... ioctl resumed>) = 0 [pid 11034] close(4) = 0 [pid 11034] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11032] <... futex resumed>) = 0 [pid 11032] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11032] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11034] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11041] close(4 [pid 11034] <... openat resumed>) = 4 [pid 11034] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11032] <... futex resumed>) = 0 [pid 11034] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11032] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11034] <... write resumed>) = 16 [pid 11032] <... futex resumed>) = 0 [pid 11034] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11032] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11034] <... futex resumed>) = 0 [pid 11032] <... futex resumed>) = 0 [pid 11034] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11032] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11032] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 11044 attached => {parent_tid=[11044]}, 88) = 11044 [pid 11032] rt_sigprocmask(SIG_SETMASK, [], [pid 296] <... umount2 resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 11032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11032] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11044] set_robust_list(0x7fe45c3c99a0, 24 [pid 11032] <... futex resumed>) = 0 [pid 11044] <... set_robust_list resumed>) = 0 [pid 11032] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11044] rt_sigprocmask(SIG_SETMASK, [], [pid 299] newfstatat(AT_FDCWD, "./423/file0", [pid 296] newfstatat(AT_FDCWD, "./428/file0", [pid 11044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11044] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11044] <... write resumed>) = 16 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11044] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./423/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11044] <... futex resumed>) = 1 [pid 11032] <... futex resumed>) = 0 [pid 296] openat(AT_FDCWD, "./428/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11044] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... openat resumed>) = 4 [pid 11032] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11034] <... futex resumed>) = 0 [pid 11032] <... futex resumed>) = 1 [pid 299] newfstatat(4, "", [pid 296] <... openat resumed>) = 4 [pid 11034] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11032] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] newfstatat(4, "", [pid 11034] <... mmap resumed>) = 0x20000000 [pid 299] getdents64(4, [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11034] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11034] <... futex resumed>) = 1 [pid 11032] <... futex resumed>) = 0 [pid 296] getdents64(4, [pid 11034] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11032] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] getdents64(4, [pid 11034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11032] <... futex resumed>) = 0 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./423/file0") = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./423") = 0 [pid 299] mkdir("./424", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11045 ./strace-static-x86_64: Process 11045 attached [pid 11045] set_robust_list(0x5555557b6760, 24) = 0 [pid 11045] chdir("./424") = 0 [pid 11045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11045] setpgid(0, 0) = 0 [pid 11045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11045] write(3, "1000", 4) = 4 [pid 11045] close(3) = 0 [pid 11032] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 11034] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11045] symlink("/dev/binderfs", "./binderfs" [pid 296] rmdir("./428/file0" [pid 11045] <... symlink resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./428" [pid 11034] sendfile(-1, -1, [0] [pid 11045] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11034] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11045] <... futex resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 11045] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 296] mkdir("./429", 0777 [pid 11045] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11045] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11034] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11032] <... futex resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 11032] exit_group(0 [pid 11044] <... futex resumed>) = ? [pid 11032] <... exit_group resumed>) = ? [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11044] +++ exited with 0 +++ [pid 296] <... openat resumed>) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3 [pid 11045] <... mmap resumed>) = 0x7fe45c3ca000 [pid 296] <... close resumed>) = 0 [pid 11034] <... futex resumed>) = ? [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11045] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11034] +++ exited with 0 +++ [pid 11032] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11032, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 11046 [pid 11045] <... mprotect resumed>) = 0 [pid 297] umount2("./428", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11045] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11045] <... rt_sigprocmask resumed>[], 8) = 0 [pid 297] openat(AT_FDCWD, "./428", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 297] <... openat resumed>) = 3 [pid 297] newfstatat(3, "", ./strace-static-x86_64: Process 11047 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11045] <... clone3 resumed> => {parent_tid=[11047]}, 88) = 11047 [pid 297] getdents64(3, [pid 11045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11045] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./428/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./428/binderfs", [pid 11045] <... futex resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11045] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] unlink("./428/binderfs"./strace-static-x86_64: Process 11046 attached ) = 0 [pid 297] umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11046] set_robust_list(0x5555557b6760, 24) = 0 [pid 11046] chdir("./429") = 0 [pid 11046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11046] setpgid(0, 0) = 0 [pid 11046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11046] write(3, "1000", 4) = 4 [pid 11046] close(3) = 0 [pid 11046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11046] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11046] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11046] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11046] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11048]}, 88) = 11048 [pid 11046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11046] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11046] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11047] set_robust_list(0x7fe45c3ea9a0, 24./strace-static-x86_64: Process 11048 attached [pid 11048] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11047] <... set_robust_list resumed>) = 0 [pid 11048] <... set_robust_list resumed>) = 0 [pid 11048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11047] rt_sigprocmask(SIG_SETMASK, [], [pid 11041] <... close resumed>) = 0 [pid 11041] mkdir("./file0", 0777) = 0 [pid 11041] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11047] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11048] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11047] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11048] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11047] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11048] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11047] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11048] <... futex resumed>) = 1 [pid 11046] <... futex resumed>) = 0 [pid 11046] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11046] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11047] <... futex resumed>) = 1 [pid 11045] <... futex resumed>) = 0 [pid 11047] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11048] memfd_create("syzkaller", 0) = 3 [pid 11048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11045] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11047] <... futex resumed>) = 0 [pid 11045] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11047] memfd_create("syzkaller", 0) = 3 [pid 11047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11041] <... mount resumed>) = 0 [pid 11041] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11033] <... mount resumed>) = 0 [pid 11041] chdir("./file0" [pid 11033] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11041] <... chdir resumed>) = 0 [pid 11041] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11033] <... openat resumed>) = 3 [pid 11041] <... openat resumed>) = 4 [pid 11033] chdir("./file0" [pid 11041] ioctl(4, LOOP_CLR_FD [pid 11033] <... chdir resumed>) = 0 [pid 11041] <... ioctl resumed>) = 0 [pid 11033] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11041] close(4 [pid 11033] <... openat resumed>) = 4 [pid 11048] <... write resumed>) = 1048576 [pid 11041] <... close resumed>) = 0 [pid 11033] ioctl(4, LOOP_CLR_FD [pid 297] <... umount2 resumed>) = 0 [pid 11048] munmap(0x7fe453fca000, 138412032 [pid 11047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11041] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11033] <... ioctl resumed>) = 0 [pid 297] umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11041] <... futex resumed>) = 1 [pid 11040] <... futex resumed>) = 0 [pid 11033] close(4 [pid 11041] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11040] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11033] <... close resumed>) = 0 [pid 11040] <... futex resumed>) = 0 [pid 11033] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11040] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11033] <... futex resumed>) = 1 [pid 11031] <... futex resumed>) = 0 [ 152.196913][T11041] loop0: detected capacity change from 0 to 2048 [ 152.214783][T11034] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11041] <... openat resumed>) = 4 [pid 11033] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11031] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11041] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11031] <... futex resumed>) = 0 [pid 11041] <... futex resumed>) = 1 [pid 11040] <... futex resumed>) = 0 [pid 11031] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11041] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11040] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11040] <... futex resumed>) = 0 [pid 11041] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11040] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11041] <... write resumed>) = 16 [pid 11040] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11041] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11040] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11033] <... openat resumed>) = 4 [pid 297] newfstatat(AT_FDCWD, "./428/file0", [pid 11041] <... futex resumed>) = 0 [pid 11040] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11033] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11041] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11040] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11033] <... futex resumed>) = 1 [pid 11031] <... futex resumed>) = 0 [pid 297] umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11040] <... mprotect resumed>) = 0 [pid 11033] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11031] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11040] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11033] <... write resumed>) = 16 [pid 11040] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11033] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11031] <... futex resumed>) = 0 [pid 11040] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11033] <... futex resumed>) = 0 [pid 11031] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11033] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11031] <... futex resumed>) = 0 [pid 297] openat(AT_FDCWD, "./428/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11040] <... clone3 resumed> => {parent_tid=[11053]}, 88) = 11053 [pid 11033] <... write resumed>) = 16 [pid 11031] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... openat resumed>) = 4 [pid 11040] rt_sigprocmask(SIG_SETMASK, [], [pid 11033] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11031] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] newfstatat(4, "", [pid 11040] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11033] <... futex resumed>) = 0 [pid 11031] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 11053 attached [pid 11040] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11033] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11031] <... futex resumed>) = 0 [pid 297] getdents64(4, [pid 11053] set_robust_list(0x7fe45c3c99a0, 24 [pid 11040] <... futex resumed>) = 0 [pid 11033] <... mmap resumed>) = 0x20000000 [pid 11031] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11053] <... set_robust_list resumed>) = 0 [pid 11040] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11033] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11031] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4 [pid 11048] <... munmap resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 297] rmdir("./428/file0" [pid 11053] rt_sigprocmask(SIG_SETMASK, [], [pid 11033] <... futex resumed>) = 0 [pid 11031] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... rmdir resumed>) = 0 [pid 11048] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11031] <... futex resumed>) = 0 [pid 297] getdents64(3, [pid 11048] <... openat resumed>) = 4 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 11048] ioctl(4, LOOP_SET_FD, 3 [pid 297] close(3 [pid 11053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11031] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... close resumed>) = 0 [pid 11053] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11047] <... write resumed>) = 1048576 [pid 297] rmdir("./428" [pid 11053] <... write resumed>) = 16 [pid 11053] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11040] <... futex resumed>) = 0 [pid 11053] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11040] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11041] <... futex resumed>) = 0 [pid 11040] <... futex resumed>) = 1 [pid 11041] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11040] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11041] <... mmap resumed>) = 0x20000000 [pid 11041] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11040] <... futex resumed>) = 0 [pid 11041] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11040] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... rmdir resumed>) = 0 [pid 11041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11040] <... futex resumed>) = 0 [pid 11048] <... ioctl resumed>) = 0 [pid 11047] munmap(0x7fe453fca000, 138412032 [pid 297] mkdir("./429", 0777 [pid 11048] close(3 [pid 11047] <... munmap resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 11048] <... close resumed>) = 0 [pid 11047] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11048] close(4 [pid 11047] <... openat resumed>) = 4 [pid 297] <... openat resumed>) = 3 [pid 11047] ioctl(4, LOOP_SET_FD, 3 [ 152.286813][T11033] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 152.287724][T11048] loop1: detected capacity change from 0 to 2048 [ 152.312573][T11041] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 297] ioctl(3, LOOP_CLR_FD [pid 11040] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11033] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11033] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11033] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11031] <... futex resumed>) = 0 [pid 11033] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11031] exit_group(0 [pid 11033] <... futex resumed>) = ? [pid 11031] <... exit_group resumed>) = ? [pid 11047] <... ioctl resumed>) = 0 [pid 11033] +++ exited with 0 +++ [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11047] close(3 [pid 11031] +++ exited with 0 +++ [pid 297] close(3 [pid 11047] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 11047] close(4 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11031, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11047] <... close resumed>) = 0 [pid 11047] mkdir("./file0", 0777 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 11054 [pid 11047] <... mkdir resumed>) = 0 [pid 11047] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] umount2("./429", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./429", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11041] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 298] <... openat resumed>) = 3 ./strace-static-x86_64: Process 11054 attached [pid 298] newfstatat(3, "", [pid 11054] set_robust_list(0x5555557b6760, 24 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11054] <... set_robust_list resumed>) = 0 [pid 298] getdents64(3, [pid 11041] sendfile(-1, -1, [0] [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11054] chdir("./429" [pid 11041] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 298] umount2("./429/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11041] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11041] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11054] <... chdir resumed>) = 0 [pid 11040] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11040] exit_group(0 [pid 11053] <... futex resumed>) = ? [pid 11040] <... exit_group resumed>) = ? [pid 298] newfstatat(AT_FDCWD, "./429/binderfs", [pid 11053] +++ exited with 0 +++ [pid 11054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11054] setpgid(0, 0) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] unlink("./429/binderfs" [pid 11041] <... futex resumed>) = ? [pid 11054] <... openat resumed>) = 3 [pid 298] <... unlink resumed>) = 0 [pid 11054] write(3, "1000", 4 [pid 298] umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11054] <... write resumed>) = 4 [pid 11054] close(3) = 0 [pid 11054] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11054] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11054] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11054] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11054] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11054] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11056]}, 88) = 11056 [pid 11054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11054] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11054] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11041] +++ exited with 0 +++ [pid 11040] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11040, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- ./strace-static-x86_64: Process 11056 attached [pid 11056] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11056] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11056] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11056] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11054] <... futex resumed>) = 0 [pid 11054] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11054] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11056] <... futex resumed>) = 1 [pid 11056] memfd_create("syzkaller", 0) = 3 [pid 11056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11047] <... mount resumed>) = 0 [pid 11047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11047] chdir("./file0") = 0 [pid 295] umount2("./428", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11047] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 295] openat(AT_FDCWD, "./428", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 11047] <... openat resumed>) = 4 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11047] ioctl(4, LOOP_CLR_FD [pid 295] getdents64(3, [pid 11047] <... ioctl resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11047] close(4 [pid 295] umount2("./428/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11047] <... close resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./428/binderfs", [pid 11047] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11047] <... futex resumed>) = 1 [pid 11045] <... futex resumed>) = 0 [pid 295] unlink("./428/binderfs" [pid 11047] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11045] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11045] <... futex resumed>) = 0 [pid 295] <... unlink resumed>) = 0 [pid 11047] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11045] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11047] <... openat resumed>) = 4 [pid 11047] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11045] <... futex resumed>) = 0 [pid 11045] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11047] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11045] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11047] <... write resumed>) = 16 [pid 11045] <... futex resumed>) = 0 [pid 11045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11047] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11045] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11045] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11047] <... futex resumed>) = 0 [pid 11045] <... mprotect resumed>) = 0 [pid 11047] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11058]}, 88) = 11058 [pid 11045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11045] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11045] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 11058 attached ) = 1048576 [pid 11048] <... close resumed>) = 0 [pid 11048] mkdir("./file0", 0777 [pid 11058] set_robust_list(0x7fe45c3c99a0, 24 [pid 11056] munmap(0x7fe453fca000, 138412032 [pid 11048] <... mkdir resumed>) = 0 [pid 11048] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11058] <... set_robust_list resumed>) = 0 [pid 11056] <... munmap resumed>) = 0 [pid 11058] rt_sigprocmask(SIG_SETMASK, [], [pid 11056] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11056] <... openat resumed>) = 4 [pid 11058] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [ 152.330826][T11047] loop4: detected capacity change from 0 to 2048 [pid 11056] ioctl(4, LOOP_SET_FD, 3 [pid 11058] <... write resumed>) = 16 [pid 298] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 298] umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./429/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./429/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./429/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./429") = 0 [pid 298] mkdir("./430", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 295] umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11058] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11056] <... ioctl resumed>) = 0 [pid 11058] <... futex resumed>) = 1 [pid 11045] <... futex resumed>) = 0 [pid 11056] close(3 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11045] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11047] <... futex resumed>) = 0 [pid 11045] <... futex resumed>) = 1 [pid 11047] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11045] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11047] <... mmap resumed>) = 0x20000000 [pid 11047] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11045] <... futex resumed>) = 0 [pid 11047] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11045] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11045] <... futex resumed>) = 0 [pid 11058] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11056] <... close resumed>) = 0 [pid 295] newfstatat(AT_FDCWD, "./428/file0", [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 11059 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11056] close(4 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./428/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./428/file0") = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./428") = 0 [pid 295] mkdir("./429", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11060 ./strace-static-x86_64: Process 11059 attached [pid 11059] set_robust_list(0x5555557b6760, 24) = 0 [pid 11059] chdir("./430") = 0 [pid 11059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11059] setpgid(0, 0) = 0 [pid 11059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11059] write(3, "1000", 4) = 4 [pid 11059] close(3) = 0 ./strace-static-x86_64: Process 11060 attached [pid 11059] symlink("/dev/binderfs", "./binderfs" [pid 11045] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11060] set_robust_list(0x5555557b6760, 24 [pid 11059] <... symlink resumed>) = 0 [pid 11060] <... set_robust_list resumed>) = 0 [pid 11059] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11047] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11060] chdir("./429" [pid 11059] <... futex resumed>) = 0 [pid 11047] sendfile(-1, -1, [0] [pid 11060] <... chdir resumed>) = 0 [pid 11060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11060] setpgid(0, 0 [pid 11059] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11047] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11060] <... setpgid resumed>) = 0 [pid 11059] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11059] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11059] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11059] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11060] <... openat resumed>) = 3 [pid 11059] <... mprotect resumed>) = 0 [pid 11060] write(3, "1000", 4 [pid 11059] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11047] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11060] <... write resumed>) = 4 [pid 11059] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11060] close(3 [pid 11059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11045] <... futex resumed>) = 0 [pid 11060] <... close resumed>) = 0 [pid 11045] exit_group(0 [pid 11060] symlink("/dev/binderfs", "./binderfs" [pid 11059] <... clone3 resumed> => {parent_tid=[11061]}, 88) = 11061 [pid 11058] <... futex resumed>) = 11061 [pid 11045] <... exit_group resumed>) = ? [pid 11059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11059] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11060] <... symlink resumed>) = 0 [pid 11059] <... futex resumed>) = 0 [pid 11059] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11058] +++ exited with 0 +++ [pid 11060] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11060] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11060] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11047] <... futex resumed>) = ? [pid 11060] <... mmap resumed>) = 0x7fe45c3ca000 ./strace-static-x86_64: Process 11061 attached [pid 11060] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11061] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11060] <... mprotect resumed>) = 0 [pid 11047] +++ exited with 0 +++ [pid 11045] +++ exited with 0 +++ [pid 11060] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11045, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 11061] <... set_robust_list resumed>) = 0 [pid 11060] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] umount2("./424", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./424", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 299] <... openat resumed>) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, [pid 11061] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./424/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./424/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./424/binderfs" [pid 11061] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11060] <... clone3 resumed> => {parent_tid=[11062]}, 88) = 11062 [pid 299] <... unlink resumed>) = 0 [pid 299] umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11060] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 11062 attached [pid 11062] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11062] rt_sigprocmask(SIG_SETMASK, [], [pid 11060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11060] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11062] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11062] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11062] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11061] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11061] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11059] <... futex resumed>) = 0 [pid 11060] <... futex resumed>) = 1 [pid 11059] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11059] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11060] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11061] <... futex resumed>) = 1 [pid 11060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11060] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11060] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11061] memfd_create("syzkaller", 0) = 3 [pid 11061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11062] <... futex resumed>) = 0 [pid 11062] memfd_create("syzkaller", 0) = 3 [pid 11062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11056] <... close resumed>) = 0 [pid 11056] mkdir("./file0", 0777) = 0 [pid 11056] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11061] <... write resumed>) = 1048576 [pid 11061] munmap(0x7fe453fca000, 138412032) = 0 [ 152.371504][T11056] loop2: detected capacity change from 0 to 2048 [ 152.383754][T11047] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11061] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11061] ioctl(4, LOOP_SET_FD, 3 [pid 11062] <... write resumed>) = 1048576 [pid 11061] <... ioctl resumed>) = 0 [pid 11061] close(3) = 0 [pid 11061] close(4 [pid 11062] munmap(0x7fe453fca000, 138412032) = 0 [pid 11062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11062] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11062] close(3) = 0 [pid 11062] close(4 [pid 11056] <... mount resumed>) = 0 [pid 11056] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11056] chdir("./file0") = 0 [pid 11056] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11056] ioctl(4, LOOP_CLR_FD) = 0 [pid 11056] close(4) = 0 [pid 11056] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11056] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11054] <... futex resumed>) = 0 [pid 11054] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11056] <... futex resumed>) = 0 [pid 11054] <... futex resumed>) = 1 [pid 11056] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11054] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11056] <... openat resumed>) = 4 [pid 11056] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11056] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] <... umount2 resumed>) = 0 [pid 11054] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11054] <... futex resumed>) = 1 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11056] <... futex resumed>) = 0 [pid 11054] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(AT_FDCWD, "./424/file0", [pid 11054] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11056] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11056] <... write resumed>) = 16 [pid 11054] <... mmap resumed>) = 0x7fe45c3a9000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11056] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11054] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 299] openat(AT_FDCWD, "./424/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11054] <... mprotect resumed>) = 0 [pid 299] <... openat resumed>) = 4 [pid 11054] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] newfstatat(4, "", [pid 11054] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11054] <... clone3 resumed> => {parent_tid=[11067]}, 88) = 11067 [pid 299] getdents64(4, [pid 11054] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 11056] <... futex resumed>) = 0 [pid 11054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] close(4 [pid 11054] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... close resumed>) = 0 [pid 11056] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11054] <... futex resumed>) = 0 [pid 299] rmdir("./424/file0" [pid 11054] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... rmdir resumed>) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./424") = 0 [pid 299] mkdir("./425", 0777./strace-static-x86_64: Process 11067 attached [pid 11061] <... close resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 11067] set_robust_list(0x7fe45c3c99a0, 24 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11067] <... set_robust_list resumed>) = 0 [pid 11061] mkdir("./file0", 0777 [pid 299] <... openat resumed>) = 3 [pid 11067] rt_sigprocmask(SIG_SETMASK, [], [pid 299] ioctl(3, LOOP_CLR_FD [pid 11067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11067] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 299] close(3 [pid 11067] <... write resumed>) = 16 [pid 11061] <... mkdir resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 11067] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11067] <... futex resumed>) = 1 [pid 11054] <... futex resumed>) = 0 [pid 11067] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11054] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11048] <... mount resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 11068 [ 152.431996][T11061] loop3: detected capacity change from 0 to 2048 [ 152.440701][T11062] loop0: detected capacity change from 0 to 2048 [pid 11061] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11056] <... futex resumed>) = 0 [pid 11054] <... futex resumed>) = 1 [pid 11048] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11054] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11068 attached [pid 11068] set_robust_list(0x5555557b6760, 24 [pid 11056] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11068] <... set_robust_list resumed>) = 0 [pid 11056] <... mmap resumed>) = 0x20000000 [pid 11068] chdir("./425") = 0 [pid 11056] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11048] <... openat resumed>) = 3 [pid 11068] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11056] <... futex resumed>) = 1 [pid 11054] <... futex resumed>) = 0 [pid 11056] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11054] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11048] chdir("./file0" [pid 11056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11054] <... futex resumed>) = 0 [pid 11048] <... chdir resumed>) = 0 [pid 11054] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11048] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11068] <... prctl resumed>) = 0 [pid 11068] setpgid(0, 0) = 0 [pid 11068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11068] write(3, "1000", 4) = 4 [pid 11068] close(3) = 0 [pid 11068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11068] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11068] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11068] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11068] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11068] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11069]}, 88) = 11069 [pid 11068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11068] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11068] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11069 attached [pid 11069] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11069] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11069] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11068] <... futex resumed>) = 0 [pid 11068] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11068] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11069] <... futex resumed>) = 1 [pid 11069] memfd_create("syzkaller", 0) = 3 [pid 11069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11048] <... openat resumed>) = 4 [pid 11048] ioctl(4, LOOP_CLR_FD) = 0 [pid 11048] close(4) = 0 [pid 11048] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11046] <... futex resumed>) = 0 [pid 11048] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11046] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11048] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11046] <... futex resumed>) = 0 [pid 11048] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11046] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11048] <... openat resumed>) = 4 [pid 11048] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11046] <... futex resumed>) = 0 [pid 11048] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11046] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11048] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11046] <... futex resumed>) = 0 [pid 11048] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11046] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11048] <... write resumed>) = 16 [pid 11046] <... futex resumed>) = 0 [pid 11048] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11048] <... futex resumed>) = 0 [pid 11046] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11048] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11046] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11071]}, 88) = 11071 [pid 11046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11046] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11046] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11069] <... write resumed>) = 1048576 [pid 11069] munmap(0x7fe453fca000, 138412032) = 0 [pid 11069] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11069] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 11071 attached [pid 11056] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11071] set_robust_list(0x7fe45c3c99a0, 24 [pid 11056] sendfile(-1, -1, [0] [pid 11071] <... set_robust_list resumed>) = 0 [pid 11056] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11071] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11056] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11071] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11054] <... futex resumed>) = 0 [pid 11054] exit_group(0 [pid 11067] <... futex resumed>) = ? [pid 11054] <... exit_group resumed>) = ? [pid 11071] <... futex resumed>) = 1 [pid 11069] <... ioctl resumed>) = 0 [pid 11067] +++ exited with 0 +++ [pid 11056] <... futex resumed>) = ? [pid 11046] <... futex resumed>) = 0 [pid 11046] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11048] <... futex resumed>) = 0 [pid 11046] <... futex resumed>) = 1 [pid 11069] close(3 [pid 11048] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11046] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11071] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11069] <... close resumed>) = 0 [pid 11069] close(4 [pid 11048] <... mmap resumed>) = 0x20000000 [pid 11048] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11046] <... futex resumed>) = 0 [pid 11046] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11046] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11056] +++ exited with 0 +++ [pid 11054] +++ exited with 0 +++ [pid 11061] <... mount resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11054, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 11061] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11061] chdir("./file0") = 0 [pid 11061] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11061] ioctl(4, LOOP_CLR_FD) = 0 [pid 11061] close(4) = 0 [pid 11061] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11059] <... futex resumed>) = 0 [pid 11061] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11059] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11061] <... futex resumed>) = 0 [pid 11059] <... futex resumed>) = 1 [pid 11061] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11059] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] umount2("./429", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./429", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./429/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./429/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./429/binderfs") = 0 [pid 297] umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11061] <... openat resumed>) = 4 [pid 11061] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11059] <... futex resumed>) = 0 [pid 11061] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11059] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11059] <... futex resumed>) = 0 [pid 11061] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11059] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11061] <... write resumed>) = 16 [pid 11059] <... futex resumed>) = 0 [pid 11061] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11061] <... futex resumed>) = 0 [pid 11059] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11061] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11059] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11059] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11073]}, 88) = 11073 [pid 11059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11059] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11059] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11073 attached [pid 11073] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11073] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11073] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11059] <... futex resumed>) = 0 [pid 11059] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11061] <... futex resumed>) = 0 [pid 11059] <... futex resumed>) = 1 [pid 11061] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11059] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11061] <... mmap resumed>) = 0x20000000 [pid 11061] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11059] <... futex resumed>) = 0 [pid 11061] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11059] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11059] <... futex resumed>) = 0 [pid 11073] <... futex resumed>) = 1 [pid 11062] <... close resumed>) = 0 [pid 11062] mkdir("./file0", 0777) = 0 [pid 11062] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11073] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11048] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11048] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11048] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11046] <... futex resumed>) = 0 [pid 11048] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11046] exit_group(0 [pid 11071] <... futex resumed>) = ? [pid 11048] <... futex resumed>) = ? [pid 11046] <... exit_group resumed>) = ? [pid 11071] +++ exited with 0 +++ [pid 11048] +++ exited with 0 +++ [pid 11046] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11046, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [ 152.465958][T11056] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 152.490396][T11069] loop4: detected capacity change from 0 to 2048 [ 152.506881][T11048] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 296] umount2("./429", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./429", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./429/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./429/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./429/binderfs") = 0 [pid 296] umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11059] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11069] <... close resumed>) = 0 [pid 11061] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11069] mkdir("./file0", 0777) = 0 [pid 11061] sendfile(-1, -1, [0] [pid 11069] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11061] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11061] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11061] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11059] <... futex resumed>) = 0 [pid 11059] exit_group(0) = ? [pid 11061] <... futex resumed>) = ? [pid 11061] +++ exited with 0 +++ [pid 11073] <... futex resumed>) = ? [pid 11073] +++ exited with 0 +++ [pid 11059] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11059, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 298] umount2("./430", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./430", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./430/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./430/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./430/binderfs") = 0 [pid 298] umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11062] <... mount resumed>) = 0 [pid 11069] <... mount resumed>) = 0 [pid 11062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11062] chdir("./file0" [pid 11069] <... openat resumed>) = 3 [pid 11062] <... chdir resumed>) = 0 [pid 11069] chdir("./file0" [pid 11062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 297] <... umount2 resumed>) = 0 [pid 11069] <... chdir resumed>) = 0 [pid 11062] <... openat resumed>) = 4 [pid 297] umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11069] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11062] ioctl(4, LOOP_CLR_FD) = 0 [pid 11069] <... openat resumed>) = 4 [pid 11062] close(4 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11062] <... close resumed>) = 0 [pid 11069] ioctl(4, LOOP_CLR_FD [pid 297] newfstatat(AT_FDCWD, "./429/file0", [pid 11069] <... ioctl resumed>) = 0 [pid 11062] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = 0 [pid 11062] <... futex resumed>) = 1 [pid 11060] <... futex resumed>) = 0 [pid 11069] close(4 [pid 11062] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11060] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11069] <... close resumed>) = 0 [pid 11062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11060] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11069] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11062] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 298] newfstatat(AT_FDCWD, "./430/file0", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11069] <... futex resumed>) = 1 [pid 11068] <... futex resumed>) = 0 [pid 11069] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11068] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11062] <... openat resumed>) = 4 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] openat(AT_FDCWD, "./429/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11068] <... futex resumed>) = 0 [pid 11068] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... openat resumed>) = 4 [pid 11069] <... openat resumed>) = 4 [pid 11062] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(4, "", [pid 11069] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11062] <... futex resumed>) = 1 [pid 11060] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11069] <... futex resumed>) = 1 [pid 11062] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11060] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(4, [pid 11069] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11068] <... futex resumed>) = 0 [pid 11062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11060] <... futex resumed>) = 0 [pid 11068] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11062] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11060] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] openat(AT_FDCWD, "./430/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11068] <... futex resumed>) = 0 [pid 11062] <... write resumed>) = 16 [pid 11069] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11068] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11060] <... futex resumed>) = 0 [pid 298] <... openat resumed>) = 4 [pid 297] getdents64(4, [pid 11069] <... write resumed>) = 16 [pid 11068] <... futex resumed>) = 0 [pid 11060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] newfstatat(4, "", [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 11062] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11060] <... mmap resumed>) = 0x7fe45c3a9000 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11069] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11068] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11062] <... futex resumed>) = 0 [pid 11060] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 297] close(4 [pid 298] getdents64(4, [pid 11068] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11060] <... mprotect resumed>) = 0 [pid 11068] <... mprotect resumed>) = 0 [pid 11069] <... futex resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 11068] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11069] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11068] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11062] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11060] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] rmdir("./429/file0" [pid 11060] <... rt_sigprocmask resumed>[], 8) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 11060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11068] <... clone3 resumed> => {parent_tid=[11078]}, 88) = 11078 [pid 298] getdents64(4, [pid 297] getdents64(3, [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 11068] rt_sigprocmask(SIG_SETMASK, [], [pid 11060] <... clone3 resumed> => {parent_tid=[11079]}, 88) = 11079 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(4 [pid 11068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11060] rt_sigprocmask(SIG_SETMASK, [], [pid 297] close(3 [pid 11060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11068] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... close resumed>) = 0 [pid 11068] <... futex resumed>) = 0 [pid 11060] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] rmdir("./430/file0" [pid 297] <... close resumed>) = 0 [pid 11060] <... futex resumed>) = 0 [ 152.523016][T11061] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11068] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11060] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... rmdir resumed>) = 0 [pid 297] rmdir("./429"./strace-static-x86_64: Process 11078 attached [pid 11078] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11078] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11078] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11078] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] getdents64(3, [pid 296] <... umount2 resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 11068] <... futex resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] mkdir("./430", 0777./strace-static-x86_64: Process 11079 attached [pid 11079] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11079] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11079] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11060] <... futex resumed>) = 0 [pid 11068] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] close(3 [pid 11060] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11069] <... futex resumed>) = 0 [pid 11068] <... futex resumed>) = 1 [pid 11069] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11062] <... futex resumed>) = 0 [pid 11068] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11060] <... futex resumed>) = 1 [pid 298] <... close resumed>) = 0 [pid 11079] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11069] <... mmap resumed>) = 0x20000000 [pid 11062] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11060] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] rmdir("./430" [pid 11069] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11062] <... mmap resumed>) = 0x20000000 [pid 298] <... rmdir resumed>) = 0 [pid 11062] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11069] <... futex resumed>) = 1 [pid 11068] <... futex resumed>) = 0 [pid 11062] <... futex resumed>) = 1 [pid 11069] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11060] <... futex resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 11068] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11060] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./429/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./429/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./429/file0") = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./429") = 0 [pid 296] mkdir("./430", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11080 ./strace-static-x86_64: Process 11080 attached [pid 11080] set_robust_list(0x5555557b6760, 24) = 0 [pid 11080] chdir("./430") = 0 [pid 11080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11080] setpgid(0, 0) = 0 [pid 11080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11080] write(3, "1000", 4) = 4 [pid 11080] close(3) = 0 [pid 11080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11080] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11080] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11080] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11080] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11080] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11080] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11081]}, 88) = 11081 [pid 11080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11080] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11080] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11081 attached [pid 11081] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11081] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11081] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11080] <... futex resumed>) = 0 [pid 11080] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11080] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11081] <... futex resumed>) = 1 [pid 11081] memfd_create("syzkaller", 0) = 3 [pid 11081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11068] <... futex resumed>) = 0 [pid 11060] <... futex resumed>) = 0 [pid 298] mkdir("./431", 0777 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11068] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11060] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 11081] munmap(0x7fe453fca000, 138412032) = 0 [pid 11081] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 152.590482][T11062] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 152.615690][T11069] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11081] ioctl(4, LOOP_SET_FD, 3 [pid 11069] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11062] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 298] <... mkdir resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] ioctl(3, LOOP_CLR_FD [pid 298] <... openat resumed>) = 3 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] close(3 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... close resumed>) = 0 [pid 298] close(3 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 11082 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 11083 [pid 11069] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11069] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11068] <... futex resumed>) = 0 [pid 11068] exit_group(0 [pid 11078] <... futex resumed>) = ? [pid 11068] <... exit_group resumed>) = ? [pid 11078] +++ exited with 0 +++ [pid 11069] <... futex resumed>) = ? [pid 11069] +++ exited with 0 +++ [pid 11068] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11068, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 11062] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 299] <... restart_syscall resumed>) = 0 [pid 299] umount2("./425", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./425", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./425/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./425/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./425/binderfs") = 0 [pid 299] umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 11083 attached ./strace-static-x86_64: Process 11082 attached [pid 11081] <... ioctl resumed>) = 0 [pid 11062] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11081] close(3) = 0 [pid 11081] close(4) = 0 [pid 11081] mkdir("./file0", 0777) = 0 [pid 11081] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11082] set_robust_list(0x5555557b6760, 24) = 0 [pid 11082] chdir("./430") = 0 [pid 11082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11082] setpgid(0, 0) = 0 [pid 11082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11082] write(3, "1000", 4) = 4 [pid 11082] close(3) = 0 [pid 11082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11082] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11082] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11082] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11082] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11083] set_robust_list(0x5555557b6760, 24 [pid 11082] <... clone3 resumed> => {parent_tid=[11084]}, 88) = 11084 [pid 11060] <... futex resumed>) = 0 [pid 11060] exit_group(0 [pid 11079] <... futex resumed>) = ? [pid 11060] <... exit_group resumed>) = ? [pid 11079] +++ exited with 0 +++ [pid 11082] rt_sigprocmask(SIG_SETMASK, [], [pid 11083] <... set_robust_list resumed>) = 0 [pid 11082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11062] <... futex resumed>) = ? [pid 11083] chdir("./431" [pid 11082] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11062] +++ exited with 0 +++ [pid 11060] +++ exited with 0 +++ [pid 11083] <... chdir resumed>) = 0 [pid 11082] <... futex resumed>) = 0 [pid 11083] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11082] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11083] <... prctl resumed>) = 0 [pid 11083] setpgid(0, 0) = 0 [pid 11083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11083] write(3, "1000", 4) = 4 [pid 11083] close(3) = 0 [pid 11083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11083] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11083] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11083] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11060, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 11083] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11083] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 295] umount2("./429", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11083] <... mprotect resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11083] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] openat(AT_FDCWD, "./429", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11083] <... rt_sigprocmask resumed>[], 8) = 0 [pid 295] <... openat resumed>) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 295] getdents64(3, [pid 11083] <... clone3 resumed> => {parent_tid=[11085]}, 88) = 11085 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./429/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11083] rt_sigprocmask(SIG_SETMASK, [], [pid 295] newfstatat(AT_FDCWD, "./429/binderfs", [pid 11083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11083] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] unlink("./429/binderfs" [pid 11083] <... futex resumed>) = 0 [pid 11083] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... unlink resumed>) = 0 [ 152.628445][T11081] loop1: detected capacity change from 0 to 2048 [pid 295] umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 11084 attached [pid 11084] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11084] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11084] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11082] <... futex resumed>) = 0 [pid 11082] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11082] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11084] <... futex resumed>) = 1 [pid 11084] memfd_create("syzkaller", 0) = 3 [pid 11084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./425/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./425/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./425/file0") = 0 [pid 11084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./425"./strace-static-x86_64: Process 11085 attached [pid 11081] <... mount resumed>) = 0 [pid 11081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11085] set_robust_list(0x7fe45c3ea9a0, 24 [pid 299] <... rmdir resumed>) = 0 [pid 11081] <... openat resumed>) = 3 [pid 299] mkdir("./426", 0777 [pid 11085] <... set_robust_list resumed>) = 0 [pid 11081] chdir("./file0") = 0 [pid 11081] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11081] ioctl(4, LOOP_CLR_FD [pid 11085] rt_sigprocmask(SIG_SETMASK, [], [pid 11081] <... ioctl resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 11085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11081] close(4 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11085] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11081] <... close resumed>) = 0 [pid 11081] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 3 [pid 11085] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11081] <... futex resumed>) = 1 [pid 299] ioctl(3, LOOP_CLR_FD [pid 11085] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11081] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11085] <... futex resumed>) = 1 [pid 299] close(3 [pid 11085] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11083] <... futex resumed>) = 0 [pid 11080] <... futex resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11083] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11080] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11083] <... futex resumed>) = 1 [pid 11081] <... futex resumed>) = 0 [pid 11080] <... futex resumed>) = 1 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 11088 [pid 11083] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11081] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11080] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11081] <... openat resumed>) = 4 [pid 11081] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11080] <... futex resumed>) = 0 [pid 11081] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11080] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11080] <... futex resumed>) = 0 [pid 11081] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11080] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11081] <... write resumed>) = 16 [pid 11080] <... futex resumed>) = 0 [pid 11081] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 11088 attached [pid 11085] <... futex resumed>) = 0 [pid 11081] <... futex resumed>) = 0 [pid 11080] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11085] memfd_create("syzkaller", 0) = 3 [pid 11085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11088] set_robust_list(0x5555557b6760, 24 [pid 11084] <... write resumed>) = 1048576 [pid 11081] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11080] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 295] <... umount2 resumed>) = 0 [pid 11080] <... mprotect resumed>) = 0 [pid 11080] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11080] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11080] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./429/file0", [pid 11080] <... clone3 resumed> => {parent_tid=[11089]}, 88) = 11089 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11080] rt_sigprocmask(SIG_SETMASK, [], [pid 295] umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11080] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] openat(AT_FDCWD, "./429/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11080] <... futex resumed>) = 0 [pid 295] <... openat resumed>) = 4 [pid 11080] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./429/file0") = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3 [pid 11085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 295] <... close resumed>) = 0 [pid 295] rmdir("./429" [pid 11088] <... set_robust_list resumed>) = 0 [pid 11084] munmap(0x7fe453fca000, 138412032 [pid 295] <... rmdir resumed>) = 0 [pid 11088] chdir("./426" [pid 11084] <... munmap resumed>) = 0 [pid 295] mkdir("./430", 0777 [pid 11088] <... chdir resumed>) = 0 [pid 11084] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 295] <... mkdir resumed>) = 0 [pid 11088] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11084] <... openat resumed>) = 4 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11088] <... prctl resumed>) = 0 [pid 11084] ioctl(4, LOOP_SET_FD, 3 [pid 295] <... openat resumed>) = 3 ./strace-static-x86_64: Process 11089 attached [pid 11088] setpgid(0, 0 [pid 11085] <... write resumed>) = 1048576 [pid 11089] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11089] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11089] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11089] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11085] munmap(0x7fe453fca000, 138412032) = 0 [pid 11085] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11085] ioctl(4, LOOP_SET_FD, 3 [pid 11088] <... setpgid resumed>) = 0 [pid 11084] <... ioctl resumed>) = 0 [pid 11080] <... futex resumed>) = 0 [pid 295] ioctl(3, LOOP_CLR_FD [pid 11088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11080] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11088] <... openat resumed>) = 3 [pid 11081] <... futex resumed>) = 0 [pid 11080] <... futex resumed>) = 1 [pid 295] close(3 [pid 11088] write(3, "1000", 4 [pid 11081] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11080] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... close resumed>) = 0 [pid 11088] <... write resumed>) = 4 [pid 11081] <... mmap resumed>) = 0x20000000 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11088] close(3 [pid 11084] close(3) = 0 [pid 11084] close(4./strace-static-x86_64: Process 11090 attached [pid 11088] <... close resumed>) = 0 [pid 11085] <... ioctl resumed>) = 0 [pid 11081] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11088] symlink("/dev/binderfs", "./binderfs" [pid 11081] <... futex resumed>) = 1 [pid 11080] <... futex resumed>) = 0 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 11090 [pid 11088] <... symlink resumed>) = 0 [pid 11081] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11080] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11088] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11080] <... futex resumed>) = 0 [pid 11090] set_robust_list(0x5555557b6760, 24 [pid 11088] <... futex resumed>) = 0 [pid 11085] close(3) = 0 [pid 11085] close(4 [pid 11090] <... set_robust_list resumed>) = 0 [pid 11090] chdir("./430") = 0 [pid 11090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11090] setpgid(0, 0) = 0 [pid 11090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11090] write(3, "1000", 4) = 4 [pid 11090] close(3) = 0 [pid 11090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11090] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11090] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11090] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11090] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11091]}, 88) = 11091 [pid 11090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11090] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11090] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11091 attached [pid 11091] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11091] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11091] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11090] <... futex resumed>) = 0 [pid 11090] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11090] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11091] <... futex resumed>) = 1 [pid 11091] memfd_create("syzkaller", 0) = 3 [pid 11091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11080] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11088] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11088] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11081] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11081] sendfile(-1, -1, [0] [pid 11088] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11088] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11081] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11088] <... mprotect resumed>) = 0 [pid 11081] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11088] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11080] <... futex resumed>) = 0 [pid 11081] <... futex resumed>) = 1 [pid 11088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11080] exit_group(0 [pid 11081] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11080] <... exit_group resumed>) = ? [pid 11089] <... futex resumed>) = ? [pid 11088] <... clone3 resumed> => {parent_tid=[11092]}, 88) = 11092 [pid 11081] <... futex resumed>) = ? [pid 11089] +++ exited with 0 +++ [pid 11088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11088] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11088] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11092 attached [pid 11092] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11081] +++ exited with 0 +++ [pid 11080] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11080, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 11092] rt_sigprocmask(SIG_SETMASK, [], [pid 296] <... restart_syscall resumed>) = 0 [pid 11092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] umount2("./430", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./430", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./430/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./430/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11092] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 296] unlink("./430/binderfs" [pid 11092] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 296] <... unlink resumed>) = 0 [pid 296] umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11092] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11088] <... futex resumed>) = 0 [pid 11092] <... futex resumed>) = 1 [pid 11088] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11088] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11092] memfd_create("syzkaller", 0) = 3 [pid 11092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11091] <... write resumed>) = 1048576 [pid 11091] munmap(0x7fe453fca000, 138412032) = 0 [pid 11091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 152.726217][T11084] loop2: detected capacity change from 0 to 2048 [ 152.730433][T11085] loop3: detected capacity change from 0 to 2048 [ 152.743924][T11081] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11091] ioctl(4, LOOP_SET_FD, 3 [pid 11092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11091] <... ioctl resumed>) = 0 [pid 11091] close(3) = 0 [pid 11091] close(4 [pid 11092] <... write resumed>) = 1048576 [pid 11092] munmap(0x7fe453fca000, 138412032 [pid 11085] <... close resumed>) = 0 [pid 11084] <... close resumed>) = 0 [pid 11085] mkdir("./file0", 0777 [pid 11084] mkdir("./file0", 0777 [pid 11092] <... munmap resumed>) = 0 [pid 11085] <... mkdir resumed>) = 0 [pid 11085] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11084] <... mkdir resumed>) = 0 [pid 11092] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11084] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11092] <... openat resumed>) = 4 [pid 11092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11092] close(3) = 0 [pid 11092] close(4 [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./430/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./430/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./430/file0") = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./430") = 0 [pid 296] mkdir("./431", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 11091] <... close resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11093 ./strace-static-x86_64: Process 11093 attached [pid 11093] set_robust_list(0x5555557b6760, 24) = 0 [pid 11093] chdir("./431") = 0 [pid 11093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11093] setpgid(0, 0) = 0 [pid 11093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11093] write(3, "1000", 4) = 4 [pid 11093] close(3) = 0 [pid 11093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11093] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11093] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11093] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11091] mkdir("./file0", 0777 [pid 11093] <... clone3 resumed> => {parent_tid=[11095]}, 88) = 11095 [pid 11093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11093] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11091] <... mkdir resumed>) = 0 [pid 11093] <... futex resumed>) = 0 [pid 11093] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11091] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue"./strace-static-x86_64: Process 11095 attached [pid 11095] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11095] rt_sigprocmask(SIG_SETMASK, [], [pid 11085] <... mount resumed>) = 0 [pid 11085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11085] chdir("./file0") = 0 [pid 11085] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11085] ioctl(4, LOOP_CLR_FD) = 0 [pid 11085] close(4) = 0 [pid 11085] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11083] <... futex resumed>) = 0 [pid 11085] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11083] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11085] <... openat resumed>) = 4 [pid 11083] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11085] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11083] <... futex resumed>) = 0 [pid 11085] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11083] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11085] <... write resumed>) = 16 [pid 11083] <... futex resumed>) = 0 [pid 11085] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11083] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11085] <... futex resumed>) = 0 [pid 11083] <... futex resumed>) = 0 [pid 11085] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11083] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11083] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11095] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11083] <... clone3 resumed> => {parent_tid=[11098]}, 88) = 11098 [pid 11083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11083] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11095] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11083] <... futex resumed>) = 0 [pid 11093] <... futex resumed>) = 0 [pid 11083] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11093] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11093] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11095] <... futex resumed>) = 1 [pid 11095] memfd_create("syzkaller", 0) = 3 [pid 11095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 ./strace-static-x86_64: Process 11098 attached [pid 11098] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11098] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11098] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11083] <... futex resumed>) = 0 [pid 11083] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11085] <... futex resumed>) = 0 [pid 11083] <... futex resumed>) = 1 [pid 11085] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11083] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11085] <... mmap resumed>) = 0x20000000 [pid 11085] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11083] <... futex resumed>) = 0 [pid 11085] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11083] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [ 152.774021][T11091] loop0: detected capacity change from 0 to 2048 [ 152.787206][T11092] loop4: detected capacity change from 0 to 2048 [pid 11085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11083] <... futex resumed>) = 0 [pid 11098] <... futex resumed>) = 1 [pid 11095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11098] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11083] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11084] <... mount resumed>) = 0 [pid 11085] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11085] sendfile(-1, -1, [0] [pid 11084] <... openat resumed>) = 3 [pid 11085] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11084] chdir("./file0" [pid 11085] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11084] <... chdir resumed>) = 0 [pid 11084] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11084] ioctl(4, LOOP_CLR_FD) = 0 [pid 11084] close(4) = 0 [pid 11084] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11085] <... futex resumed>) = 1 [pid 11084] <... futex resumed>) = 1 [pid 11083] <... futex resumed>) = 0 [pid 11082] <... futex resumed>) = 0 [pid 11085] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11084] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11083] exit_group(0 [pid 11082] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11098] <... futex resumed>) = ? [pid 11085] <... futex resumed>) = ? [pid 11084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11083] <... exit_group resumed>) = ? [pid 11082] <... futex resumed>) = 0 [pid 11098] +++ exited with 0 +++ [pid 11085] +++ exited with 0 +++ [pid 11084] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11083] +++ exited with 0 +++ [pid 11082] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11092] <... close resumed>) = 0 [pid 11084] <... openat resumed>) = 4 [pid 11092] mkdir("./file0", 0777 [pid 11084] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11095] <... write resumed>) = 1048576 [pid 11092] <... mkdir resumed>) = 0 [pid 11084] <... futex resumed>) = 1 [pid 11082] <... futex resumed>) = 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11083, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 11092] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11084] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11082] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11095] munmap(0x7fe453fca000, 138412032 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 11095] <... munmap resumed>) = 0 [pid 11084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11082] <... futex resumed>) = 0 [pid 298] <... restart_syscall resumed>) = 0 [pid 11095] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11084] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11082] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11084] <... write resumed>) = 16 [pid 11082] <... futex resumed>) = 0 [pid 11084] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11084] <... futex resumed>) = 0 [pid 11082] <... mmap resumed>) = 0x7fe45c3a9000 [pid 298] umount2("./431", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11084] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11082] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 298] openat(AT_FDCWD, "./431", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11095] <... openat resumed>) = 4 [pid 11082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 298] <... openat resumed>) = 3 [pid 11095] ioctl(4, LOOP_SET_FD, 3 [pid 11082] <... clone3 resumed> => {parent_tid=[11100]}, 88) = 11100 [pid 11082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11082] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11082] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11100 attached [pid 11100] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11100] rt_sigprocmask(SIG_SETMASK, [], [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11100] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11100] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11082] <... futex resumed>) = 0 [pid 11100] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11082] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11084] <... futex resumed>) = 0 [pid 11082] <... futex resumed>) = 1 [pid 11084] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11082] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11084] <... mmap resumed>) = 0x20000000 [pid 11084] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11082] <... futex resumed>) = 0 [pid 11084] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11082] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11082] <... futex resumed>) = 0 [pid 11095] <... ioctl resumed>) = 0 [pid 298] getdents64(3, [pid 11095] close(3 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11095] <... close resumed>) = 0 [pid 298] umount2("./431/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11095] close(4 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./431/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./431/binderfs") = 0 [pid 298] umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11082] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11092] <... mount resumed>) = 0 [pid 11092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11092] chdir("./file0") = 0 [pid 11092] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11092] ioctl(4, LOOP_CLR_FD) = 0 [pid 11092] close(4) = 0 [pid 11092] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11088] <... futex resumed>) = 0 [pid 11088] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11088] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11092] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11084] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11092] <... openat resumed>) = 4 [pid 11084] sendfile(-1, -1, [0] [pid 11092] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11088] <... futex resumed>) = 0 [pid 11088] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11088] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11088] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11088] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11092] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11088] <... clone3 resumed> => {parent_tid=[11105]}, 88) = 11105 [pid 11088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11088] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11088] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11105 attached [pid 11105] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11105] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11092] <... write resumed>) = 16 [pid 11105] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11088] <... futex resumed>) = 0 [pid 11092] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11088] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11088] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11105] <... futex resumed>) = 1 [pid 11105] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11084] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11084] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11082] <... futex resumed>) = 0 [pid 11082] exit_group(0 [pid 11100] <... futex resumed>) = ? [pid 11082] <... exit_group resumed>) = ? [pid 11100] +++ exited with 0 +++ [pid 11084] <... futex resumed>) = ? [pid 11092] <... futex resumed>) = 1 [pid 11088] <... futex resumed>) = 0 [pid 11088] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 11092] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11084] +++ exited with 0 +++ [pid 11082] +++ exited with 0 +++ [pid 11091] <... mount resumed>) = 0 [pid 11092] <... mmap resumed>) = 0x20000000 [pid 11091] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11092] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11082, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 11092] <... futex resumed>) = 1 [pid 11088] <... futex resumed>) = 0 [pid 11092] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 11092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11091] <... openat resumed>) = 3 [pid 11088] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] <... restart_syscall resumed>) = 0 [ 152.820894][T11085] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 152.847379][T11095] loop1: detected capacity change from 0 to 2048 [ 152.848700][T11084] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11088] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11091] chdir("./file0" [pid 11095] <... close resumed>) = 0 [pid 11095] mkdir("./file0", 0777 [pid 11091] <... chdir resumed>) = 0 [pid 11095] <... mkdir resumed>) = 0 [pid 11095] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11091] ioctl(4, LOOP_CLR_FD) = 0 [pid 11091] close(4) = 0 [pid 11091] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11091] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] umount2("./430", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./430", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./430/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./430/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./430/binderfs") = 0 [pid 297] umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11090] <... futex resumed>) = 0 [pid 11090] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11091] <... futex resumed>) = 0 [pid 11090] <... futex resumed>) = 1 [pid 11091] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11090] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11092] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11092] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11092] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11088] <... futex resumed>) = 0 [pid 11088] exit_group(0 [pid 11105] <... futex resumed>) = ? [pid 11088] <... exit_group resumed>) = ? [pid 11105] +++ exited with 0 +++ [pid 11091] <... openat resumed>) = 4 [pid 11091] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11090] <... futex resumed>) = 0 [pid 11091] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 11090] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11091] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11090] <... futex resumed>) = 0 [pid 11092] <... futex resumed>) = ? [pid 11092] +++ exited with 0 +++ [pid 11088] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11088, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 11090] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11091] <... write resumed>) = 16 [pid 299] <... restart_syscall resumed>) = 0 [pid 11090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11091] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11090] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11090] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11091] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] umount2("./426", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11090] <... mprotect resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11090] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] openat(AT_FDCWD, "./426", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11090] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] <... openat resumed>) = 3 [pid 297] <... umount2 resumed>) = 0 [pid 11090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, [pid 297] umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11090] <... clone3 resumed> => {parent_tid=[11108]}, 88) = 11108 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./426/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./426/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./426/binderfs") = 0 [pid 299] umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11090] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11090] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] newfstatat(AT_FDCWD, "./430/file0", [pid 11090] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./430/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 11108 attached [pid 297] close(4) = 0 [pid 297] rmdir("./430/file0") = 0 [pid 11108] set_robust_list(0x7fe45c3c99a0, 24 [pid 11095] <... mount resumed>) = 0 [pid 297] getdents64(3, [pid 11095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 11095] <... openat resumed>) = 3 [pid 297] close(3 [pid 11095] chdir("./file0" [pid 297] <... close resumed>) = 0 [pid 11108] <... set_robust_list resumed>) = 0 [pid 11095] <... chdir resumed>) = 0 [pid 297] rmdir("./430" [pid 11095] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 297] <... rmdir resumed>) = 0 [pid 11108] rt_sigprocmask(SIG_SETMASK, [], [pid 11095] ioctl(4, LOOP_CLR_FD [pid 297] mkdir("./431", 0777 [pid 11095] <... ioctl resumed>) = 0 [pid 11108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11108] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11095] close(4 [pid 297] <... mkdir resumed>) = 0 [pid 11095] <... close resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11095] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11093] <... futex resumed>) = 0 [pid 11095] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11093] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11093] <... futex resumed>) = 0 [pid 11095] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11093] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11108] <... write resumed>) = 16 [pid 11108] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11095] <... openat resumed>) = 4 [pid 11095] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11093] <... futex resumed>) = 0 [pid 11095] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11093] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11093] <... futex resumed>) = 0 [pid 11095] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11093] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11095] <... write resumed>) = 16 [pid 11093] <... futex resumed>) = 0 [pid 11095] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11095] <... futex resumed>) = 0 [pid 11093] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11095] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11093] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11108] <... futex resumed>) = 1 [pid 11093] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11090] <... futex resumed>) = 0 [pid 11093] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11108] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11090] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11093] <... clone3 resumed> => {parent_tid=[11110]}, 88) = 11110 [pid 11091] <... futex resumed>) = 0 [pid 11090] <... futex resumed>) = 1 [pid 11093] rt_sigprocmask(SIG_SETMASK, [], [pid 11091] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11090] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11110 attached [pid 11093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11091] <... mmap resumed>) = 0x20000000 [pid 11093] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11091] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11093] <... futex resumed>) = 0 [pid 11091] <... futex resumed>) = 1 [pid 11090] <... futex resumed>) = 0 [pid 11093] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11091] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11090] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11090] <... futex resumed>) = 0 [ 152.880867][T11092] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11110] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11110] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11110] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11093] <... futex resumed>) = 0 [pid 11093] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11095] <... futex resumed>) = 0 [pid 11093] <... futex resumed>) = 1 [pid 11095] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11093] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11095] <... mmap resumed>) = 0x20000000 [pid 11095] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11093] <... futex resumed>) = 0 [pid 11095] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11093] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11093] <... futex resumed>) = 0 [pid 11110] <... futex resumed>) = 1 [pid 11091] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11090] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./431/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./431/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 11093] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./431/file0" [pid 11110] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11095] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11091] sendfile(-1, -1, [0] [pid 298] <... rmdir resumed>) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./431" [pid 11095] sendfile(-1, -1, [0] [pid 11091] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 298] <... rmdir resumed>) = 0 [pid 11095] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11095] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11091] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11095] <... futex resumed>) = 1 [pid 11093] <... futex resumed>) = 0 [pid 11091] <... futex resumed>) = 1 [pid 11090] <... futex resumed>) = 0 [pid 11095] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11093] exit_group(0 [pid 11091] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11090] exit_group(0 [pid 11110] <... futex resumed>) = ? [pid 11108] <... futex resumed>) = ? [pid 11095] <... futex resumed>) = ? [pid 11093] <... exit_group resumed>) = ? [pid 11091] <... futex resumed>) = ? [pid 11090] <... exit_group resumed>) = ? [pid 11110] +++ exited with 0 +++ [pid 11108] +++ exited with 0 +++ [pid 11095] +++ exited with 0 +++ [pid 11093] +++ exited with 0 +++ [pid 11091] +++ exited with 0 +++ [pid 11090] +++ exited with 0 +++ [pid 299] <... umount2 resumed>) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11093, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11090, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 296] umount2("./431", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./430", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./431", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] openat(AT_FDCWD, "./430", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 296] newfstatat(3, "", [pid 295] newfstatat(3, "", [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, [pid 295] getdents64(3, [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] <... openat resumed>) = 3 [pid 296] umount2("./431/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./430/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./431/binderfs", [pid 295] newfstatat(AT_FDCWD, "./430/binderfs", [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./431/binderfs" [pid 295] unlink("./430/binderfs" [pid 296] <... unlink resumed>) = 0 [pid 295] <... unlink resumed>) = 0 [pid 296] umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] mkdir("./432", 0777 [pid 297] ioctl(3, LOOP_CLR_FD [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... mkdir resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] newfstatat(AT_FDCWD, "./426/file0", [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] close(3 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... openat resumed>) = 3 [pid 297] <... close resumed>) = 0 [pid 299] umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] openat(AT_FDCWD, "./426/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] close(3 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 11111 [pid 299] <... openat resumed>) = 4 [pid 298] <... close resumed>) = 0 [pid 299] newfstatat(4, "", [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 11112 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./426/file0") = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./426") = 0 [pid 299] mkdir("./427", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11113 ./strace-static-x86_64: Process 11113 attached [pid 11113] set_robust_list(0x5555557b6760, 24) = 0 [pid 11113] chdir("./427") = 0 [pid 11113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11113] setpgid(0, 0) = 0 [pid 11113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11113] write(3, "1000", 4) = 4 [pid 11113] close(3) = 0 [pid 11113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11113] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11113] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11113] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], ./strace-static-x86_64: Process 11112 attached ./strace-static-x86_64: Process 11111 attached NULL, 8) = 0 [pid 11112] set_robust_list(0x5555557b6760, 24 [pid 11111] set_robust_list(0x5555557b6760, 24 [pid 11113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11113] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11113] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11114]}, 88) = 11114 [pid 11113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 11113] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11113] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11114 attached [pid 11114] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11114] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11114] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... umount2 resumed>) = 0 [pid 295] umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11113] <... futex resumed>) = 0 [pid 11113] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11113] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11114] <... futex resumed>) = 1 [pid 11114] memfd_create("syzkaller", 0) = 3 [pid 11114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./430/file0", [pid 296] newfstatat(AT_FDCWD, "./431/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11114] <... mmap resumed>) = 0x7fe453fca000 [pid 296] umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11111] <... set_robust_list resumed>) = 0 [pid 296] openat(AT_FDCWD, "./431/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11111] chdir("./431" [pid 296] <... openat resumed>) = 4 [ 152.927227][T11091] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 152.929742][T11095] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 295] openat(AT_FDCWD, "./430/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11111] <... chdir resumed>) = 0 [pid 296] newfstatat(4, "", [pid 11114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11112] <... set_robust_list resumed>) = 0 [pid 11111] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] <... openat resumed>) = 4 [pid 11111] <... prctl resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] newfstatat(4, "", [pid 296] getdents64(4, [pid 11112] chdir("./432" [pid 11111] setpgid(0, 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11112] <... chdir resumed>) = 0 [pid 11111] <... setpgid resumed>) = 0 [pid 296] getdents64(4, [pid 295] getdents64(4, [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4 [pid 11111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11112] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 296] <... close resumed>) = 0 [pid 295] getdents64(4, [pid 11112] <... prctl resumed>) = 0 [pid 11111] <... openat resumed>) = 3 [pid 296] rmdir("./431/file0" [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 11111] write(3, "1000", 4 [pid 296] <... rmdir resumed>) = 0 [pid 11111] <... write resumed>) = 4 [pid 11112] setpgid(0, 0 [pid 295] close(4 [pid 11112] <... setpgid resumed>) = 0 [pid 11111] close(3 [pid 296] getdents64(3, [pid 11111] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 11111] symlink("/dev/binderfs", "./binderfs" [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] rmdir("./430/file0" [pid 296] close(3 [pid 295] <... rmdir resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 295] getdents64(3, [pid 296] rmdir("./431" [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 295] close(3 [pid 11111] <... symlink resumed>) = 0 [pid 296] mkdir("./432", 0777 [pid 295] <... close resumed>) = 0 [pid 11111] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... mkdir resumed>) = 0 [pid 295] rmdir("./430" [pid 11112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11111] <... futex resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11111] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 296] <... openat resumed>) = 3 [pid 295] <... rmdir resumed>) = 0 [pid 11112] <... openat resumed>) = 3 [pid 11111] <... rt_sigaction resumed>NULL, 8) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 295] mkdir("./431", 0777 [pid 11112] write(3, "1000", 4 [pid 11111] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11112] <... write resumed>) = 4 [pid 11111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] close(3 [pid 295] <... mkdir resumed>) = 0 [pid 11112] close(3 [pid 11111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] <... close resumed>) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... openat resumed>) = 3 [pid 11112] <... close resumed>) = 0 [pid 11111] <... mmap resumed>) = 0x7fe45c3ca000 [pid 295] ioctl(3, LOOP_CLR_FD [pid 11112] symlink("/dev/binderfs", "./binderfs" [pid 11111] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 11115 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11111] <... mprotect resumed>) = 0 [pid 11111] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] close(3 [pid 11112] <... symlink resumed>) = 0 [pid 11111] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11112] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 295] <... close resumed>) = 0 [pid 11112] <... futex resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11112] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11111] <... clone3 resumed> => {parent_tid=[11116]}, 88) = 11116 [pid 11112] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11111] rt_sigprocmask(SIG_SETMASK, [], [pid 11112] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 11117 [pid 11112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11111] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11111] <... futex resumed>) = 0 [pid 11112] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11111] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11112] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11112] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11118]}, 88) = 11118 [pid 11112] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 11115 attached NULL, 8) = 0 [pid 11115] set_robust_list(0x5555557b6760, 24 [pid 11114] <... write resumed>) = 1048576 [pid 11112] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 11116 attached [pid 11115] <... set_robust_list resumed>) = 0 [pid 11112] <... futex resumed>) = 0 [pid 11112] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11115] chdir("./432") = 0 [pid 11114] munmap(0x7fe453fca000, 138412032 [pid 11116] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11114] <... munmap resumed>) = 0 [pid 11116] <... set_robust_list resumed>) = 0 [pid 11115] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 11118 attached ./strace-static-x86_64: Process 11117 attached [pid 11116] rt_sigprocmask(SIG_SETMASK, [], [pid 11115] <... prctl resumed>) = 0 [pid 11114] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11115] setpgid(0, 0 [pid 11116] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11115] <... setpgid resumed>) = 0 [pid 11118] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11116] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11118] <... set_robust_list resumed>) = 0 [pid 11117] set_robust_list(0x5555557b6760, 24 [pid 11116] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11115] <... openat resumed>) = 3 [pid 11116] <... futex resumed>) = 1 [pid 11115] write(3, "1000", 4 [pid 11111] <... futex resumed>) = 0 [pid 11116] memfd_create("syzkaller", 0 [pid 11115] <... write resumed>) = 4 [pid 11111] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11118] rt_sigprocmask(SIG_SETMASK, [], [pid 11117] <... set_robust_list resumed>) = 0 [pid 11116] <... memfd_create resumed>) = 3 [pid 11115] close(3 [pid 11111] <... futex resumed>) = 0 [pid 11114] <... openat resumed>) = 4 [pid 11116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11115] <... close resumed>) = 0 [pid 11111] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11116] <... mmap resumed>) = 0x7fe453fca000 [pid 11115] symlink("/dev/binderfs", "./binderfs" [pid 11118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11117] chdir("./431" [pid 11114] ioctl(4, LOOP_SET_FD, 3 [pid 11118] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11115] <... symlink resumed>) = 0 [pid 11118] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11117] <... chdir resumed>) = 0 [pid 11115] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11114] <... ioctl resumed>) = 0 [pid 11115] <... futex resumed>) = 0 [pid 11115] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11115] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11115] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11115] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11118] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11117] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11115] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11118] <... futex resumed>) = 1 [pid 11117] <... prctl resumed>) = 0 [pid 11114] close(3 [pid 11112] <... futex resumed>) = 0 [pid 11115] <... clone3 resumed> => {parent_tid=[11119]}, 88) = 11119 [pid 11112] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11118] memfd_create("syzkaller", 0 [pid 11117] setpgid(0, 0 [pid 11115] rt_sigprocmask(SIG_SETMASK, [], [pid 11112] <... futex resumed>) = 0 [pid 11114] <... close resumed>) = 0 [pid 11115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11112] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11118] <... memfd_create resumed>) = 3 [pid 11117] <... setpgid resumed>) = 0 [pid 11115] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11115] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11119 attached [pid 11119] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11119] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11119] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11115] <... futex resumed>) = 0 [pid 11115] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11115] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11119] <... futex resumed>) = 1 [pid 11119] memfd_create("syzkaller", 0 [pid 11117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11119] <... memfd_create resumed>) = 3 [pid 11118] <... mmap resumed>) = 0x7fe453fca000 [pid 11117] <... openat resumed>) = 3 [pid 11119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11117] write(3, "1000", 4) = 4 [pid 11117] close(3) = 0 [pid 11117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11117] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11117] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11117] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11117] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11117] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11120]}, 88) = 11120 [pid 11117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11117] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11117] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11114] close(4 [pid 11118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 11120 attached [pid 11120] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11120] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11120] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11120] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11117] <... futex resumed>) = 0 [pid 11117] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11120] <... futex resumed>) = 0 [pid 11117] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11120] memfd_create("syzkaller", 0) = 3 [pid 11120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11116] <... write resumed>) = 1048576 [pid 11118] <... write resumed>) = 1048576 [pid 11116] munmap(0x7fe453fca000, 138412032 [pid 11118] munmap(0x7fe453fca000, 138412032 [pid 11116] <... munmap resumed>) = 0 [pid 11116] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11116] ioctl(4, LOOP_SET_FD, 3 [pid 11118] <... munmap resumed>) = 0 [pid 11119] <... write resumed>) = 1048576 [pid 11119] munmap(0x7fe453fca000, 138412032) = 0 [pid 11119] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11119] ioctl(4, LOOP_SET_FD, 3 [pid 11120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11118] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11116] <... ioctl resumed>) = 0 [pid 11118] <... openat resumed>) = 4 [pid 11118] ioctl(4, LOOP_SET_FD, 3 [pid 11120] <... write resumed>) = 1048576 [pid 11119] <... ioctl resumed>) = 0 [pid 11116] close(3) = 0 [pid 11116] close(4 [ 153.035409][T11114] loop4: detected capacity change from 0 to 2048 [ 153.068423][T11116] loop2: detected capacity change from 0 to 2048 [ 153.069626][T11119] loop1: detected capacity change from 0 to 2048 [pid 11119] close(3) = 0 [pid 11119] close(4 [pid 11120] munmap(0x7fe453fca000, 138412032) = 0 [pid 11120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11120] ioctl(4, LOOP_SET_FD, 3 [pid 11118] <... ioctl resumed>) = 0 [pid 11118] close(3) = 0 [pid 11118] close(4 [pid 11120] <... ioctl resumed>) = 0 [pid 11114] <... close resumed>) = 0 [pid 11120] close(3 [pid 11114] mkdir("./file0", 0777 [pid 11120] <... close resumed>) = 0 [pid 11120] close(4 [pid 11114] <... mkdir resumed>) = 0 [pid 11114] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11119] <... close resumed>) = 0 [pid 11119] mkdir("./file0", 0777 [pid 11116] <... close resumed>) = 0 [pid 11119] <... mkdir resumed>) = 0 [pid 11119] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11116] mkdir("./file0", 0777) = 0 [pid 11116] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 11119] <... mount resumed>) = 0 [pid 11119] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11119] <... openat resumed>) = 3 [pid 11116] <... openat resumed>) = 3 [pid 11119] chdir("./file0" [pid 11116] chdir("./file0" [pid 11119] <... chdir resumed>) = 0 [pid 11116] <... chdir resumed>) = 0 [pid 11119] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11116] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11119] <... openat resumed>) = 4 [pid 11116] <... openat resumed>) = 4 [pid 11119] ioctl(4, LOOP_CLR_FD [pid 11116] ioctl(4, LOOP_CLR_FD [pid 11119] <... ioctl resumed>) = 0 [pid 11116] <... ioctl resumed>) = 0 [pid 11116] close(4 [pid 11119] close(4 [pid 11116] <... close resumed>) = 0 [pid 11119] <... close resumed>) = 0 [pid 11119] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11116] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11119] <... futex resumed>) = 1 [pid 11116] <... futex resumed>) = 1 [pid 11115] <... futex resumed>) = 0 [pid 11111] <... futex resumed>) = 0 [pid 11111] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11119] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11116] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11115] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11111] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11115] <... futex resumed>) = 0 [pid 11115] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11119] <... openat resumed>) = 4 [pid 11116] <... openat resumed>) = 4 [pid 11119] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11116] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11119] <... futex resumed>) = 1 [pid 11116] <... futex resumed>) = 1 [pid 11115] <... futex resumed>) = 0 [pid 11111] <... futex resumed>) = 0 [pid 11115] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11111] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11116] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11119] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11116] <... write resumed>) = 16 [pid 11115] <... futex resumed>) = 0 [pid 11111] <... futex resumed>) = 0 [pid 11119] <... write resumed>) = 16 [pid 11116] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11115] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11111] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11119] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11116] <... futex resumed>) = 0 [pid 11115] <... futex resumed>) = 0 [pid 11111] <... futex resumed>) = 0 [pid 11119] <... futex resumed>) = 0 [pid 11116] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11111] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11119] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11115] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11116] <... write resumed>) = 16 [pid 11115] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11116] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11115] <... mprotect resumed>) = 0 [pid 11116] <... futex resumed>) = 1 [pid 11115] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11111] <... futex resumed>) = 0 [pid 11116] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11115] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11111] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11111] <... futex resumed>) = 0 ./strace-static-x86_64: Process 11125 attached [pid 11116] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [ 153.080560][T11118] loop3: detected capacity change from 0 to 2048 [ 153.087678][T11120] loop0: detected capacity change from 0 to 2048 [pid 11111] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11120] <... close resumed>) = 0 [pid 11118] <... close resumed>) = 0 [pid 11116] <... mmap resumed>) = 0x20000000 [pid 11115] <... clone3 resumed> => {parent_tid=[11125]}, 88) = 11125 [pid 11120] mkdir("./file0", 0777 [pid 11118] mkdir("./file0", 0777 [pid 11115] rt_sigprocmask(SIG_SETMASK, [], [pid 11120] <... mkdir resumed>) = 0 [pid 11118] <... mkdir resumed>) = 0 [pid 11115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11118] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11120] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11116] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11115] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11115] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11116] <... futex resumed>) = 1 [pid 11111] <... futex resumed>) = 0 [pid 11116] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11111] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11111] <... futex resumed>) = 0 [pid 11111] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11125] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11125] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11125] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11125] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11115] <... futex resumed>) = 0 [pid 11115] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11115] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11119] <... futex resumed>) = 0 [pid 11119] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 11119] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11115] <... futex resumed>) = 0 [pid 11119] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11115] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11119] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11115] <... futex resumed>) = 0 [pid 11115] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11119] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11119] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11119] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11115] <... futex resumed>) = 0 [pid 11115] exit_group(0 [pid 11125] <... futex resumed>) = ? [pid 11115] <... exit_group resumed>) = ? [pid 11125] +++ exited with 0 +++ [pid 11119] <... futex resumed>) = ? [pid 11119] +++ exited with 0 +++ [pid 11115] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11115, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./432", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./432", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./432/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./432/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./432/binderfs") = 0 [pid 296] umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11116] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11114] <... mount resumed>) = 0 [pid 11116] sendfile(-1, -1, [0] [pid 11114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11116] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11114] <... openat resumed>) = 3 [pid 11116] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11114] chdir("./file0" [pid 11116] <... futex resumed>) = 1 [pid 11111] <... futex resumed>) = 0 [pid 11111] exit_group(0) = ? [pid 11114] <... chdir resumed>) = 0 [pid 11114] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11116] +++ exited with 0 +++ [pid 11114] ioctl(4, LOOP_CLR_FD [pid 11111] +++ exited with 0 +++ [pid 11114] <... ioctl resumed>) = 0 [pid 11114] close(4) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11111, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 296] <... umount2 resumed>) = 0 [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./431", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./431", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11120] <... mount resumed>) = 0 [pid 11114] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./431/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11114] <... futex resumed>) = 1 [pid 11113] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11120] <... openat resumed>) = 3 [pid 11114] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11113] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] newfstatat(AT_FDCWD, "./431/binderfs", [pid 296] newfstatat(AT_FDCWD, "./432/file0", [pid 11120] chdir("./file0" [pid 11114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11113] <... futex resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11120] <... chdir resumed>) = 0 [pid 11114] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11113] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] unlink("./431/binderfs" [pid 296] umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11120] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11114] <... openat resumed>) = 4 [pid 297] <... unlink resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11120] <... openat resumed>) = 4 [pid 11114] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] openat(AT_FDCWD, "./432/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11120] ioctl(4, LOOP_CLR_FD [pid 11114] <... futex resumed>) = 1 [pid 11113] <... futex resumed>) = 0 [pid 11113] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11120] <... ioctl resumed>) = 0 [pid 11114] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11113] <... futex resumed>) = 0 [pid 296] <... openat resumed>) = 4 [pid 11120] close(4 [pid 11114] <... write resumed>) = 16 [pid 11113] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = 0 [pid 296] newfstatat(4, "", [pid 11120] <... close resumed>) = 0 [pid 11114] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11113] <... futex resumed>) = 0 [pid 297] umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11120] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11114] <... futex resumed>) = 0 [pid 11113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] getdents64(4, [pid 11120] <... futex resumed>) = 1 [pid 11117] <... futex resumed>) = 0 [pid 11114] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11113] <... mmap resumed>) = 0x7fe45c3a9000 [pid 297] newfstatat(AT_FDCWD, "./431/file0", [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11120] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11117] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11113] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] getdents64(4, [pid 11120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11117] <... futex resumed>) = 0 [pid 11113] <... mprotect resumed>) = 0 [pid 297] umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 11120] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11117] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11113] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11113] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11120] <... openat resumed>) = 4 [pid 297] openat(AT_FDCWD, "./431/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] close(4 [pid 11120] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 297] <... openat resumed>) = 4 [pid 296] <... close resumed>) = 0 [pid 11120] <... futex resumed>) = 1 [pid 11117] <... futex resumed>) = 0 [pid 297] newfstatat(4, "", [pid 296] rmdir("./432/file0" [pid 11120] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11117] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11113] <... clone3 resumed> => {parent_tid=[11132]}, 88) = 11132 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11117] <... futex resumed>) = 0 [pid 11113] rt_sigprocmask(SIG_SETMASK, [], [pid 297] getdents64(4, [pid 296] <... rmdir resumed>) = 0 [pid 11120] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11117] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(3, [pid 11120] <... write resumed>) = 16 [pid 11117] <... futex resumed>) = 0 [pid 11113] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(4, [pid 11120] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11113] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 11120] <... futex resumed>) = 0 [pid 11117] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11113] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] close(4 [pid 296] close(3 [pid 11120] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11117] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 297] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 11117] <... mprotect resumed>) = 0 [pid 297] rmdir("./431/file0" [pid 296] rmdir("./432" [pid 11117] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 11117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 297] getdents64(3, [pid 296] <... rmdir resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] mkdir("./433", 0777 [pid 11117] <... clone3 resumed> => {parent_tid=[11133]}, 88) = 11133 [pid 297] close(3 [pid 11117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11117] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] <... close resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 11117] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] rmdir("./431" [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 297] <... rmdir resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 297] mkdir("./432", 0777 [pid 296] ioctl(3, LOOP_CLR_FD [pid 297] <... mkdir resumed>) = 0 [pid 296] <... ioctl resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] close(3 [pid 297] <... openat resumed>) = 3 [pid 296] <... close resumed>) = 0 [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... ioctl resumed>) = 0 [pid 297] close(3) = 0 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 11134 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11135 ./strace-static-x86_64: Process 11134 attached [pid 11134] set_robust_list(0x5555557b6760, 24) = 0 [pid 11134] chdir("./433") = 0 [pid 11134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11134] setpgid(0, 0) = 0 [pid 11134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11134] write(3, "1000", 4./strace-static-x86_64: Process 11133 attached ./strace-static-x86_64: Process 11135 attached ./strace-static-x86_64: Process 11132 attached ) = 4 [pid 11134] close(3) = 0 [pid 11118] <... mount resumed>) = 0 [pid 11134] symlink("/dev/binderfs", "./binderfs" [pid 11118] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11118] chdir("./file0" [pid 11133] set_robust_list(0x7fe45c3c99a0, 24 [pid 11118] <... chdir resumed>) = 0 [ 153.140381][T11116] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 153.157093][T11119] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11135] set_robust_list(0x5555557b6760, 24 [pid 11134] <... symlink resumed>) = 0 [pid 11133] <... set_robust_list resumed>) = 0 [pid 11132] set_robust_list(0x7fe45c3c99a0, 24 [pid 11118] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11135] <... set_robust_list resumed>) = 0 [pid 11134] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11133] rt_sigprocmask(SIG_SETMASK, [], [pid 11132] <... set_robust_list resumed>) = 0 [pid 11118] <... openat resumed>) = 4 [pid 11135] chdir("./432" [pid 11134] <... futex resumed>) = 0 [pid 11133] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11132] rt_sigprocmask(SIG_SETMASK, [], [pid 11118] ioctl(4, LOOP_CLR_FD [pid 11135] <... chdir resumed>) = 0 [pid 11134] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11133] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11118] <... ioctl resumed>) = 0 [pid 11135] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11134] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11133] <... write resumed>) = 16 [pid 11132] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11118] close(4 [pid 11135] <... prctl resumed>) = 0 [pid 11134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11133] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11132] <... write resumed>) = 16 [pid 11118] <... close resumed>) = 0 [pid 11135] setpgid(0, 0 [pid 11133] <... futex resumed>) = 1 [pid 11118] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11117] <... futex resumed>) = 0 [pid 11132] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11135] <... setpgid resumed>) = 0 [pid 11134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11133] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11118] <... futex resumed>) = 1 [pid 11117] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11112] <... futex resumed>) = 0 [pid 11113] <... futex resumed>) = 0 [pid 11132] <... futex resumed>) = 1 [pid 11135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11132] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11120] <... futex resumed>) = 0 [pid 11118] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11117] <... futex resumed>) = 1 [pid 11113] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11112] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11135] <... openat resumed>) = 3 [pid 11134] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11120] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11117] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11114] <... futex resumed>) = 0 [pid 11113] <... futex resumed>) = 1 [pid 11112] <... futex resumed>) = 0 [pid 11135] write(3, "1000", 4 [pid 11134] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11120] <... mmap resumed>) = 0x20000000 [pid 11118] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11114] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11113] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11112] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11135] <... write resumed>) = 4 [pid 11134] <... mprotect resumed>) = 0 [pid 11120] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11135] close(3 [pid 11134] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11120] <... futex resumed>) = 1 [pid 11118] <... openat resumed>) = 4 [pid 11117] <... futex resumed>) = 0 [pid 11114] <... mmap resumed>) = 0x20000000 [pid 11135] <... close resumed>) = 0 [pid 11134] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11120] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11118] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11117] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11114] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11135] symlink("/dev/binderfs", "./binderfs" [pid 11134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11118] <... futex resumed>) = 1 [pid 11117] <... futex resumed>) = 0 [pid 11114] <... futex resumed>) = 1 [pid 11113] <... futex resumed>) = 0 [pid 11112] <... futex resumed>) = 0 [pid 11134] <... clone3 resumed> => {parent_tid=[11136]}, 88) = 11136 [pid 11134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11134] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11134] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11113] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11112] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11113] <... futex resumed>) = 0 [pid 11112] <... futex resumed>) = 0 [pid 11117] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11113] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11112] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11135] <... symlink resumed>) = 0 [pid 11135] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11135] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11135] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11135] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11137]}, 88) = 11137 [pid 11135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11135] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11135] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11136 attached [pid 11136] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11136] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11136] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11134] <... futex resumed>) = 0 [pid 11134] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11134] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11136] <... futex resumed>) = 1 [pid 11136] memfd_create("syzkaller", 0) = 3 [pid 11136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11112] <... futex resumed>) = 0 ./strace-static-x86_64: Process 11137 attached [pid 11118] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11137] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11118] <... write resumed>) = 16 [pid 11112] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11137] <... set_robust_list resumed>) = 0 [pid 11137] rt_sigprocmask(SIG_SETMASK, [], [pid 11120] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11118] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11114] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11112] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11118] <... futex resumed>) = 0 [pid 11137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11118] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11112] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11137] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11112] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11137] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11137] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11135] <... futex resumed>) = 0 [pid 11137] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11135] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11112] <... clone3 resumed> => {parent_tid=[11138]}, 88) = 11138 [pid 11137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11135] <... futex resumed>) = 0 [pid 11112] rt_sigprocmask(SIG_SETMASK, [], [pid 11137] memfd_create("syzkaller", 0 [pid 11135] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11137] <... memfd_create resumed>) = 3 [pid 11137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11112] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11137] <... mmap resumed>) = 0x7fe453fca000 [pid 11112] <... futex resumed>) = 0 [pid 11136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11112] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11136] <... write resumed>) = 1048576 [pid 11136] munmap(0x7fe453fca000, 138412032) = 0 [pid 11136] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 153.233965][T11120] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 153.249137][T11114] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11136] ioctl(4, LOOP_SET_FD, 3 [pid 11120] sendfile(-1, -1, [0] [pid 11114] sendfile(-1, -1, [0] [pid 11120] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11114] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11120] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11114] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11113] <... futex resumed>) = 0 [pid 11114] <... futex resumed>) = 1 [pid 11120] <... futex resumed>) = 1 [pid 11117] <... futex resumed>) = 0 [pid 11113] exit_group(0 [pid 11132] <... futex resumed>) = ? [pid 11120] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11117] exit_group(0 [pid 11113] <... exit_group resumed>) = ? [pid 11132] +++ exited with 0 +++ [pid 11117] <... exit_group resumed>) = ? [pid 11133] <... futex resumed>) = ? [pid 11133] +++ exited with 0 +++ [pid 11136] <... ioctl resumed>) = 0 [pid 11120] <... futex resumed>) = ? [pid 11136] close(3) = 0 [pid 11136] close(4./strace-static-x86_64: Process 11138 attached [pid 11138] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11114] +++ exited with 0 +++ [pid 11113] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11113, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 11120] +++ exited with 0 +++ [pid 11117] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11117, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 11138] rt_sigprocmask(SIG_SETMASK, [], [pid 295] <... restart_syscall resumed>) = 0 [pid 295] umount2("./431", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] umount2("./427", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] openat(AT_FDCWD, "./431", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... openat resumed>) = 3 [pid 11137] <... write resumed>) = 1048576 [pid 11137] munmap(0x7fe453fca000, 138412032 [pid 299] openat(AT_FDCWD, "./427", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] newfstatat(3, "", [pid 299] <... openat resumed>) = 3 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] newfstatat(3, "", [pid 295] getdents64(3, [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] getdents64(3, [pid 295] umount2("./431/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./427/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./431/binderfs", [pid 299] newfstatat(AT_FDCWD, "./427/binderfs", [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./431/binderfs" [pid 299] unlink("./427/binderfs" [pid 295] <... unlink resumed>) = 0 [pid 11137] <... munmap resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 295] umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11137] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 299] umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11138] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11138] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11138] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11112] <... futex resumed>) = 0 [pid 11112] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11118] <... futex resumed>) = 0 [pid 11112] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11118] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11137] <... openat resumed>) = 4 [pid 11137] ioctl(4, LOOP_SET_FD, 3 [pid 11118] <... mmap resumed>) = 0x20000000 [pid 11118] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11112] <... futex resumed>) = 0 [pid 11118] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11112] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11112] <... futex resumed>) = 0 [pid 11137] <... ioctl resumed>) = 0 [pid 11137] close(3) = 0 [pid 11137] close(4 [pid 11112] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11118] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11118] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11118] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11112] <... futex resumed>) = 0 [pid 11118] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11112] exit_group(0 [pid 11138] <... futex resumed>) = ? [pid 11118] <... futex resumed>) = ? [pid 11112] <... exit_group resumed>) = ? [pid 11138] +++ exited with 0 +++ [pid 11118] +++ exited with 0 +++ [pid 11112] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11112, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./432", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./432", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./432/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./432/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./432/binderfs") = 0 [pid 298] umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11136] <... close resumed>) = 0 [pid 11136] mkdir("./file0", 0777) = 0 [pid 11136] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11137] <... close resumed>) = 0 [pid 11137] mkdir("./file0", 0777) = 0 [pid 11137] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./431/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./431/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", [pid 299] <... umount2 resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./427/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] getdents64(4, [pid 299] umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./427/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] getdents64(4, [pid 295] close(4 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./427/file0" [pid 295] <... close resumed>) = 0 [pid 295] rmdir("./431/file0" [pid 299] <... rmdir resumed>) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 295] getdents64(3, [pid 299] close(3 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3 [pid 299] <... close resumed>) = 0 [pid 299] rmdir("./427" [pid 295] <... close resumed>) = 0 [pid 295] rmdir("./431" [pid 299] <... rmdir resumed>) = 0 [pid 299] mkdir("./428", 0777 [pid 295] <... rmdir resumed>) = 0 [ 153.282431][T11136] loop1: detected capacity change from 0 to 2048 [ 153.300875][T11137] loop2: detected capacity change from 0 to 2048 [ 153.302489][T11118] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 295] mkdir("./432", 0777) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11139 ./strace-static-x86_64: Process 11139 attached [pid 11139] set_robust_list(0x5555557b6760, 24) = 0 [pid 11139] chdir("./428") = 0 [pid 11139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11139] setpgid(0, 0) = 0 [pid 11139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11139] write(3, "1000", 4) = 4 [pid 11139] close(3) = 0 [pid 11139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11139] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11139] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11139] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11139] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11139] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11139] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11140]}, 88) = 11140 [pid 11139] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11139] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11139] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11140 attached [pid 11140] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11140] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11140] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11139] <... futex resumed>) = 0 [pid 11139] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11139] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11140] <... futex resumed>) = 1 [pid 11140] memfd_create("syzkaller", 0) = 3 [pid 11140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11137] <... mount resumed>) = 0 [pid 11140] <... write resumed>) = 1048576 [pid 11140] munmap(0x7fe453fca000, 138412032) = 0 [pid 11140] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... umount2 resumed>) = 0 [pid 11137] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11137] <... openat resumed>) = 3 [pid 11137] chdir("./file0" [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11137] <... chdir resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./432/file0", [pid 11137] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11140] <... openat resumed>) = 4 [pid 11137] <... openat resumed>) = 4 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11137] ioctl(4, LOOP_CLR_FD [pid 11140] ioctl(4, LOOP_SET_FD, 3 [pid 11137] <... ioctl resumed>) = 0 [pid 298] umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11137] close(4) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11137] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11135] <... futex resumed>) = 0 [pid 11137] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] openat(AT_FDCWD, "./432/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11135] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11137] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11135] <... futex resumed>) = 0 [pid 298] <... openat resumed>) = 4 [pid 11135] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11137] <... openat resumed>) = 4 [pid 298] newfstatat(4, "", [pid 295] <... openat resumed>) = 3 [pid 11137] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11135] <... futex resumed>) = 0 [pid 11137] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11135] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11137] <... write resumed>) = 16 [pid 11135] <... futex resumed>) = 0 [pid 11137] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11135] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11137] <... futex resumed>) = 0 [pid 11135] <... futex resumed>) = 0 [pid 11137] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11135] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11144]}, 88) = 11144 [pid 11135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11135] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11135] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./432/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] ioctl(3, LOOP_CLR_FD [pid 298] close(3 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... close resumed>) = 0 [pid 295] close(3) = 0 [pid 298] rmdir("./432") = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11140] <... ioctl resumed>) = 0 [pid 11136] <... mount resumed>) = 0 [pid 11140] close(3 [pid 11136] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11140] <... close resumed>) = 0 [pid 11140] close(4 [pid 11136] <... openat resumed>) = 3 [pid 11136] chdir("./file0"./strace-static-x86_64: Process 11146 attached [pid 11146] set_robust_list(0x5555557b6760, 24 [pid 11140] <... close resumed>) = 0 [pid 11136] <... chdir resumed>) = 0 [pid 11140] mkdir("./file0", 0777 [pid 11146] <... set_robust_list resumed>) = 0 [pid 11136] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] mkdir("./433", 0777 [pid 11136] <... openat resumed>) = 4 [pid 11136] ioctl(4, LOOP_CLR_FD) = 0 [pid 11136] close(4) = 0 [pid 11140] <... mkdir resumed>) = 0 [pid 11140] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11136] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11146] chdir("./432" [pid 11136] <... futex resumed>) = 1 [pid 11134] <... futex resumed>) = 0 [pid 11136] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11134] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11134] <... futex resumed>) = 0 [pid 11146] <... chdir resumed>) = 0 [pid 11136] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11146] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11134] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 11146 [pid 11146] <... prctl resumed>) = 0 [pid 11136] <... openat resumed>) = 4 [pid 11146] setpgid(0, 0 [pid 11136] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... mkdir resumed>) = 0 [pid 11146] <... setpgid resumed>) = 0 [pid 11136] <... futex resumed>) = 1 [pid 11134] <... futex resumed>) = 0 [pid 11136] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11134] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11134] <... futex resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11146] <... openat resumed>) = 3 [pid 11136] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11134] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... openat resumed>) = 3 [pid 11146] write(3, "1000", 4 [pid 11136] <... write resumed>) = 16 [pid 11134] <... futex resumed>) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 11146] <... write resumed>) = 4 [pid 11136] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11146] close(3 [pid 11136] <... futex resumed>) = 0 [pid 11146] <... close resumed>) = 0 [pid 11134] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11136] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11146] symlink("/dev/binderfs", "./binderfs" [pid 11134] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11146] <... symlink resumed>) = 0 [pid 11134] <... mprotect resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11146] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11134] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] close(3 [pid 11146] <... futex resumed>) = 0 [pid 11134] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... close resumed>) = 0 [pid 11146] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11146] <... rt_sigaction resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 11148 attached [pid 11134] <... clone3 resumed> => {parent_tid=[11147]}, 88) = 11147 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 11148 [pid 11146] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11134] rt_sigprocmask(SIG_SETMASK, [], [pid 11148] set_robust_list(0x5555557b6760, 24 [pid 11146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11134] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11146] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11146] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11134] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11146] <... mprotect resumed>) = 0 [pid 11148] <... set_robust_list resumed>) = 0 [pid 11146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11149]}, 88) = 11149 ./strace-static-x86_64: Process 11144 attached [pid 11144] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11144] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11148] chdir("./433" [pid 11146] rt_sigprocmask(SIG_SETMASK, [], [pid 11144] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11135] <... futex resumed>) = 0 ./strace-static-x86_64: Process 11147 attached [pid 11146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11144] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11135] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11148] <... chdir resumed>) = 0 [pid 11147] set_robust_list(0x7fe45c3c99a0, 24 [pid 11146] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11140] <... mount resumed>) = 0 [pid 11137] <... futex resumed>) = 0 [pid 11135] <... futex resumed>) = 1 [pid 11148] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11147] <... set_robust_list resumed>) = 0 [pid 11146] <... futex resumed>) = 0 [pid 11140] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11137] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11135] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11148] <... prctl resumed>) = 0 [pid 11147] rt_sigprocmask(SIG_SETMASK, [], [pid 11146] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11140] <... openat resumed>) = 3 [pid 11137] <... mmap resumed>) = 0x20000000 [pid 11148] setpgid(0, 0 [pid 11147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11140] chdir("./file0" [pid 11137] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11148] <... setpgid resumed>) = 0 [pid 11147] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11140] <... chdir resumed>) = 0 [pid 11137] <... futex resumed>) = 1 [pid 11135] <... futex resumed>) = 0 [pid 11148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11147] <... write resumed>) = 16 [pid 11140] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11137] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11135] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11148] <... openat resumed>) = 3 [pid 11147] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11140] <... openat resumed>) = 4 [pid 11137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11135] <... futex resumed>) = 0 ./strace-static-x86_64: Process 11149 attached [pid 11148] write(3, "1000", 4 [pid 11147] <... futex resumed>) = 1 [pid 11140] ioctl(4, LOOP_CLR_FD [pid 11134] <... futex resumed>) = 0 [pid 11149] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11149] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11149] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11149] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11135] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11146] <... futex resumed>) = 0 [pid 11140] <... ioctl resumed>) = 0 [pid 11134] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11146] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11140] close(4 [pid 11136] <... futex resumed>) = 0 [pid 11134] <... futex resumed>) = 1 [pid 11149] <... futex resumed>) = 0 [pid 11146] <... futex resumed>) = 1 [pid 11140] <... close resumed>) = 0 [pid 11136] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11134] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11149] memfd_create("syzkaller", 0) = 3 [pid 11148] <... write resumed>) = 4 [pid 11147] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11146] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11140] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11137] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11136] <... mmap resumed>) = 0x20000000 [pid 11149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11148] close(3 [pid 11140] <... futex resumed>) = 1 [pid 11139] <... futex resumed>) = 0 [pid 11137] sendfile(-1, -1, [0] [pid 11136] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11148] <... close resumed>) = 0 [pid 11140] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11139] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11136] <... futex resumed>) = 1 [pid 11134] <... futex resumed>) = 0 [pid 11148] symlink("/dev/binderfs", "./binderfs" [pid 11140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11139] <... futex resumed>) = 0 [pid 11137] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11136] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 153.379603][T11140] loop4: detected capacity change from 0 to 2048 [ 153.413465][T11137] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11134] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11148] <... symlink resumed>) = 0 [pid 11140] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11139] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11137] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11134] <... futex resumed>) = 0 [pid 11148] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11134] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11149] <... write resumed>) = 1048576 [pid 11149] munmap(0x7fe453fca000, 138412032) = 0 [pid 11149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11149] ioctl(4, LOOP_SET_FD, 3 [pid 11148] <... futex resumed>) = 0 [pid 11140] <... openat resumed>) = 4 [pid 11137] <... futex resumed>) = 1 [pid 11136] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11135] <... futex resumed>) = 0 [pid 11149] <... ioctl resumed>) = 0 [pid 11149] close(3) = 0 [pid 11149] close(4 [pid 11148] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11140] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11137] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11135] exit_group(0 [pid 11148] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11148] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11148] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11148] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11144] <... futex resumed>) = ? [pid 11140] <... futex resumed>) = 1 [pid 11139] <... futex resumed>) = 0 [pid 11137] <... futex resumed>) = ? [pid 11135] <... exit_group resumed>) = ? [pid 11148] <... clone3 resumed> => {parent_tid=[11152]}, 88) = 11152 [pid 11148] rt_sigprocmask(SIG_SETMASK, [], [pid 11139] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11144] +++ exited with 0 +++ [pid 11140] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11139] <... futex resumed>) = 0 [pid 11137] +++ exited with 0 +++ [pid 11135] +++ exited with 0 +++ [pid 11148] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11140] <... write resumed>) = 16 [pid 11139] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11148] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11139] <... futex resumed>) = 0 [pid 11140] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11136] sendfile(-1, -1, [0]./strace-static-x86_64: Process 11152 attached [pid 11140] <... futex resumed>) = 0 [pid 11139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11136] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11135, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 11136] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11136] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11140] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11152] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11139] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11134] <... futex resumed>) = 0 [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 11152] <... set_robust_list resumed>) = 0 [pid 11139] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11134] exit_group(0 [pid 297] <... restart_syscall resumed>) = 0 [pid 11152] rt_sigprocmask(SIG_SETMASK, [], [pid 11147] <... futex resumed>) = ? [pid 11139] <... mprotect resumed>) = 0 [pid 11134] <... exit_group resumed>) = ? [pid 11152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11152] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11152] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11148] <... futex resumed>) = 0 [pid 11152] memfd_create("syzkaller", 0 [pid 11148] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11147] +++ exited with 0 +++ [pid 11152] <... memfd_create resumed>) = 3 [pid 11148] <... futex resumed>) = 0 [pid 11139] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11148] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11152] <... mmap resumed>) = 0x7fe453fca000 [pid 11152] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11139] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11136] <... futex resumed>) = ? [pid 297] umount2("./432", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11139] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11139] <... clone3 resumed> => {parent_tid=[11153]}, 88) = 11153 [pid 297] openat(AT_FDCWD, "./432", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 11153 attached [pid 11139] rt_sigprocmask(SIG_SETMASK, [], [pid 11136] +++ exited with 0 +++ [pid 11134] +++ exited with 0 +++ [pid 297] <... openat resumed>) = 3 [pid 11149] <... close resumed>) = 0 [pid 11139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] newfstatat(3, "", [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11134, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 11149] mkdir("./file0", 0777 [pid 11139] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 11149] <... mkdir resumed>) = 0 [pid 11139] <... futex resumed>) = 0 [pid 297] getdents64(3, [pid 296] <... restart_syscall resumed>) = 0 [pid 11149] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11139] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11153] set_robust_list(0x7fe45c3c99a0, 24 [pid 11152] <... write resumed>) = 1048576 [pid 297] umount2("./432/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./432/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./433", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11153] <... set_robust_list resumed>) = 0 [pid 11152] munmap(0x7fe453fca000, 138412032 [pid 297] unlink("./432/binderfs") = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11153] rt_sigprocmask(SIG_SETMASK, [], [pid 297] umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] openat(AT_FDCWD, "./433", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11152] <... munmap resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 11153] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11152] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] newfstatat(3, "", [pid 11153] <... write resumed>) = 16 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11153] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] getdents64(3, [pid 11152] <... openat resumed>) = 4 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./433/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11152] ioctl(4, LOOP_SET_FD, 3 [pid 11153] <... futex resumed>) = 1 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11153] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 153.448069][T11136] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 153.452645][T11149] loop0: detected capacity change from 0 to 2048 [pid 296] newfstatat(AT_FDCWD, "./433/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./433/binderfs") = 0 [pid 296] umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11139] <... futex resumed>) = 0 [pid 11139] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11140] <... futex resumed>) = 0 [pid 11139] <... futex resumed>) = 1 [pid 11140] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11139] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11140] <... mmap resumed>) = 0x20000000 [pid 11140] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11139] <... futex resumed>) = 0 [pid 11140] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11139] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11139] <... futex resumed>) = 0 [pid 11152] <... ioctl resumed>) = 0 [pid 11152] close(3) = 0 [pid 11152] close(4 [pid 11139] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11140] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11140] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11140] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11140] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11139] <... futex resumed>) = 0 [pid 11139] exit_group(0 [pid 11153] <... futex resumed>) = ? [pid 11140] <... futex resumed>) = ? [pid 11139] <... exit_group resumed>) = ? [pid 11153] +++ exited with 0 +++ [pid 11140] +++ exited with 0 +++ [pid 11139] +++ exited with 0 +++ [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./432/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./432/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./432/file0") = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./432") = 0 [pid 297] mkdir("./433", 0777 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11139, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 297] <... mkdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 299] umount2("./428", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] ioctl(3, LOOP_CLR_FD [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] openat(AT_FDCWD, "./428", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] close(3 [pid 299] <... openat resumed>) = 3 [pid 297] <... close resumed>) = 0 [pid 299] newfstatat(3, "", [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, ./strace-static-x86_64: Process 11154 attached [pid 11154] set_robust_list(0x5555557b6760, 24 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 11154 [pid 11154] <... set_robust_list resumed>) = 0 [pid 299] umount2("./428/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11154] chdir("./433" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11154] <... chdir resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./428/binderfs", [pid 11154] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11154] <... prctl resumed>) = 0 [pid 299] unlink("./428/binderfs" [pid 11154] setpgid(0, 0) = 0 [pid 11154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... unlink resumed>) = 0 [pid 11154] <... openat resumed>) = 3 [pid 299] umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11154] write(3, "1000", 4) = 4 [pid 11154] close(3) = 0 [pid 11154] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11154] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11154] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11154] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11154] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11154] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11156]}, 88) = 11156 [pid 11154] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11154] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11154] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11156 attached [pid 11156] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11156] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11156] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11154] <... futex resumed>) = 0 [pid 11154] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11154] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11156] <... futex resumed>) = 1 [pid 11156] memfd_create("syzkaller", 0) = 3 [pid 11156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11149] <... mount resumed>) = 0 [pid 11149] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11149] chdir("./file0") = 0 [pid 11149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11149] ioctl(4, LOOP_CLR_FD) = 0 [pid 11149] close(4) = 0 [pid 11149] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11146] <... futex resumed>) = 0 [pid 11149] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11146] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11146] <... futex resumed>) = 0 [pid 11149] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11146] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11149] <... openat resumed>) = 4 [pid 11149] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11146] <... futex resumed>) = 0 [pid 11149] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11146] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11146] <... futex resumed>) = 0 [pid 11149] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11146] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 296] <... umount2 resumed>) = 0 [pid 11152] <... close resumed>) = 0 [pid 11146] <... futex resumed>) = 0 [pid 11152] mkdir("./file0", 0777 [pid 11146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11149] <... write resumed>) = 16 [pid 296] umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11152] <... mkdir resumed>) = 0 [pid 11149] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11146] <... mmap resumed>) = 0x7fe45c3a9000 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11152] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11149] <... futex resumed>) = 0 [pid 11146] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 296] newfstatat(AT_FDCWD, "./433/file0", [pid 11149] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11146] <... mprotect resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11146] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11146] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 296] openat(AT_FDCWD, "./433/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 11146] <... clone3 resumed> => {parent_tid=[11158]}, 88) = 11158 [pid 296] newfstatat(4, "", [pid 11146] rt_sigprocmask(SIG_SETMASK, [], [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] getdents64(4, [pid 11146] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11146] <... futex resumed>) = 0 [pid 296] getdents64(4, [pid 11146] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./433/file0") = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./433") = 0 [pid 296] mkdir("./434", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11159 ./strace-static-x86_64: Process 11158 attached [pid 11158] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11158] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [ 153.488486][T11152] loop3: detected capacity change from 0 to 2048 [ 153.492715][T11140] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11158] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11146] <... futex resumed>) = 0 [pid 11146] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11149] <... futex resumed>) = 0 [pid 11146] <... futex resumed>) = 1 [pid 11149] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11146] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11149] <... mmap resumed>) = 0x20000000 [pid 11149] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11146] <... futex resumed>) = 0 [pid 11149] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11146] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11146] <... futex resumed>) = 0 ./strace-static-x86_64: Process 11159 attached [pid 11158] <... futex resumed>) = 1 [pid 11156] <... write resumed>) = 1048576 [pid 299] <... umount2 resumed>) = 0 [pid 11156] munmap(0x7fe453fca000, 138412032 [pid 299] umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11156] <... munmap resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11156] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 299] newfstatat(AT_FDCWD, "./428/file0", [pid 11156] <... openat resumed>) = 4 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11156] ioctl(4, LOOP_SET_FD, 3 [pid 299] umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11159] set_robust_list(0x5555557b6760, 24 [pid 11158] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11149] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11146] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11149] sendfile(-1, -1, [0] [pid 11159] <... set_robust_list resumed>) = 0 [pid 11149] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11159] chdir("./434" [pid 11149] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11159] <... chdir resumed>) = 0 [pid 11149] <... futex resumed>) = 1 [pid 11146] <... futex resumed>) = 0 [pid 11159] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11149] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11146] exit_group(0 [pid 11159] <... prctl resumed>) = 0 [pid 11158] <... futex resumed>) = ? [pid 11149] <... futex resumed>) = ? [pid 11146] <... exit_group resumed>) = ? [pid 11149] +++ exited with 0 +++ [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./428/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11159] setpgid(0, 0 [pid 11158] +++ exited with 0 +++ [pid 11156] <... ioctl resumed>) = 0 [pid 11146] +++ exited with 0 +++ [pid 299] <... openat resumed>) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./428/file0") = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./428") = 0 [pid 299] mkdir("./429", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11159] <... setpgid resumed>) = 0 [pid 11159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 11161 [pid 11159] <... openat resumed>) = 3 [pid 11159] write(3, "1000", 4) = 4 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11146, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 11159] close(3) = 0 [pid 11159] symlink("/dev/binderfs", "./binderfs" [pid 295] umount2("./432", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11159] <... symlink resumed>) = 0 [pid 295] openat(AT_FDCWD, "./432", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11159] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11159] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11159] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11159] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11159] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] <... openat resumed>) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11159] <... rt_sigprocmask resumed>[], 8) = 0 [pid 295] getdents64(3, [pid 11159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11159] <... clone3 resumed> => {parent_tid=[11163]}, 88) = 11163 [pid 295] umount2("./432/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./432/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./432/binderfs" [pid 11159] rt_sigprocmask(SIG_SETMASK, [], [pid 295] <... unlink resumed>) = 0 [pid 11159] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11159] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11159] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./432/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./432/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", [pid 11156] close(3 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11156] <... close resumed>) = 0 [pid 295] getdents64(4, [pid 11156] close(4 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, ./strace-static-x86_64: Process 11161 attached 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4./strace-static-x86_64: Process 11163 attached [pid 11163] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11152] <... mount resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 11161] set_robust_list(0x5555557b6760, 24 [pid 11152] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 295] rmdir("./432/file0" [pid 11161] <... set_robust_list resumed>) = 0 [pid 11152] <... openat resumed>) = 3 [pid 11163] rt_sigprocmask(SIG_SETMASK, [], [pid 11161] chdir("./429" [pid 11152] chdir("./file0" [pid 295] <... rmdir resumed>) = 0 [pid 11163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11163] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11163] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11159] <... futex resumed>) = 0 [pid 11159] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11161] <... chdir resumed>) = 0 [pid 11159] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11152] <... chdir resumed>) = 0 [pid 295] getdents64(3, [pid 11163] <... futex resumed>) = 1 [pid 11161] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11163] memfd_create("syzkaller", 0) = 3 [pid 11163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11161] <... prctl resumed>) = 0 [pid 11152] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 11161] setpgid(0, 0 [pid 11152] <... openat resumed>) = 4 [pid 295] close(3 [pid 11161] <... setpgid resumed>) = 0 [pid 11152] ioctl(4, LOOP_CLR_FD [pid 295] <... close resumed>) = 0 [pid 11161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11152] <... ioctl resumed>) = 0 [pid 295] rmdir("./432" [pid 11161] <... openat resumed>) = 3 [pid 11152] close(4 [pid 295] <... rmdir resumed>) = 0 [pid 11161] write(3, "1000", 4 [pid 11152] <... close resumed>) = 0 [pid 295] mkdir("./433", 0777 [pid 11161] <... write resumed>) = 4 [pid 11152] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... mkdir resumed>) = 0 [pid 11161] close(3 [pid 11152] <... futex resumed>) = 1 [pid 11148] <... futex resumed>) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11161] <... close resumed>) = 0 [pid 11152] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11148] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11161] symlink("/dev/binderfs", "./binderfs" [pid 11152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11148] <... futex resumed>) = 0 [pid 11152] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11148] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11161] <... symlink resumed>) = 0 [pid 11152] <... openat resumed>) = 4 [pid 11161] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11152] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11161] <... futex resumed>) = 0 [pid 11152] <... futex resumed>) = 1 [pid 11148] <... futex resumed>) = 0 [pid 11161] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11152] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11148] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11161] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11156] <... close resumed>) = 0 [pid 11152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11148] <... futex resumed>) = 0 [pid 11161] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11156] mkdir("./file0", 0777 [pid 11152] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [ 153.542294][T11149] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 153.548205][T11156] loop2: detected capacity change from 0 to 2048 [pid 11148] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11161] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11156] <... mkdir resumed>) = 0 [pid 11152] <... write resumed>) = 16 [pid 11148] <... futex resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 11161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11156] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11152] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 295] ioctl(3, LOOP_CLR_FD [pid 11161] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11152] <... futex resumed>) = 0 [pid 11148] <... mmap resumed>) = 0x7fe45c3a9000 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11161] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11152] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11148] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 295] close(3 [pid 11161] <... mprotect resumed>) = 0 [pid 11148] <... mprotect resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 11163] <... write resumed>) = 1048576 [pid 11161] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11148] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11161] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11148] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11163] munmap(0x7fe453fca000, 138412032) = 0 [pid 11163] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11148] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11163] <... openat resumed>) = 4 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 11164 [pid 11163] ioctl(4, LOOP_SET_FD, 3 [pid 11148] <... clone3 resumed> => {parent_tid=[11165]}, 88) = 11165 [pid 11161] <... clone3 resumed> => {parent_tid=[11166]}, 88) = 11166 [pid 11148] rt_sigprocmask(SIG_SETMASK, [], [pid 11161] rt_sigprocmask(SIG_SETMASK, [], [pid 11148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11161] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11148] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 11166 attached ./strace-static-x86_64: Process 11165 attached ./strace-static-x86_64: Process 11164 attached [pid 11161] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11148] <... futex resumed>) = 0 [pid 11166] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11165] set_robust_list(0x7fe45c3c99a0, 24 [pid 11164] set_robust_list(0x5555557b6760, 24 [pid 11161] <... futex resumed>) = 0 [pid 11148] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11166] <... set_robust_list resumed>) = 0 [pid 11165] <... set_robust_list resumed>) = 0 [pid 11164] <... set_robust_list resumed>) = 0 [pid 11161] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11166] rt_sigprocmask(SIG_SETMASK, [], [pid 11165] rt_sigprocmask(SIG_SETMASK, [], [pid 11164] chdir("./433" [pid 11166] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11164] <... chdir resumed>) = 0 [pid 11166] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11165] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11164] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11166] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11165] <... write resumed>) = 16 [pid 11164] <... prctl resumed>) = 0 [pid 11163] <... ioctl resumed>) = 0 [pid 11166] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11165] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11163] close(3) = 0 [pid 11166] <... futex resumed>) = 1 [pid 11161] <... futex resumed>) = 0 [pid 11148] <... futex resumed>) = 0 [pid 11165] <... futex resumed>) = 1 [pid 11166] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11165] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11161] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11148] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11161] <... futex resumed>) = 0 [pid 11152] <... futex resumed>) = 0 [pid 11161] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11148] <... futex resumed>) = 1 [pid 11152] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11163] close(4 [pid 11152] <... mmap resumed>) = 0x20000000 [pid 11152] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11148] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11166] memfd_create("syzkaller", 0 [pid 11152] <... futex resumed>) = 0 [pid 11148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11152] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11148] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11148] <... futex resumed>) = 0 [pid 11164] setpgid(0, 0) = 0 [pid 11164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11148] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11164] <... openat resumed>) = 3 [pid 11164] write(3, "1000", 4) = 4 [pid 11164] close(3) = 0 [pid 11164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11164] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11164] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11164] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11164] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11164] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11164] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11167]}, 88) = 11167 [pid 11164] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11164] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11164] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11167 attached [pid 11167] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11167] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11167] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11167] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11164] <... futex resumed>) = 0 [pid 11164] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11164] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11167] <... futex resumed>) = 1 [pid 11167] memfd_create("syzkaller", 0) = 3 [pid 11167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 11167] munmap(0x7fe453fca000, 138412032) = 0 [pid 11167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11167] ioctl(4, LOOP_SET_FD, 3 [pid 11166] <... memfd_create resumed>) = 3 [pid 11152] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11167] <... ioctl resumed>) = 0 [pid 11152] sendfile(-1, -1, [0] [pid 11167] close(3) = 0 [pid 11152] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11167] close(4 [pid 11152] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11152] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11148] <... futex resumed>) = 0 [pid 11148] exit_group(0 [pid 11165] <... futex resumed>) = ? [pid 11148] <... exit_group resumed>) = ? [pid 11152] <... futex resumed>) = ? [pid 11165] +++ exited with 0 +++ [pid 11166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11152] +++ exited with 0 +++ [pid 11148] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11148, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./433", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./433", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./433/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./433/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./433/binderfs") = 0 [pid 298] umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11166] <... write resumed>) = 1048576 [pid 11166] munmap(0x7fe453fca000, 138412032) = 0 [pid 11166] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11166] close(3) = 0 [pid 11166] close(4 [pid 11167] <... close resumed>) = 0 [pid 11163] <... close resumed>) = 0 [pid 11167] mkdir("./file0", 0777 [pid 11163] mkdir("./file0", 0777 [pid 11167] <... mkdir resumed>) = 0 [pid 11163] <... mkdir resumed>) = 0 [pid 11167] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11163] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./433/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./433/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 11166] <... close resumed>) = 0 [pid 11166] mkdir("./file0", 0777 [pid 298] newfstatat(4, "", [pid 11166] <... mkdir resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 11166] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4 [pid 11156] <... mount resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 11167] <... mount resumed>) = 0 [pid 298] rmdir("./433/file0") = 0 [pid 11167] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11156] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] getdents64(3, [pid 11167] <... openat resumed>) = 3 [pid 11156] <... openat resumed>) = 3 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 11167] chdir("./file0" [pid 11156] chdir("./file0" [pid 11167] <... chdir resumed>) = 0 [pid 298] close(3 [pid 11167] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11156] <... chdir resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 11167] <... openat resumed>) = 4 [pid 11156] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 298] rmdir("./433" [pid 11163] <... mount resumed>) = 0 [pid 11156] <... openat resumed>) = 4 [pid 11167] ioctl(4, LOOP_CLR_FD [pid 11156] ioctl(4, LOOP_CLR_FD [pid 298] <... rmdir resumed>) = 0 [pid 11167] <... ioctl resumed>) = 0 [pid 11167] close(4 [pid 11163] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11156] <... ioctl resumed>) = 0 [ 153.607355][T11163] loop1: detected capacity change from 0 to 2048 [ 153.615354][T11152] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 153.629543][T11167] loop0: detected capacity change from 0 to 2048 [ 153.646977][T11166] loop4: detected capacity change from 0 to 2048 [pid 298] mkdir("./434", 0777 [pid 11167] <... close resumed>) = 0 [pid 11167] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11156] close(4 [pid 298] <... mkdir resumed>) = 0 [pid 11156] <... close resumed>) = 0 [pid 11167] <... futex resumed>) = 1 [pid 11164] <... futex resumed>) = 0 [pid 11164] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11163] <... openat resumed>) = 3 [pid 11156] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11167] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11164] <... futex resumed>) = 0 [pid 11164] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11156] <... futex resumed>) = 1 [pid 11154] <... futex resumed>) = 0 [pid 11163] chdir("./file0" [pid 11156] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11154] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11163] <... chdir resumed>) = 0 [pid 11154] <... futex resumed>) = 0 [pid 11167] <... openat resumed>) = 4 [pid 11154] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11167] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... openat resumed>) = 3 [pid 11167] <... futex resumed>) = 1 [pid 11164] <... futex resumed>) = 0 [pid 11163] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] ioctl(3, LOOP_CLR_FD [pid 11164] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11164] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11164] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11164] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11164] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 11174 attached [pid 11167] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11156] <... openat resumed>) = 4 [pid 11163] <... openat resumed>) = 4 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11167] <... write resumed>) = 16 [pid 11164] <... clone3 resumed> => {parent_tid=[11174]}, 88) = 11174 [pid 11163] ioctl(4, LOOP_CLR_FD [pid 11156] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] close(3 [pid 11167] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11164] rt_sigprocmask(SIG_SETMASK, [], [pid 11163] <... ioctl resumed>) = 0 [pid 11156] <... futex resumed>) = 1 [pid 11154] <... futex resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 11167] <... futex resumed>) = 0 [pid 11164] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11163] close(4 [pid 11156] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11154] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11175 attached [pid 11167] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11164] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11163] <... close resumed>) = 0 [pid 11156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11154] <... futex resumed>) = 0 [pid 11175] set_robust_list(0x5555557b6760, 24 [pid 11164] <... futex resumed>) = 0 [pid 11163] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11156] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11154] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 11175 [pid 11175] <... set_robust_list resumed>) = 0 [pid 11164] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11163] <... futex resumed>) = 1 [pid 11159] <... futex resumed>) = 0 [pid 11156] <... write resumed>) = 16 [pid 11154] <... futex resumed>) = 0 [pid 11175] chdir("./434" [pid 11163] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11159] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11156] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11175] <... chdir resumed>) = 0 [pid 11163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11159] <... futex resumed>) = 0 [pid 11156] <... futex resumed>) = 0 [pid 11154] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11163] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11159] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11156] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11154] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11175] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11163] <... openat resumed>) = 4 [pid 11163] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11154] <... mprotect resumed>) = 0 [pid 11163] <... futex resumed>) = 1 [pid 11159] <... futex resumed>) = 0 [pid 11163] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11159] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11154] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11159] <... futex resumed>) = 0 [pid 11154] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11175] <... prctl resumed>) = 0 [pid 11163] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11159] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11175] setpgid(0, 0 [pid 11163] <... write resumed>) = 16 [pid 11159] <... futex resumed>) = 0 [pid 11163] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11163] <... futex resumed>) = 0 [pid 11159] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11154] <... clone3 resumed> => {parent_tid=[11176]}, 88) = 11176 ./strace-static-x86_64: Process 11176 attached [pid 11175] <... setpgid resumed>) = 0 [pid 11163] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11159] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11154] rt_sigprocmask(SIG_SETMASK, [], [pid 11174] set_robust_list(0x7fe45c3c99a0, 24 [pid 11159] <... mprotect resumed>) = 0 [pid 11154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11174] <... set_robust_list resumed>) = 0 [pid 11159] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11174] rt_sigprocmask(SIG_SETMASK, [], [pid 11159] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11154] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11154] <... futex resumed>) = 0 [pid 11174] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11154] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11175] <... openat resumed>) = 3 [pid 11174] <... write resumed>) = 16 [pid 11159] <... clone3 resumed> => {parent_tid=[11177]}, 88) = 11177 ./strace-static-x86_64: Process 11177 attached [pid 11175] write(3, "1000", 4 [pid 11174] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11159] rt_sigprocmask(SIG_SETMASK, [], [pid 11176] set_robust_list(0x7fe45c3c99a0, 24 [pid 11174] <... futex resumed>) = 1 [pid 11159] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11174] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11159] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11175] <... write resumed>) = 4 [pid 11164] <... futex resumed>) = 0 [pid 11159] <... futex resumed>) = 0 [pid 11177] set_robust_list(0x7fe45c3c99a0, 24 [pid 11176] <... set_robust_list resumed>) = 0 [pid 11175] close(3 [pid 11164] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11159] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11167] <... futex resumed>) = 0 [pid 11164] <... futex resumed>) = 1 [pid 11175] <... close resumed>) = 0 [pid 11177] <... set_robust_list resumed>) = 0 [pid 11177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11177] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11167] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11164] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11175] symlink("/dev/binderfs", "./binderfs" [pid 11177] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11176] rt_sigprocmask(SIG_SETMASK, [], [pid 11167] <... mmap resumed>) = 0x20000000 [pid 11177] <... futex resumed>) = 1 [pid 11176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11175] <... symlink resumed>) = 0 [pid 11167] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11159] <... futex resumed>) = 0 [pid 11177] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11176] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11175] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11167] <... futex resumed>) = 1 [pid 11164] <... futex resumed>) = 0 [pid 11159] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11176] <... write resumed>) = 16 [pid 11175] <... futex resumed>) = 0 [pid 11167] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11164] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11163] <... futex resumed>) = 0 [pid 11159] <... futex resumed>) = 1 [pid 11176] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11175] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11164] <... futex resumed>) = 0 [pid 11163] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11159] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11176] <... futex resumed>) = 1 [pid 11175] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11154] <... futex resumed>) = 0 [pid 11176] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11154] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11164] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11163] <... mmap resumed>) = 0x20000000 [pid 11156] <... futex resumed>) = 0 [pid 11154] <... futex resumed>) = 1 [pid 11175] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11175] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11175] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11178]}, 88) = 11178 [pid 11175] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11175] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11175] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11163] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11163] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11156] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 11156] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11156] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11154] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 11154] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11156] <... futex resumed>) = 0 [pid 11154] <... futex resumed>) = 1 [pid 11154] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11178 attached [pid 11178] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11178] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11178] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11175] <... futex resumed>) = 0 [pid 11175] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11175] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11178] <... futex resumed>) = 1 [pid 11178] memfd_create("syzkaller", 0) = 3 [pid 11178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11167] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11159] <... futex resumed>) = 0 [pid 11167] sendfile(-1, -1, [0] [pid 11159] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11167] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11163] <... futex resumed>) = 0 [pid 11159] <... futex resumed>) = 1 [pid 11178] <... write resumed>) = 1048576 [pid 11167] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11159] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11156] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11156] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11156] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11154] <... futex resumed>) = 0 [pid 11167] <... futex resumed>) = 1 [pid 11164] <... futex resumed>) = 0 [pid 11156] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11154] exit_group(0 [pid 11176] <... futex resumed>) = ? [pid 11167] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11164] exit_group(0 [pid 11156] <... futex resumed>) = ? [pid 11154] <... exit_group resumed>) = ? [pid 11176] +++ exited with 0 +++ [pid 11174] <... futex resumed>) = ? [pid 11167] <... futex resumed>) = ? [pid 11164] <... exit_group resumed>) = ? [pid 11156] +++ exited with 0 +++ [pid 11154] +++ exited with 0 +++ [pid 11174] +++ exited with 0 +++ [pid 11167] +++ exited with 0 +++ [pid 11164] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11154, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 297] umount2("./433", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11164, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./433", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./433/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./433/binderfs", [pid 11178] munmap(0x7fe453fca000, 138412032 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./433", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11178] <... munmap resumed>) = 0 [pid 297] unlink("./433/binderfs" [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11178] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] <... unlink resumed>) = 0 [pid 295] openat(AT_FDCWD, "./433", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11178] <... openat resumed>) = 4 [pid 297] umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11178] ioctl(4, LOOP_SET_FD, 3 [pid 295] <... openat resumed>) = 3 [ 153.709409][T11167] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 153.724226][T11156] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 153.737270][T11163] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, [pid 11178] <... ioctl resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./433/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./433/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./433/binderfs") = 0 [pid 295] umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11178] close(3) = 0 [pid 11178] close(4 [pid 11163] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11163] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11163] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11159] <... futex resumed>) = 0 [pid 11163] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11159] exit_group(0) = ? [pid 11177] <... futex resumed>) = 231 [pid 11177] +++ exited with 0 +++ [pid 11178] <... close resumed>) = 0 [pid 11178] mkdir("./file0", 0777) = 0 [pid 11178] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11163] <... futex resumed>) = ? [pid 11163] +++ exited with 0 +++ [pid 11159] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11159, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./434", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./434", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./434/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./434/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./434/binderfs") = 0 [pid 296] umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11166] <... mount resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 295] newfstatat(AT_FDCWD, "./433/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./433/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(AT_FDCWD, "./433/file0", [pid 295] getdents64(4, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] openat(AT_FDCWD, "./433/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] close(4) = 0 [pid 295] rmdir("./433/file0" [pid 297] <... openat resumed>) = 4 [pid 295] <... rmdir resumed>) = 0 [pid 297] newfstatat(4, "", [pid 295] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... close resumed>) = 0 [pid 295] rmdir("./433" [pid 297] getdents64(4, [pid 295] <... rmdir resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] mkdir("./434", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 297] getdents64(4, [pid 295] <... openat resumed>) = 3 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(4 [pid 295] close(3 [pid 297] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 297] rmdir("./433/file0" [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... rmdir resumed>) = 0 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 11183 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3./strace-static-x86_64: Process 11183 attached [pid 11183] set_robust_list(0x5555557b6760, 24) = 0 [pid 11183] chdir("./434") = 0 [pid 11183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 297] <... close resumed>) = 0 [pid 11183] setpgid(0, 0) = 0 [pid 297] rmdir("./433" [pid 11183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11183] write(3, "1000", 4) = 4 [pid 297] <... rmdir resumed>) = 0 [pid 11183] close(3) = 0 [pid 11183] symlink("/dev/binderfs", "./binderfs" [pid 297] mkdir("./434", 0777 [pid 11183] <... symlink resumed>) = 0 [pid 11183] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11183] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 297] <... mkdir resumed>) = 0 [pid 11183] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11183] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11183] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11183] <... mprotect resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3 [pid 11166] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 297] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11184 [pid 11166] <... openat resumed>) = 3 [pid 11166] chdir("./file0") = 0 [pid 11166] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 11184 attached [pid 11166] <... openat resumed>) = 4 [ 153.770482][T11178] loop3: detected capacity change from 0 to 2048 [ 153.795270][T11166] EXT4-fs mount: 434 callbacks suppressed [ 153.795291][T11166] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11166] ioctl(4, LOOP_CLR_FD) = 0 [pid 11166] close(4) = 0 [pid 11166] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11166] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11184] set_robust_list(0x5555557b6760, 24) = 0 [pid 11184] chdir("./434") = 0 [pid 11184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11184] setpgid(0, 0) = 0 [pid 11184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11184] write(3, "1000", 4) = 4 [pid 11184] close(3) = 0 [pid 11184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11184] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11184] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11184] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11184] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11184] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11184] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11185]}, 88) = 11185 [pid 11184] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11184] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11184] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11185 attached [pid 11161] <... futex resumed>) = 0 [pid 11161] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11166] <... futex resumed>) = 0 [pid 11166] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11161] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11185] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11166] <... openat resumed>) = 4 [pid 11166] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11161] <... futex resumed>) = 0 [pid 11166] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11161] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11161] <... futex resumed>) = 0 [pid 11166] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11161] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11166] <... write resumed>) = 16 [pid 11161] <... futex resumed>) = 0 [pid 11166] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11166] <... futex resumed>) = 0 [pid 11161] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11166] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11161] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11161] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11185] <... set_robust_list resumed>) = 0 [pid 11161] <... clone3 resumed> => {parent_tid=[11186]}, 88) = 11186 [pid 11161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11161] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11161] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11185] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11185] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) ./strace-static-x86_64: Process 11187 attached ./strace-static-x86_64: Process 11186 attached [pid 11185] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11183] <... clone3 resumed> => {parent_tid=[11187]}, 88) = 11187 [pid 11178] <... mount resumed>) = 0 [pid 11183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11183] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11183] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11186] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11186] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11186] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11186] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11187] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11161] <... futex resumed>) = 0 [pid 11161] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11166] <... futex resumed>) = 0 [pid 11161] <... futex resumed>) = 1 [pid 11187] <... set_robust_list resumed>) = 0 [pid 11186] <... futex resumed>) = 1 [pid 11166] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11161] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11187] rt_sigprocmask(SIG_SETMASK, [], [pid 11186] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11166] <... mmap resumed>) = 0x20000000 [pid 11187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11166] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11187] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11166] <... futex resumed>) = 1 [pid 11161] <... futex resumed>) = 0 [pid 11187] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11166] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11161] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11187] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11161] <... futex resumed>) = 0 [pid 11185] <... futex resumed>) = 1 [pid 11184] <... futex resumed>) = 0 [pid 11178] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11184] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11184] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11185] memfd_create("syzkaller", 0 [pid 11178] <... openat resumed>) = 3 [pid 11178] chdir("./file0" [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./434/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./434/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./434/file0") = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 11185] <... memfd_create resumed>) = 3 [pid 296] rmdir("./434" [pid 11185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11178] <... chdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 11185] <... mmap resumed>) = 0x7fe453fca000 [pid 11178] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] mkdir("./435", 0777 [pid 11187] <... futex resumed>) = 1 [pid 11183] <... futex resumed>) = 0 [pid 11178] <... openat resumed>) = 4 [pid 11161] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11187] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11183] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11178] ioctl(4, LOOP_CLR_FD [pid 11187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11183] <... futex resumed>) = 0 [pid 11187] memfd_create("syzkaller", 0 [pid 11183] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11178] <... ioctl resumed>) = 0 [pid 11187] <... memfd_create resumed>) = 3 [pid 11187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11178] close(4 [pid 11187] <... mmap resumed>) = 0x7fe453fca000 [pid 11185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 296] <... mkdir resumed>) = 0 [pid 11185] <... write resumed>) = 1048576 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11185] munmap(0x7fe453fca000, 138412032 [pid 296] <... openat resumed>) = 3 [pid 11185] <... munmap resumed>) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 11185] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11185] <... openat resumed>) = 4 [pid 296] close(3 [ 153.849708][T11178] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 153.868413][T11166] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11185] ioctl(4, LOOP_SET_FD, 3 [pid 296] <... close resumed>) = 0 [pid 11178] <... close resumed>) = 0 [pid 11166] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11189 [pid 11185] <... ioctl resumed>) = 0 [pid 11185] close(3 [pid 11187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11185] <... close resumed>) = 0 [pid 11178] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11166] sendfile(-1, -1, [0] [pid 11175] <... futex resumed>) = 0 [pid 11178] <... futex resumed>) = 1 [pid 11175] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11175] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11185] close(4./strace-static-x86_64: Process 11189 attached [pid 11178] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11166] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11178] <... openat resumed>) = 4 [pid 11166] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11178] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11175] <... futex resumed>) = 0 [pid 11166] <... futex resumed>) = 1 [pid 11161] <... futex resumed>) = 0 [pid 11189] set_robust_list(0x5555557b6760, 24 [pid 11178] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11175] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11166] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11161] exit_group(0 [pid 11175] <... futex resumed>) = 0 [pid 11186] <... futex resumed>) = ? [pid 11161] <... exit_group resumed>) = ? [pid 11175] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11186] +++ exited with 0 +++ [pid 11175] <... futex resumed>) = 0 [pid 11178] <... write resumed>) = 16 [pid 11175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11166] <... futex resumed>) = ? [pid 11178] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11175] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11178] <... futex resumed>) = 0 [pid 11175] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11178] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11175] <... mprotect resumed>) = 0 [pid 11175] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11166] +++ exited with 0 +++ [pid 11161] +++ exited with 0 +++ [pid 11175] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11161, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 11175] <... clone3 resumed> => {parent_tid=[11190]}, 88) = 11190 [pid 11175] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11175] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... restart_syscall resumed>) = 0 [pid 11175] <... futex resumed>) = 0 [pid 11175] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./429", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./429", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./429/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./429/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 11190 attached [pid 11189] <... set_robust_list resumed>) = 0 [pid 11187] <... write resumed>) = 1048576 [pid 299] unlink("./429/binderfs" [pid 11190] set_robust_list(0x7fe45c3c99a0, 24 [pid 299] <... unlink resumed>) = 0 [pid 299] umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11190] <... set_robust_list resumed>) = 0 [pid 11187] munmap(0x7fe453fca000, 138412032) = 0 [pid 11187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11187] close(3) = 0 [pid 11187] close(4 [pid 11189] chdir("./435") = 0 [pid 11189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11189] setpgid(0, 0) = 0 [pid 11190] rt_sigprocmask(SIG_SETMASK, [], [pid 11189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11190] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11190] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11189] write(3, "1000", 4 [pid 11190] <... write resumed>) = 16 [pid 11189] <... write resumed>) = 4 [pid 11189] close(3) = 0 [pid 11189] symlink("/dev/binderfs", "./binderfs" [pid 11190] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11175] <... futex resumed>) = 0 [pid 11190] <... futex resumed>) = 1 [pid 11175] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11178] <... futex resumed>) = 0 [pid 11175] <... futex resumed>) = 1 [pid 11189] <... symlink resumed>) = 0 [pid 11178] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11175] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11190] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11189] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11178] <... mmap resumed>) = 0x20000000 [pid 11178] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11175] <... futex resumed>) = 0 [pid 11178] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11175] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11175] <... futex resumed>) = 0 [pid 11189] <... futex resumed>) = 0 [pid 11189] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11189] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11189] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11191]}, 88) = 11191 [pid 11189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11189] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11189] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11191 attached [pid 11191] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11191] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11191] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11189] <... futex resumed>) = 0 [pid 11189] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11189] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11191] <... futex resumed>) = 1 [pid 11191] memfd_create("syzkaller", 0) = 3 [pid 11191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11175] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11178] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11178] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11178] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11175] <... futex resumed>) = 0 [pid 11178] <... futex resumed>) = 1 [pid 11175] exit_group(0 [pid 11178] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11190] <... futex resumed>) = ? [pid 11175] <... exit_group resumed>) = ? [pid 11178] <... futex resumed>) = ? [pid 11190] +++ exited with 0 +++ [pid 11191] <... write resumed>) = 1048576 [pid 11191] munmap(0x7fe453fca000, 138412032) = 0 [pid 11191] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11191] ioctl(4, LOOP_SET_FD, 3 [pid 11178] +++ exited with 0 +++ [pid 11175] +++ exited with 0 +++ [ 153.899502][T11185] loop2: detected capacity change from 0 to 2048 [ 153.921175][T11187] loop0: detected capacity change from 0 to 2048 [ 153.931061][T11178] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11175, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./434", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./434", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./434/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./434/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./434/binderfs") = 0 [pid 298] umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11191] <... ioctl resumed>) = 0 [pid 11187] <... close resumed>) = 0 [pid 11185] <... close resumed>) = 0 [pid 11187] mkdir("./file0", 0777 [pid 11185] mkdir("./file0", 0777 [pid 11187] <... mkdir resumed>) = 0 [pid 11185] <... mkdir resumed>) = 0 [pid 11187] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11185] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11191] close(3) = 0 [pid 11191] close(4 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./429/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./429/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./429/file0") = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./429") = 0 [pid 299] mkdir("./430", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11194 ./strace-static-x86_64: Process 11194 attached [pid 11194] set_robust_list(0x5555557b6760, 24) = 0 [pid 11194] chdir("./430") = 0 [pid 11194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11194] setpgid(0, 0) = 0 [pid 11194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11194] write(3, "1000", 4) = 4 [pid 11194] close(3) = 0 [pid 11194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11194] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11194] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11194] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11194] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11195]}, 88) = 11195 [pid 11194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11194] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11194] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11195 attached [pid 11195] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11195] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11195] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11195] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11194] <... futex resumed>) = 0 [pid 11194] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11194] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11195] <... futex resumed>) = 1 [pid 11195] memfd_create("syzkaller", 0) = 3 [pid 11195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11187] <... mount resumed>) = 0 [pid 11187] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11187] chdir("./file0") = 0 [pid 11187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11187] ioctl(4, LOOP_CLR_FD) = 0 [pid 11187] close(4) = 0 [pid 11187] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11183] <... futex resumed>) = 0 [pid 11183] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11183] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11187] <... futex resumed>) = 1 [pid 11187] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11187] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11183] <... futex resumed>) = 0 [pid 11183] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11183] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11183] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11196]}, 88) = 11196 [pid 11183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11183] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11183] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11187] <... futex resumed>) = 1 [ 153.950186][T11191] loop1: detected capacity change from 0 to 2048 [ 153.963525][T11187] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11187] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11187] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11187] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 11196 attached [pid 11196] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11196] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11191] <... close resumed>) = 0 [pid 11191] mkdir("./file0", 0777) = 0 [pid 11191] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11196] <... write resumed>) = 16 [pid 11196] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11183] <... futex resumed>) = 0 [pid 11183] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11183] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11187] <... futex resumed>) = 0 [pid 11187] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 11187] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11183] <... futex resumed>) = 0 [pid 11183] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11183] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11187] <... futex resumed>) = 1 [pid 298] <... umount2 resumed>) = 0 [pid 11196] <... futex resumed>) = 1 [pid 11195] <... write resumed>) = 1048576 [pid 298] umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11196] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11195] munmap(0x7fe453fca000, 138412032 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11195] <... munmap resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./434/file0", [pid 11195] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11195] <... openat resumed>) = 4 [pid 298] umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11195] ioctl(4, LOOP_SET_FD, 3 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11195] <... ioctl resumed>) = 0 [pid 11187] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 298] openat(AT_FDCWD, "./434/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./434/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 11195] close(3 [pid 11187] sendfile(-1, -1, [0] [pid 298] close(3 [pid 11195] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 298] rmdir("./434") = 0 [pid 298] mkdir("./435", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11195] close(4 [pid 298] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 11187] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 298] close(3) = 0 [pid 11187] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11187] <... futex resumed>) = 1 [pid 11187] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 11201 ./strace-static-x86_64: Process 11201 attached [pid 11201] set_robust_list(0x5555557b6760, 24) = 0 [pid 11201] chdir("./435") = 0 [pid 11201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11201] setpgid(0, 0) = 0 [pid 11201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11201] write(3, "1000", 4) = 4 [pid 11201] close(3) = 0 [pid 11201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11201] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11201] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11183] <... futex resumed>) = 0 [pid 11183] exit_group(0 [pid 11196] <... futex resumed>) = ? [pid 11187] <... futex resumed>) = ? [pid 11183] <... exit_group resumed>) = ? [pid 11196] +++ exited with 0 +++ [pid 11187] +++ exited with 0 +++ [pid 11183] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11183, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 11201] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11201] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 295] umount2("./434", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./434", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 153.996762][T11187] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 154.019649][T11195] loop4: detected capacity change from 0 to 2048 [ 154.032521][T11185] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./434/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./434/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./434/binderfs") = 0 [pid 295] umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11201] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11202]}, 88) = 11202 [pid 11201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11201] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11201] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11202 attached [pid 11202] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11185] <... mount resumed>) = 0 [pid 11202] rt_sigprocmask(SIG_SETMASK, [], [pid 11191] <... mount resumed>) = 0 [pid 11185] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11185] chdir("./file0") = 0 [pid 11185] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11202] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11191] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11185] <... openat resumed>) = 4 [pid 11185] ioctl(4, LOOP_CLR_FD [pid 11202] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11191] <... openat resumed>) = 3 [pid 11185] <... ioctl resumed>) = 0 [pid 11185] close(4) = 0 [pid 11185] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11184] <... futex resumed>) = 0 [pid 11185] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11184] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11202] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11191] chdir("./file0" [pid 11184] <... futex resumed>) = 0 [pid 11185] <... openat resumed>) = 4 [pid 11201] <... futex resumed>) = 0 [pid 11201] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11201] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11202] <... futex resumed>) = 1 [pid 11202] memfd_create("syzkaller", 0 [pid 11184] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11185] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11202] <... memfd_create resumed>) = 3 [pid 11202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11191] <... chdir resumed>) = 0 [pid 11185] <... futex resumed>) = 0 [pid 11184] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11185] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11184] <... futex resumed>) = 0 [pid 11185] <... write resumed>) = 16 [pid 11184] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11185] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11184] <... futex resumed>) = 0 [pid 11202] <... mmap resumed>) = 0x7fe453fca000 [pid 11191] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11185] <... futex resumed>) = 0 [pid 11185] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11195] <... close resumed>) = 0 [pid 11191] <... openat resumed>) = 4 [pid 11184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11195] mkdir("./file0", 0777) = 0 [pid 11191] ioctl(4, LOOP_CLR_FD [pid 11184] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11195] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11191] <... ioctl resumed>) = 0 [pid 11184] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11191] close(4 [pid 11184] <... mprotect resumed>) = 0 [pid 11191] <... close resumed>) = 0 [pid 11184] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11191] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11184] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11191] <... futex resumed>) = 1 [pid 11189] <... futex resumed>) = 0 [pid 11184] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11191] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11189] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11189] <... futex resumed>) = 0 [pid 11191] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11189] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11184] <... clone3 resumed> => {parent_tid=[11203]}, 88) = 11203 [pid 11184] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11191] <... openat resumed>) = 4 [pid 11184] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11191] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11184] <... futex resumed>) = 0 [pid 11191] <... futex resumed>) = 1 [pid 11189] <... futex resumed>) = 0 [pid 11184] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11191] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11189] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11189] <... futex resumed>) = 0 [pid 11191] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11189] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11191] <... write resumed>) = 16 [pid 11189] <... futex resumed>) = 0 [pid 11191] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11191] <... futex resumed>) = 0 [pid 11191] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11189] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11189] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11204]}, 88) = 11204 [pid 11189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11189] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 11204 attached ./strace-static-x86_64: Process 11203 attached [pid 11202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11189] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11204] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11204] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11204] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11204] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11203] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11203] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11202] <... write resumed>) = 1048576 [pid 11189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11203] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11202] munmap(0x7fe453fca000, 138412032 [pid 11189] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11203] <... futex resumed>) = 1 [pid 11191] <... futex resumed>) = 0 [pid 11189] <... futex resumed>) = 1 [pid 11184] <... futex resumed>) = 0 [pid 11203] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11191] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11189] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11184] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11202] <... munmap resumed>) = 0 [pid 11191] <... mmap resumed>) = 0x20000000 [pid 11185] <... futex resumed>) = 0 [pid 11184] <... futex resumed>) = 1 [pid 11202] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11191] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11185] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11184] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11202] <... openat resumed>) = 4 [pid 11191] <... futex resumed>) = 1 [pid 11189] <... futex resumed>) = 0 [pid 11185] <... mmap resumed>) = 0x20000000 [pid 11202] ioctl(4, LOOP_SET_FD, 3 [pid 11191] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11189] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11185] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11189] <... futex resumed>) = 0 [pid 11189] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11185] <... futex resumed>) = 1 [pid 11185] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11202] <... ioctl resumed>) = 0 [pid 11184] <... futex resumed>) = 0 [pid 11202] close(3 [pid 11184] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11202] <... close resumed>) = 0 [pid 11185] <... futex resumed>) = 0 [pid 11184] <... futex resumed>) = 1 [pid 11202] close(4 [pid 11191] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11191] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11191] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11189] <... futex resumed>) = 0 [ 154.044797][T11191] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 154.074530][T11202] loop3: detected capacity change from 0 to 2048 [ 154.076334][T11191] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11191] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11189] exit_group(0 [pid 11204] <... futex resumed>) = ? [pid 11191] <... futex resumed>) = ? [pid 11189] <... exit_group resumed>) = ? [pid 11204] +++ exited with 0 +++ [pid 11191] +++ exited with 0 +++ [pid 11189] +++ exited with 0 +++ [pid 11184] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11189, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 296] umount2("./435", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./435", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./435/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./435/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./435/binderfs") = 0 [pid 296] umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./434/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./434/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./434/file0") = 0 [pid 11185] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 295] getdents64(3, [pid 11185] sendfile(-1, -1, [0] [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 11185] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 295] close(3 [pid 11185] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... close resumed>) = 0 [pid 11185] <... futex resumed>) = 1 [pid 11184] <... futex resumed>) = 0 [pid 295] rmdir("./434" [pid 11185] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11184] exit_group(0 [pid 295] <... rmdir resumed>) = 0 [pid 11185] <... futex resumed>) = ? [pid 11203] <... futex resumed>) = ? [pid 11184] <... exit_group resumed>) = ? [pid 295] mkdir("./435", 0777 [pid 11203] +++ exited with 0 +++ [pid 11185] +++ exited with 0 +++ [pid 295] <... mkdir resumed>) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11184] +++ exited with 0 +++ [pid 295] <... openat resumed>) = 3 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11184, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 295] ioctl(3, LOOP_CLR_FD [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... restart_syscall resumed>) = 0 [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] umount2("./434", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./434", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./434/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 11205 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./434/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./434/binderfs"./strace-static-x86_64: Process 11205 attached [pid 11205] set_robust_list(0x5555557b6760, 24 [pid 297] <... unlink resumed>) = 0 [pid 11205] <... set_robust_list resumed>) = 0 [pid 297] umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11205] chdir("./435") = 0 [pid 11205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11205] setpgid(0, 0) = 0 [pid 11205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11205] write(3, "1000", 4) = 4 [pid 11205] close(3) = 0 [pid 11205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11205] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11205] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11205] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11205] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11205] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 11208 attached [pid 11208] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11205] <... clone3 resumed> => {parent_tid=[11208]}, 88) = 11208 [pid 11205] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11205] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11208] <... set_robust_list resumed>) = 0 [pid 11205] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11208] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11208] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11205] <... futex resumed>) = 0 [pid 11205] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11205] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11208] memfd_create("syzkaller", 0) = 3 [pid 11208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11202] <... close resumed>) = 0 [pid 11202] mkdir("./file0", 0777) = 0 [pid 11202] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11195] <... mount resumed>) = 0 [pid 11208] <... write resumed>) = 1048576 [pid 11208] munmap(0x7fe453fca000, 138412032) = 0 [pid 11208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11208] ioctl(4, LOOP_SET_FD, 3 [pid 11195] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./435/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./435/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./435/file0") = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./435") = 0 [pid 296] mkdir("./436", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11209 attached [pid 11208] <... ioctl resumed>) = 0 [pid 11195] <... openat resumed>) = 3 [pid 11208] close(3 [pid 11195] chdir("./file0" [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 11209 [pid 11208] <... close resumed>) = 0 [pid 11195] <... chdir resumed>) = 0 [pid 11208] close(4 [pid 11195] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11208] <... close resumed>) = 0 [pid 11195] <... openat resumed>) = 4 [pid 11208] mkdir("./file0", 0777 [pid 11195] ioctl(4, LOOP_CLR_FD [pid 11208] <... mkdir resumed>) = 0 [pid 11195] <... ioctl resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 11208] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11195] close(4 [pid 297] umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11195] <... close resumed>) = 0 [pid 11195] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11195] <... futex resumed>) = 1 [pid 11194] <... futex resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./434/file0", [pid 11195] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11194] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11194] <... futex resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11195] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 154.081964][T11185] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 154.126328][T11195] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 154.139588][T11208] loop0: detected capacity change from 0 to 2048 [pid 11194] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11209] set_robust_list(0x5555557b6760, 24) = 0 [pid 11209] chdir("./436") = 0 [pid 11209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11209] setpgid(0, 0) = 0 [pid 11209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11209] write(3, "1000", 4) = 4 [pid 11209] close(3) = 0 [pid 11209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11209] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11209] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11209] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11209] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11209] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11212]}, 88) = 11212 [pid 11209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11209] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11209] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11195] <... openat resumed>) = 4 [pid 297] openat(AT_FDCWD, "./434/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11195] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... openat resumed>) = 4 [pid 11195] <... futex resumed>) = 1 [pid 11194] <... futex resumed>) = 0 [pid 11195] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] newfstatat(4, "", [pid 11195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11194] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11195] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11194] <... futex resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11195] <... write resumed>) = 16 [pid 11194] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(4, [pid 11195] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11194] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11195] <... futex resumed>) = 0 [pid 11194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11195] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11194] <... mmap resumed>) = 0x7fe45c3a9000 [pid 297] getdents64(4, [pid 11194] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 11194] <... mprotect resumed>) = 0 [pid 297] close(4 [pid 11194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 297] <... close resumed>) = 0 [pid 11194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 297] rmdir("./434/file0"./strace-static-x86_64: Process 11213 attached [pid 11213] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11194] <... clone3 resumed> => {parent_tid=[11213]}, 88) = 11213 [pid 297] <... rmdir resumed>) = 0 [pid 11213] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 297] getdents64(3, [pid 11194] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 11194] <... futex resumed>) = 1 [pid 297] close(3 [pid 11213] <... futex resumed>) = 0 [pid 11194] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11213] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 297] <... close resumed>) = 0 [pid 297] rmdir("./434" [pid 11213] <... write resumed>) = 16 [pid 297] <... rmdir resumed>) = 0 [pid 297] mkdir("./435", 0777) = 0 [pid 11213] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11194] <... futex resumed>) = 0 [pid 11213] <... futex resumed>) = 1 [pid 11194] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... openat resumed>) = 3 [pid 11213] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11195] <... futex resumed>) = 0 [pid 11194] <... futex resumed>) = 1 [pid 297] ioctl(3, LOOP_CLR_FD [pid 11195] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11194] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11195] <... mmap resumed>) = 0x20000000 [pid 297] close(3 [pid 11195] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... close resumed>) = 0 [pid 11195] <... futex resumed>) = 1 [pid 11194] <... futex resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11195] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11194] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11194] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11214 attached [pid 11214] set_robust_list(0x5555557b6760, 24) = 0 [pid 11214] chdir("./435") = 0 [pid 11214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11214] setpgid(0, 0) = 0 [pid 11214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11214] write(3, "1000", 4) = 4 [pid 11214] close(3) = 0 [pid 11214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11214] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11214] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11214] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11215]}, 88) = 11215 [pid 11214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11214] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11214] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11215 attached [pid 11215] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11215] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11215] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11214] <... futex resumed>) = 0 [pid 11214] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11214] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11215] <... futex resumed>) = 1 [pid 11215] memfd_create("syzkaller", 0) = 3 [pid 11215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 11214 [pid 11202] <... mount resumed>) = 0 [pid 11202] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11202] chdir("./file0") = 0 [pid 11202] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11202] ioctl(4, LOOP_CLR_FD) = 0 [pid 11202] close(4) = 0 [pid 11202] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11201] <... futex resumed>) = 0 [pid 11201] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11201] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11202] <... futex resumed>) = 1 [pid 11202] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 11212 attached [pid 11212] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11212] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11212] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11209] <... futex resumed>) = 0 [pid 11209] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11209] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11212] <... futex resumed>) = 1 [pid 11212] memfd_create("syzkaller", 0) = 3 [pid 11212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11202] <... openat resumed>) = 4 [pid 11202] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11201] <... futex resumed>) = 0 [pid 11201] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11201] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11201] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11218]}, 88) = 11218 [pid 11201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11201] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11201] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11202] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11215] <... write resumed>) = 1048576 [pid 11202] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11215] munmap(0x7fe453fca000, 138412032 [pid 11202] <... futex resumed>) = 0 [pid 11215] <... munmap resumed>) = 0 [pid 11202] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11215] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 11218 attached [pid 11218] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11218] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11215] <... openat resumed>) = 4 [pid 11218] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11201] <... futex resumed>) = 0 [pid 11218] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11201] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11202] <... futex resumed>) = 0 [ 154.165200][T11202] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 154.184382][T11195] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11201] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11202] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 11202] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11201] <... futex resumed>) = 0 [pid 11201] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11201] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 11212] munmap(0x7fe453fca000, 138412032) = 0 [pid 11212] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11212] ioctl(4, LOOP_SET_FD, 3 [pid 11215] ioctl(4, LOOP_SET_FD, 3 [pid 11212] <... ioctl resumed>) = 0 [pid 11212] close(3) = 0 [pid 11212] close(4 [pid 11208] <... mount resumed>) = 0 [pid 11202] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11195] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11194] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 11202] sendfile(-1, -1, [0] [pid 11195] sendfile(-1, -1, [0] [pid 11202] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11195] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11202] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11195] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11202] <... futex resumed>) = 1 [pid 11201] <... futex resumed>) = 0 [pid 11195] <... futex resumed>) = 0 [pid 11202] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11201] exit_group(0 [pid 11195] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11218] <... futex resumed>) = ? [pid 11202] <... futex resumed>) = ? [pid 11201] <... exit_group resumed>) = ? [pid 11218] +++ exited with 0 +++ [pid 11202] +++ exited with 0 +++ [pid 11201] +++ exited with 0 +++ [pid 11194] exit_group(0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11201, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 11213] <... futex resumed>) = ? [pid 11195] <... futex resumed>) = ? [pid 11194] <... exit_group resumed>) = ? [pid 11213] +++ exited with 0 +++ [pid 11195] +++ exited with 0 +++ [pid 11194] +++ exited with 0 +++ [pid 298] umount2("./435", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11194, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 298] openat(AT_FDCWD, "./435", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11215] <... ioctl resumed>) = 0 [pid 11208] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] <... openat resumed>) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, [pid 299] <... restart_syscall resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./435/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11215] close(3 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] umount2("./430", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] newfstatat(AT_FDCWD, "./435/binderfs", [pid 11215] <... close resumed>) = 0 [pid 11208] <... openat resumed>) = 3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11212] <... close resumed>) = 0 [pid 299] openat(AT_FDCWD, "./430", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] unlink("./435/binderfs" [pid 11215] close(4 [pid 11212] mkdir("./file0", 0777 [pid 11208] chdir("./file0" [pid 299] <... openat resumed>) = 3 [pid 298] <... unlink resumed>) = 0 [pid 299] newfstatat(3, "", [pid 298] umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11212] <... mkdir resumed>) = 0 [pid 11208] <... chdir resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11212] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11208] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] getdents64(3, [pid 11208] <... openat resumed>) = 4 [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11208] ioctl(4, LOOP_CLR_FD [pid 299] umount2("./430/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./430/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11208] <... ioctl resumed>) = 0 [pid 299] unlink("./430/binderfs" [pid 11208] close(4 [pid 299] <... unlink resumed>) = 0 [pid 299] umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11208] <... close resumed>) = 0 [pid 11208] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11205] <... futex resumed>) = 0 [pid 11205] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11205] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11208] <... futex resumed>) = 1 [pid 11208] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11208] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11205] <... futex resumed>) = 0 [pid 11205] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11205] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11205] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11205] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11219]}, 88) = 11219 ./strace-static-x86_64: Process 11219 attached [pid 11205] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11205] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11205] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11208] <... futex resumed>) = 1 [pid 11208] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11208] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11219] set_robust_list(0x7fe45c3c99a0, 24 [pid 11208] <... futex resumed>) = 0 [pid 11208] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11219] <... set_robust_list resumed>) = 0 [pid 11219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11219] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11219] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11205] <... futex resumed>) = 0 [pid 11219] <... futex resumed>) = 1 [pid 11205] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11219] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11208] <... futex resumed>) = 0 [pid 11205] <... futex resumed>) = 1 [pid 11208] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11205] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11208] <... mmap resumed>) = 0x20000000 [pid 11208] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11205] <... futex resumed>) = 0 [pid 11208] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11205] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 154.222980][T11202] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 154.230326][T11212] loop1: detected capacity change from 0 to 2048 [ 154.244991][T11208] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 154.247844][T11215] loop2: detected capacity change from 0 to 2048 [pid 11205] <... futex resumed>) = 0 [pid 11215] <... close resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 11215] mkdir("./file0", 0777 [pid 11205] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11215] <... mkdir resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11215] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 299] newfstatat(AT_FDCWD, "./430/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./430/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./430/file0") = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./430") = 0 [pid 299] mkdir("./431", 0777) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11220 [pid 298] umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 11220 attached [pid 298] newfstatat(AT_FDCWD, "./435/file0", [pid 11220] set_robust_list(0x5555557b6760, 24 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11208] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11208] sendfile(-1, -1, [0] [pid 298] openat(AT_FDCWD, "./435/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11208] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11208] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11208] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11205] <... futex resumed>) = 0 [pid 11205] exit_group(0) = ? [pid 11219] <... futex resumed>) = ? [pid 11219] +++ exited with 0 +++ [pid 298] <... openat resumed>) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./435/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./435") = 0 [pid 11208] <... futex resumed>) = ? [pid 298] mkdir("./436", 0777 [pid 11208] +++ exited with 0 +++ [pid 11205] +++ exited with 0 +++ [pid 298] <... mkdir resumed>) = 0 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11205, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] umount2("./435", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11220] <... set_robust_list resumed>) = 0 [pid 11220] chdir("./431") = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 154.277555][T11208] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 154.304484][T11212] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 298] close(3 [pid 11220] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11212] <... mount resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 295] openat(AT_FDCWD, "./435", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11220] <... prctl resumed>) = 0 [pid 11220] setpgid(0, 0) = 0 [pid 11220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11220] write(3, "1000", 4) = 4 [pid 11220] close(3) = 0 [pid 11220] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11220] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11220] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11220] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11220] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11220] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11225]}, 88) = 11225 [pid 11220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11220] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11220] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11212] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11212] chdir("./file0") = 0 [pid 11212] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11212] ioctl(4, LOOP_CLR_FD) = 0 [pid 11212] close(4) = 0 [pid 11212] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11209] <... futex resumed>) = 0 [pid 11209] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11209] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11212] <... futex resumed>) = 1 [pid 11212] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11212] <... openat resumed>) = 4 [pid 295] <... openat resumed>) = 3 [pid 11215] <... mount resumed>) = 0 [pid 11215] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11215] chdir("./file0" [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 11226 [pid 295] newfstatat(3, "", [pid 11215] <... chdir resumed>) = 0 [pid 11215] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11215] ioctl(4, LOOP_CLR_FD) = 0 [pid 11215] close(4) = 0 [pid 11215] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11214] <... futex resumed>) = 0 [pid 11214] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11214] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11212] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11215] <... futex resumed>) = 1 [pid 11215] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 295] getdents64(3, [pid 11212] <... futex resumed>) = 1 [pid 11209] <... futex resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11209] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11212] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11209] <... futex resumed>) = 0 [pid 295] umount2("./435/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11212] <... write resumed>) = 16 [pid 11209] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11212] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11209] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11209] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 295] newfstatat(AT_FDCWD, "./435/binderfs", [pid 11209] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11209] <... rt_sigprocmask resumed>[], 8) = 0 [pid 295] unlink("./435/binderfs" [pid 11209] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0}./strace-static-x86_64: Process 11226 attached [pid 295] <... unlink resumed>) = 0 [pid 295] umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11209] <... clone3 resumed> => {parent_tid=[11227]}, 88) = 11227 [pid 11209] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 11225 attached [pid 11225] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11209] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11225] <... set_robust_list resumed>) = 0 [pid 11225] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11225] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11225] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11209] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11220] <... futex resumed>) = 0 [pid 11209] <... futex resumed>) = 0 [pid 11220] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11220] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11225] <... futex resumed>) = 1 [pid 11225] memfd_create("syzkaller", 0 [pid 11209] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11225] <... memfd_create resumed>) = 3 [pid 11225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11212] <... futex resumed>) = 0 [pid 11212] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11215] <... openat resumed>) = 4 [pid 11215] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11214] <... futex resumed>) = 0 [pid 11215] <... futex resumed>) = 1 [pid 11214] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11214] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11214] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11214] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11215] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11214] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11228]}, 88) = 11228 [pid 11214] rt_sigprocmask(SIG_SETMASK, [], [pid 11215] <... write resumed>) = 16 [pid 11214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11214] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11214] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11215] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 11228 attached [pid 11228] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11215] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11226] set_robust_list(0x5555557b6760, 24 [pid 11228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11228] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11228] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11214] <... futex resumed>) = 0 [pid 11228] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11214] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11215] <... futex resumed>) = 0 [pid 11214] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11215] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 11215] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11226] <... set_robust_list resumed>) = 0 [pid 11214] <... futex resumed>) = 0 [pid 11215] <... futex resumed>) = 1 [pid 11214] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11214] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 11225] munmap(0x7fe453fca000, 138412032) = 0 [pid 11225] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 154.339413][T11215] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 154.369112][T11215] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11225] ioctl(4, LOOP_SET_FD, 3 [pid 11226] chdir("./436" [pid 11225] <... ioctl resumed>) = 0 [pid 11225] close(3) = 0 [pid 11225] close(4./strace-static-x86_64: Process 11227 attached [pid 11227] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11227] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11227] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11209] <... futex resumed>) = 0 [pid 11227] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11209] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11212] <... futex resumed>) = 0 [pid 11209] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11212] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 11212] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11212] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11209] <... futex resumed>) = 0 [pid 11215] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11226] <... chdir resumed>) = 0 [pid 11209] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11226] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11215] sendfile(-1, -1, [0] [pid 11212] <... futex resumed>) = 0 [pid 11209] <... futex resumed>) = 1 [pid 11226] <... prctl resumed>) = 0 [pid 11226] setpgid(0, 0) = 0 [pid 11226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11226] write(3, "1000", 4) = 4 [pid 11226] close(3) = 0 [pid 11226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11226] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11226] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11226] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11226] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11226] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11226] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11229]}, 88) = 11229 [pid 11226] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11226] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11226] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11215] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11215] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11215] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11209] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11229 attached [pid 11229] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11229] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11229] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11229] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11226] <... futex resumed>) = 0 [pid 11226] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11226] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11229] <... futex resumed>) = 1 [pid 11229] memfd_create("syzkaller", 0) = 3 [pid 11229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11214] <... futex resumed>) = 0 [pid 11214] exit_group(0 [pid 295] <... umount2 resumed>) = 0 [pid 11228] <... futex resumed>) = ? [pid 11215] <... futex resumed>) = ? [pid 11214] <... exit_group resumed>) = ? [pid 11228] +++ exited with 0 +++ [pid 11215] +++ exited with 0 +++ [pid 11214] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11214, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 11225] <... close resumed>) = 0 [pid 295] umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11225] mkdir("./file0", 0777) = 0 [pid 297] umount2("./435", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11225] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./435/file0", [pid 297] openat(AT_FDCWD, "./435", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11212] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 297] <... openat resumed>) = 3 [pid 11212] sendfile(-1, -1, [0] [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11212] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11212] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11209] <... futex resumed>) = 0 [pid 11209] exit_group(0 [pid 11227] <... futex resumed>) = ? [pid 11209] <... exit_group resumed>) = ? [pid 297] getdents64(3, [pid 11227] +++ exited with 0 +++ [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11212] <... futex resumed>) = ? [pid 297] umount2("./435/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./435/binderfs", [pid 295] openat(AT_FDCWD, "./435/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... openat resumed>) = 4 [pid 297] unlink("./435/binderfs" [pid 295] newfstatat(4, "", [pid 297] <... unlink resumed>) = 0 [pid 297] umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11212] +++ exited with 0 +++ [pid 11209] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11209, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 11229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 296] umount2("./436", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./436", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, [pid 295] getdents64(4, [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] umount2("./436/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] getdents64(4, [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] newfstatat(AT_FDCWD, "./436/binderfs", [pid 295] close(4 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./436/binderfs" [pid 295] <... close resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 296] umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] rmdir("./435/file0") = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./435") = 0 [pid 295] mkdir("./436", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11229] <... write resumed>) = 1048576 [pid 11229] munmap(0x7fe453fca000, 138412032 [pid 295] <... openat resumed>) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11230 ./strace-static-x86_64: Process 11230 attached [pid 11230] set_robust_list(0x5555557b6760, 24) = 0 [pid 11230] chdir("./436") = 0 [pid 11230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11230] setpgid(0, 0) = 0 [pid 11230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11229] <... munmap resumed>) = 0 [pid 11229] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11229] ioctl(4, LOOP_SET_FD, 3 [pid 11230] <... openat resumed>) = 3 [pid 11230] write(3, "1000", 4) = 4 [pid 11230] close(3) = 0 [pid 11230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11230] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11230] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11230] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11230] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11229] <... ioctl resumed>) = 0 [pid 11230] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11229] close(3 [pid 11230] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11229] <... close resumed>) = 0 [pid 11229] close(4 [pid 11230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 11231 attached [pid 11231] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11231] rt_sigprocmask(SIG_SETMASK, [], [pid 11230] <... clone3 resumed> => {parent_tid=[11231]}, 88) = 11231 [pid 11231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11230] rt_sigprocmask(SIG_SETMASK, [], [pid 11231] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11230] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11231] <... futex resumed>) = 0 [pid 11231] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11230] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11231] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11231] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11230] <... futex resumed>) = 0 [pid 11231] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11230] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11230] <... futex resumed>) = 0 [pid 11231] memfd_create("syzkaller", 0 [pid 11230] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11231] <... memfd_create resumed>) = 3 [pid 11231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 11231] munmap(0x7fe453fca000, 138412032) = 0 [pid 11231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 154.377201][T11225] loop4: detected capacity change from 0 to 2048 [ 154.392361][T11212] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 154.428361][T11229] loop3: detected capacity change from 0 to 2048 [pid 11231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11231] close(3) = 0 [pid 11231] close(4 [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./435/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./435/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./435/file0") = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./435") = 0 [pid 297] mkdir("./436", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11234 ./strace-static-x86_64: Process 11234 attached [pid 11234] set_robust_list(0x5555557b6760, 24) = 0 [pid 11234] chdir("./436") = 0 [pid 11234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11234] setpgid(0, 0) = 0 [pid 11234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11234] write(3, "1000", 4) = 4 [pid 11234] close(3) = 0 [pid 11234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11234] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11229] <... close resumed>) = 0 [pid 11229] mkdir("./file0", 0777 [pid 11225] <... mount resumed>) = 0 [pid 296] umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11234] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11229] <... mkdir resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11234] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11229] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11225] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 296] newfstatat(AT_FDCWD, "./436/file0", [pid 11234] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11225] <... openat resumed>) = 3 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11225] chdir("./file0" [pid 296] openat(AT_FDCWD, "./436/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11234] <... mmap resumed>) = 0x7fe45c3ca000 [pid 296] <... openat resumed>) = 4 [pid 11234] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11225] <... chdir resumed>) = 0 [pid 11234] <... mprotect resumed>) = 0 [pid 11225] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11234] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, [pid 11225] <... openat resumed>) = 4 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11225] ioctl(4, LOOP_CLR_FD [ 154.446458][T11231] loop0: detected capacity change from 0 to 2048 [ 154.466173][T11225] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 296] getdents64(4, [pid 11225] <... ioctl resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 11234] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11231] <... close resumed>) = 0 [pid 11234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11231] mkdir("./file0", 0777 [pid 11225] close(4 [pid 11231] <... mkdir resumed>) = 0 [pid 11225] <... close resumed>) = 0 [pid 296] close(4 [pid 11234] <... clone3 resumed> => {parent_tid=[11237]}, 88) = 11237 [pid 11231] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11225] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11234] rt_sigprocmask(SIG_SETMASK, [], [pid 11225] <... futex resumed>) = 1 [pid 11220] <... futex resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 11234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11225] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11234] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11234] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11229] <... mount resumed>) = 0 [pid 11229] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11220] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] rmdir("./436/file0" [pid 11229] <... openat resumed>) = 3 [pid 11229] chdir("./file0") = 0 [pid 11229] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11225] <... futex resumed>) = 0 [pid 11220] <... futex resumed>) = 1 [pid 11225] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11229] <... openat resumed>) = 4 [pid 11229] ioctl(4, LOOP_CLR_FD) = 0 [pid 11229] close(4) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 11229] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11229] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11226] <... futex resumed>) = 0 [pid 11220] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11226] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11226] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11225] <... openat resumed>) = 4 [pid 296] getdents64(3, [pid 11225] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 11225] <... futex resumed>) = 1 [pid 11225] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11220] <... futex resumed>) = 0 [pid 296] close(3 [pid 11220] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] <... close resumed>) = 0 [pid 11220] <... futex resumed>) = 0 [pid 11225] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 296] rmdir("./436" [pid 11220] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11225] <... write resumed>) = 16 [pid 11220] <... futex resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 11220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11225] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11220] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11220] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11225] <... futex resumed>) = 0 [pid 11220] <... mprotect resumed>) = 0 [pid 296] mkdir("./437", 0777 [pid 11225] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11220] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] <... mkdir resumed>) = 0 [pid 11220] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 11220] <... clone3 resumed> => {parent_tid=[11238]}, 88) = 11238 [pid 296] ioctl(3, LOOP_CLR_FD [pid 11220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11220] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] close(3 [pid 11220] <... futex resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 11220] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11239 ./strace-static-x86_64: Process 11238 attached [pid 11238] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11238] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11238] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11220] <... futex resumed>) = 0 [pid 11238] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11220] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11225] <... futex resumed>) = 0 [pid 11220] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11225] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 11225] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11220] <... futex resumed>) = 0 [pid 11225] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11220] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11220] <... futex resumed>) = 0 ./strace-static-x86_64: Process 11237 attached [pid 11237] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11237] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11237] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11234] <... futex resumed>) = 0 [pid 11234] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11234] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11237] <... futex resumed>) = 1 [pid 11237] memfd_create("syzkaller", 0) = 3 [pid 11237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 11237] munmap(0x7fe453fca000, 138412032) = 0 [pid 11237] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11237] close(3) = 0 [pid 11237] close(4) = 0 [pid 11237] mkdir("./file0", 0777) = 0 [pid 11237] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11220] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11229] <... futex resumed>) = 0 [pid 11229] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 11239 attached [pid 11239] set_robust_list(0x5555557b6760, 24) = 0 [pid 11239] chdir("./437") = 0 [pid 11239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11239] setpgid(0, 0) = 0 [pid 11239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11239] write(3, "1000", 4) = 4 [pid 11239] close(3) = 0 [pid 11239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11239] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11239] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11239] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11239] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11240]}, 88) = 11240 [pid 11239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11239] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11239] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11240 attached [pid 11240] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11240] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11240] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11240] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11239] <... futex resumed>) = 0 [pid 11239] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11239] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11240] <... futex resumed>) = 1 [pid 11240] memfd_create("syzkaller", 0) = 3 [pid 11240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11226] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 11226] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 11226] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 11226] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 11226] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11226] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11226] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11226] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11242]}, 88) = 11242 [pid 11226] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11226] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11226] futex(0x7fe45c4b66ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c388000 [pid 11226] mprotect(0x7fe45c389000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11226] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11226] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3a8990, parent_tid=0x7fe45c3a8990, exit_signal=0, stack=0x7fe45c388000, stack_size=0x20240, tls=0x7fe45c3a86c0} => {parent_tid=[11243]}, 88) = 11243 [pid 11226] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11226] futex(0x7fe45c4b66e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11226] futex(0x7fe45c4b66ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11229] <... openat resumed>) = 4 ./strace-static-x86_64: Process 11242 attached [pid 11242] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11242] write(-1, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = -1 EBADF (Bad file descriptor) [pid 11242] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11242] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11240] <... write resumed>) = 1048576 [pid 11240] munmap(0x7fe453fca000, 138412032 [pid 11229] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11240] <... munmap resumed>) = 0 [ 154.487958][T11229] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 154.511114][T11225] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 154.526423][T11237] loop2: detected capacity change from 0 to 2048 [pid 11240] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11229] <... futex resumed>) = 0 [pid 11240] <... openat resumed>) = 4 [pid 11240] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 11243 attached [pid 11229] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11240] <... ioctl resumed>) = 0 [pid 11240] close(3) = 0 [pid 11240] close(4 [pid 11225] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11225] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11225] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11225] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11243] set_robust_list(0x7fe45c3a89a0, 24) = 0 [pid 11243] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11243] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11243] futex(0x7fe45c4b66ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11243] futex(0x7fe45c4b66e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11220] <... futex resumed>) = 0 [pid 11220] exit_group(0 [pid 11238] <... futex resumed>) = ? [pid 11220] <... exit_group resumed>) = ? [pid 11238] +++ exited with 0 +++ [pid 11225] <... futex resumed>) = ? [pid 11226] <... futex resumed>) = 0 [pid 11226] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11226] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11229] <... futex resumed>) = 0 [pid 11229] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 11229] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11226] <... futex resumed>) = 0 [pid 11226] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11225] +++ exited with 0 +++ [pid 11220] +++ exited with 0 +++ [pid 11226] <... futex resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11220, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 11226] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 11229] <... futex resumed>) = 1 [pid 299] <... restart_syscall resumed>) = 0 [pid 299] umount2("./431", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./431", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./431/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./431/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./431/binderfs") = 0 [pid 299] umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11231] <... mount resumed>) = 0 [pid 11231] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11231] chdir("./file0") = 0 [pid 11231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11231] ioctl(4, LOOP_CLR_FD) = 0 [pid 11231] close(4) = 0 [pid 11231] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11230] <... futex resumed>) = 0 [pid 11230] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11230] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11231] <... futex resumed>) = 1 [pid 11231] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11229] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11229] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11229] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11226] <... futex resumed>) = 0 [pid 11226] exit_group(0 [pid 11243] <... futex resumed>) = ? [pid 11242] <... futex resumed>) = ? [pid 11226] <... exit_group resumed>) = ? [pid 11243] +++ exited with 0 +++ [pid 11242] +++ exited with 0 +++ [pid 11229] <... futex resumed>) = ? [pid 11229] +++ exited with 0 +++ [pid 11226] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11226, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./436", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./436", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 11237] <... mount resumed>) = 0 [pid 11231] <... openat resumed>) = 4 [pid 11231] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11230] <... futex resumed>) = 0 [pid 11230] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11230] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11230] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11230] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11247]}, 88) = 11247 [pid 298] newfstatat(3, "", [pid 11230] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11230] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] getdents64(3, [pid 11230] <... futex resumed>) = 0 [pid 11230] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11231] <... futex resumed>) = 1 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11231] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 298] umount2("./436/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11231] <... write resumed>) = 16 [pid 11231] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11231] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] newfstatat(AT_FDCWD, "./436/binderfs", ./strace-static-x86_64: Process 11247 attached [pid 11247] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11247] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11247] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] unlink("./436/binderfs" [pid 11230] <... futex resumed>) = 0 [pid 11230] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11230] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... unlink resumed>) = 0 [pid 11231] <... futex resumed>) = 0 [pid 298] umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 154.559572][T11240] loop1: detected capacity change from 0 to 2048 [ 154.565772][T11231] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 154.579018][T11229] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 154.580452][T11237] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11231] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 11231] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11230] <... futex resumed>) = 0 [pid 11230] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11230] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11231] <... futex resumed>) = 1 [pid 11237] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11247] <... futex resumed>) = 1 [pid 11247] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11237] chdir("./file0" [pid 11231] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11237] <... chdir resumed>) = 0 [pid 11231] sendfile(-1, -1, [0] [pid 11237] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11231] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11237] <... openat resumed>) = 4 [pid 11231] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11230] <... futex resumed>) = 0 [pid 11237] ioctl(4, LOOP_CLR_FD [pid 11230] exit_group(0 [pid 11247] <... futex resumed>) = ? [pid 11230] <... exit_group resumed>) = ? [pid 11247] +++ exited with 0 +++ [pid 11237] <... ioctl resumed>) = 0 [pid 11231] <... futex resumed>) = ? [pid 11237] close(4) = 0 [pid 11237] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11234] <... futex resumed>) = 0 [pid 11234] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11237] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11234] <... futex resumed>) = 0 [pid 11231] +++ exited with 0 +++ [pid 11230] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11230, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 11237] <... openat resumed>) = 4 [pid 11234] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11237] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11234] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11237] <... futex resumed>) = 0 [pid 11234] <... futex resumed>) = 0 [pid 11234] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11234] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11248]}, 88) = 11248 [pid 295] umount2("./436", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11237] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11234] rt_sigprocmask(SIG_SETMASK, [], [pid 11237] <... write resumed>) = 16 [pid 295] openat(AT_FDCWD, "./436", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11237] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... openat resumed>) = 3 [pid 11237] <... futex resumed>) = 0 [pid 295] newfstatat(3, "", [pid 11237] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] getdents64(3, [pid 11234] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11234] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] umount2("./436/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 11248 attached ) = -1 EINVAL (Invalid argument) [pid 11248] set_robust_list(0x7fe45c3c99a0, 24 [pid 295] newfstatat(AT_FDCWD, "./436/binderfs", [pid 11248] <... set_robust_list resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./436/binderfs" [pid 11248] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11248] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 295] <... unlink resumed>) = 0 [pid 11240] <... close resumed>) = 0 [pid 11240] mkdir("./file0", 0777 [pid 295] umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11248] <... write resumed>) = 16 [pid 11248] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11240] <... mkdir resumed>) = 0 [pid 11240] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11234] <... futex resumed>) = 0 [pid 11234] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11237] <... futex resumed>) = 0 [pid 11234] <... futex resumed>) = 1 [pid 11237] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11234] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11237] <... mmap resumed>) = 0x20000000 [pid 11237] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11234] <... futex resumed>) = 0 [pid 11234] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11234] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11248] <... futex resumed>) = 1 [pid 11248] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... umount2 resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./436/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./436/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./436/file0") = 0 [pid 299] umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] getdents64(3, [pid 299] newfstatat(AT_FDCWD, "./431/file0", [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] close(3 [pid 299] umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... close resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] rmdir("./436" [pid 299] openat(AT_FDCWD, "./431/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11237] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11237] sendfile(-1, -1, [0] [pid 298] <... rmdir resumed>) = 0 [pid 299] <... openat resumed>) = 4 [pid 11237] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11237] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11234] <... futex resumed>) = 0 [pid 11234] exit_group(0 [pid 11248] <... futex resumed>) = ? [pid 11234] <... exit_group resumed>) = ? [pid 299] newfstatat(4, "", [pid 298] mkdir("./437", 0777 [pid 11248] +++ exited with 0 +++ [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, [pid 11237] <... futex resumed>) = ? [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, [pid 298] <... mkdir resumed>) = 0 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11237] +++ exited with 0 +++ [pid 11234] +++ exited with 0 +++ [pid 299] <... close resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 299] rmdir("./431/file0" [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11234, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./436", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./436", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... rmdir resumed>) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 299] getdents64(3, [pid 297] <... openat resumed>) = 3 [pid 297] newfstatat(3, "", [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, [pid 299] close(3 [pid 298] close(3 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] <... close resumed>) = 0 [pid 297] umount2("./436/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] rmdir("./431" [pid 298] <... close resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./436/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./436/binderfs") = 0 [pid 299] <... rmdir resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] mkdir("./432", 0777) = 0 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 11249 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [ 154.609602][T11231] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 154.632917][T11237] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11252 ./strace-static-x86_64: Process 11249 attached [pid 11249] set_robust_list(0x5555557b6760, 24) = 0 [pid 11249] chdir("./437") = 0 [pid 11249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11249] setpgid(0, 0) = 0 [pid 11249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11249] write(3, "1000", 4) = 4 [pid 11249] close(3) = 0 [pid 11249] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11249] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11249] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11249] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11249] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11253]}, 88) = 11253 [pid 11249] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11249] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11249] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11253 attached [pid 11253] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 11253] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11253] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11249] <... futex resumed>) = 0 [pid 11249] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11249] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11253] <... futex resumed>) = 1 [pid 11253] memfd_create("syzkaller", 0) = 3 [pid 11253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 295] <... umount2 resumed>) = 0 [pid 297] umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./436/file0", [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] newfstatat(AT_FDCWD, "./436/file0", [pid 297] umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] openat(AT_FDCWD, "./436/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... openat resumed>) = 4 [pid 295] openat(AT_FDCWD, "./436/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] newfstatat(4, "", [pid 295] <... openat resumed>) = 4 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] newfstatat(4, "", [pid 297] getdents64(4, [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] close(4 [pid 295] getdents64(4, [pid 297] <... close resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] rmdir("./436/file0" [pid 295] close(4 [pid 297] <... rmdir resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] rmdir("./436/file0") = 0 [pid 297] close(3) = 0 [pid 295] getdents64(3, [pid 297] rmdir("./436" [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 295] close(3 [pid 297] mkdir("./437", 0777 [pid 295] <... close resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 295] rmdir("./436") = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 295] mkdir("./437", 0777 [pid 297] <... openat resumed>) = 3 [pid 295] <... mkdir resumed>) = 0 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 297] close(3) = 0 [pid 295] <... openat resumed>) = 3 [pid 11253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 11254 [pid 295] close(3) = 0 ./strace-static-x86_64: Process 11252 attached [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11255 [pid 11252] set_robust_list(0x5555557b6760, 24./strace-static-x86_64: Process 11254 attached [pid 11254] set_robust_list(0x5555557b6760, 24) = 0 [pid 11254] chdir("./437") = 0 [pid 11254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11254] setpgid(0, 0) = 0 [pid 11254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11252] <... set_robust_list resumed>) = 0 [pid 11252] chdir("./432") = 0 [pid 11240] <... mount resumed>) = 0 [pid 11240] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11254] <... openat resumed>) = 3 [pid 11252] setpgid(0, 0 [pid 11254] write(3, "1000", 4 [pid 11252] <... setpgid resumed>) = 0 [pid 11254] <... write resumed>) = 4 [pid 11252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11254] close(3 [pid 11252] <... openat resumed>) = 3 [pid 11240] chdir("./file0") = 0 [pid 11240] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11252] write(3, "1000", 4 [pid 11254] <... close resumed>) = 0 [pid 11252] <... write resumed>) = 4 [pid 11254] symlink("/dev/binderfs", "./binderfs" [pid 11252] close(3) = 0 [pid 11252] symlink("/dev/binderfs", "./binderfs" [pid 11254] <... symlink resumed>) = 0 [pid 11252] <... symlink resumed>) = 0 [pid 11254] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11240] <... openat resumed>) = 4 [pid 11254] <... futex resumed>) = 0 [pid 11252] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11254] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11252] <... futex resumed>) = 0 [pid 11254] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11252] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11240] ioctl(4, LOOP_CLR_FD [pid 11252] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11254] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11252] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11240] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 11255 attached [pid 11254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11254] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11253] <... write resumed>) = 1048576 [pid 11252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11255] set_robust_list(0x5555557b6760, 24 [pid 11254] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11253] munmap(0x7fe453fca000, 138412032 [pid 11240] close(4 [pid 11252] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11255] <... set_robust_list resumed>) = 0 [pid 11252] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11255] chdir("./437") = 0 [pid 11255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11254] <... mprotect resumed>) = 0 [pid 11252] <... mprotect resumed>) = 0 [pid 11255] setpgid(0, 0) = 0 [pid 11255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11255] write(3, "1000", 4) = 4 [pid 11255] close(3) = 0 [pid 11255] symlink("/dev/binderfs", "./binderfs" [pid 11252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11255] <... symlink resumed>) = 0 [pid 11252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11255] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11255] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11255] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11255] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11256]}, 88) = 11256 [pid 11255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11255] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11255] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11256 attached [pid 11256] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11256] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11256] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11255] <... futex resumed>) = 0 [pid 11255] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11255] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11256] <... futex resumed>) = 1 [pid 11256] memfd_create("syzkaller", 0 [pid 11254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11252] <... clone3 resumed> => {parent_tid=[11257]}, 88) = 11257 [pid 11240] <... close resumed>) = 0 [pid 11253] <... munmap resumed>) = 0 [pid 11254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11252] rt_sigprocmask(SIG_SETMASK, [], [pid 11240] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11256] <... memfd_create resumed>) = 3 [pid 11256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11252] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11254] <... clone3 resumed> => {parent_tid=[11258]}, 88) = 11258 [ 154.675755][T11240] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11253] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11240] <... futex resumed>) = 1 [pid 11239] <... futex resumed>) = 0 [pid 11239] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11239] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11252] <... futex resumed>) = 0 [pid 11254] rt_sigprocmask(SIG_SETMASK, [], [pid 11240] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11252] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11254] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11253] <... openat resumed>) = 4 [pid 11240] <... openat resumed>) = 4 [pid 11254] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11253] ioctl(4, LOOP_SET_FD, 3 [pid 11240] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 11258 attached [pid 11258] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11258] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11258] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11258] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11258] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11254] <... futex resumed>) = 0 [pid 11254] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11258] <... futex resumed>) = 0 [pid 11258] memfd_create("syzkaller", 0 [pid 11254] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11258] <... memfd_create resumed>) = 3 [pid 11258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11256] <... write resumed>) = 1048576 [pid 11256] munmap(0x7fe453fca000, 138412032) = 0 [pid 11256] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 11257 attached [pid 11239] <... futex resumed>) = 0 [pid 11240] <... futex resumed>) = 1 [pid 11239] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11240] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11239] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11257] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11256] <... openat resumed>) = 4 [pid 11253] <... ioctl resumed>) = 0 [pid 11240] <... write resumed>) = 16 [pid 11239] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11239] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11257] <... set_robust_list resumed>) = 0 [pid 11239] <... mprotect resumed>) = 0 [pid 11240] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11239] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11257] rt_sigprocmask(SIG_SETMASK, [], [pid 11240] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11239] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11257] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11257] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11239] <... clone3 resumed> => {parent_tid=[11259]}, 88) = 11259 [pid 11257] <... futex resumed>) = 1 [pid 11239] rt_sigprocmask(SIG_SETMASK, [], [pid 11257] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11252] <... futex resumed>) = 0 [pid 11239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11239] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11252] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11239] <... futex resumed>) = 0 [pid 11253] close(3 [pid 11239] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11257] <... futex resumed>) = 0 [pid 11252] <... futex resumed>) = 1 [pid 11253] <... close resumed>) = 0 [pid 11253] close(4 [pid 11257] memfd_create("syzkaller", 0) = 3 [pid 11257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11252] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11258] <... write resumed>) = 1048576 [pid 11258] munmap(0x7fe453fca000, 138412032) = 0 [pid 11258] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11258] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 11259 attached [pid 11257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11256] ioctl(4, LOOP_SET_FD, 3 [pid 11259] set_robust_list(0x7fe45c3c99a0, 24 [pid 11258] <... ioctl resumed>) = 0 [pid 11257] <... write resumed>) = 1048576 [pid 11258] close(3) = 0 [pid 11258] close(4 [pid 11259] <... set_robust_list resumed>) = 0 [pid 11259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11259] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11257] munmap(0x7fe453fca000, 138412032 [pid 11256] <... ioctl resumed>) = 0 [pid 11259] <... write resumed>) = 16 [pid 11259] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11239] <... futex resumed>) = 0 [pid 11239] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11240] <... futex resumed>) = 0 [pid 11239] <... futex resumed>) = 1 [pid 11240] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11239] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11240] <... mmap resumed>) = 0x20000000 [pid 11240] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11239] <... futex resumed>) = 0 [pid 11240] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11239] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11240] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11239] <... futex resumed>) = 0 [pid 11259] <... futex resumed>) = 1 [pid 11257] <... munmap resumed>) = 0 [pid 11256] close(3 [pid 11259] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11256] <... close resumed>) = 0 [pid 11256] close(4 [ 154.739144][T11253] loop3: detected capacity change from 0 to 2048 [ 154.769120][T11258] loop2: detected capacity change from 0 to 2048 [ 154.771604][T11256] loop0: detected capacity change from 0 to 2048 [pid 11257] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11257] ioctl(4, LOOP_SET_FD, 3 [pid 11240] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11239] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11240] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11240] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11239] <... futex resumed>) = 0 [pid 11239] exit_group(0 [pid 11259] <... futex resumed>) = ? [pid 11239] <... exit_group resumed>) = ? [pid 11259] +++ exited with 0 +++ [pid 11240] <... futex resumed>) = ? [pid 11240] +++ exited with 0 +++ [pid 11239] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11239, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./437", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./437", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11257] <... ioctl resumed>) = 0 [pid 11253] <... close resumed>) = 0 [pid 296] getdents64(3, [pid 11257] close(3 [pid 11253] mkdir("./file0", 0777 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11257] <... close resumed>) = 0 [pid 11257] close(4 [pid 11253] <... mkdir resumed>) = 0 [pid 296] umount2("./437/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11253] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./437/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./437/binderfs") = 0 [pid 296] umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11258] <... close resumed>) = 0 [pid 11256] <... close resumed>) = 0 [pid 11258] mkdir("./file0", 0777 [pid 11256] mkdir("./file0", 0777 [pid 11258] <... mkdir resumed>) = 0 [pid 11258] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11256] <... mkdir resumed>) = 0 [pid 11256] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11257] <... close resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 11257] mkdir("./file0", 0777 [pid 296] umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11257] <... mkdir resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11257] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 296] newfstatat(AT_FDCWD, "./437/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./437/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, [pid 11256] <... mount resumed>) = 0 [pid 11256] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11256] chdir("./file0") = 0 [pid 11256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11256] ioctl(4, LOOP_CLR_FD) = 0 [pid 11256] close(4) = 0 [pid 11256] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11255] <... futex resumed>) = 0 [ 154.784379][T11240] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 154.786392][T11257] loop4: detected capacity change from 0 to 2048 [ 154.826733][T11256] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11255] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11255] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11256] <... futex resumed>) = 1 [pid 11256] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11256] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11255] <... futex resumed>) = 0 [pid 11256] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11255] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11256] <... write resumed>) = 16 [pid 11255] <... futex resumed>) = 0 [pid 11258] <... mount resumed>) = 0 [pid 11258] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11258] chdir("./file0") = 0 [pid 11258] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./437/file0") = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./437") = 0 [pid 296] mkdir("./438", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11256] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11255] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 11268 [pid 11258] <... openat resumed>) = 4 [pid 11258] ioctl(4, LOOP_CLR_FD) = 0 [pid 11258] close(4 [pid 11256] <... futex resumed>) = 0 [pid 11255] <... futex resumed>) = 0 [pid 11255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11256] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11255] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11255] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11255] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11269]}, 88) = 11269 [pid 11255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11255] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11255] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11258] <... close resumed>) = 0 [pid 11258] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11254] <... futex resumed>) = 0 [pid 11254] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11254] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11258] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11257] <... mount resumed>) = 0 [pid 11257] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11257] chdir("./file0") = 0 [pid 11257] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11257] ioctl(4, LOOP_CLR_FD [pid 11258] <... openat resumed>) = 4 [pid 11258] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 11268 attached [pid 11268] set_robust_list(0x5555557b6760, 24) = 0 [pid 11268] chdir("./438") = 0 [pid 11268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11268] setpgid(0, 0) = 0 [pid 11268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11268] write(3, "1000", 4) = 4 [pid 11268] close(3) = 0 [pid 11268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11268] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11268] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11268] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11268] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11270]}, 88) = 11270 [pid 11268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11268] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11268] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11270 attached [pid 11270] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11270] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11270] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11268] <... futex resumed>) = 0 [pid 11268] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11268] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11270] <... futex resumed>) = 1 [pid 11270] memfd_create("syzkaller", 0) = 3 [pid 11270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11258] <... futex resumed>) = 1 [pid 11254] <... futex resumed>) = 0 [pid 11258] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11254] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11258] <... write resumed>) = 16 [pid 11254] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11258] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11254] <... futex resumed>) = 0 [pid 11258] <... futex resumed>) = 0 [pid 11254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11254] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11258] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11254] <... mprotect resumed>) = 0 [pid 11254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11271]}, 88) = 11271 [pid 11254] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11254] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11254] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11257] <... ioctl resumed>) = 0 [pid 11257] close(4) = 0 ./strace-static-x86_64: Process 11271 attached ./strace-static-x86_64: Process 11269 attached [pid 11257] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11253] <... mount resumed>) = 0 [pid 11257] <... futex resumed>) = 1 [pid 11252] <... futex resumed>) = 0 [pid 11270] <... write resumed>) = 1048576 [pid 11270] munmap(0x7fe453fca000, 138412032) = 0 [pid 11252] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11257] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11252] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11270] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11271] set_robust_list(0x7fe45c3c99a0, 24 [pid 11269] set_robust_list(0x7fe45c3c99a0, 24 [pid 11257] <... openat resumed>) = 4 [pid 11270] <... openat resumed>) = 4 [pid 11270] ioctl(4, LOOP_SET_FD, 3 [pid 11257] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11271] <... set_robust_list resumed>) = 0 [pid 11257] <... futex resumed>) = 1 [pid 11252] <... futex resumed>) = 0 [pid 11252] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11257] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11271] rt_sigprocmask(SIG_SETMASK, [], [pid 11269] <... set_robust_list resumed>) = 0 [pid 11252] <... futex resumed>) = 0 [pid 11252] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11271] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11269] rt_sigprocmask(SIG_SETMASK, [], [pid 11257] <... write resumed>) = 16 [pid 11252] <... futex resumed>) = 0 [pid 11252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11271] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11257] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11252] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11257] <... futex resumed>) = 0 [pid 11269] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11257] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11252] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11271] <... write resumed>) = 16 [pid 11252] <... mprotect resumed>) = 0 [pid 11269] <... write resumed>) = 16 [pid 11271] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11269] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11252] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11254] <... futex resumed>) = 0 [pid 11271] <... futex resumed>) = 1 [pid 11252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11254] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11271] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11269] <... futex resumed>) = 1 [pid 11258] <... futex resumed>) = 0 [pid 11255] <... futex resumed>) = 0 [pid 11254] <... futex resumed>) = 1 ./strace-static-x86_64: Process 11273 attached [pid 11269] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11258] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11255] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11254] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11253] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11252] <... clone3 resumed> => {parent_tid=[11273]}, 88) = 11273 [pid 11273] set_robust_list(0x7fe45c3c99a0, 24 [pid 11258] <... mmap resumed>) = 0x20000000 [pid 11256] <... futex resumed>) = 0 [pid 11255] <... futex resumed>) = 1 [pid 11252] rt_sigprocmask(SIG_SETMASK, [], [pid 11258] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11256] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [ 154.842011][T11258] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 154.854963][T11257] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 154.881949][T11253] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11255] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11273] <... set_robust_list resumed>) = 0 [pid 11258] <... futex resumed>) = 1 [pid 11256] <... mmap resumed>) = 0x20000000 [pid 11254] <... futex resumed>) = 0 [pid 11253] <... openat resumed>) = 3 [pid 11252] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11254] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11273] rt_sigprocmask(SIG_SETMASK, [], [pid 11258] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11256] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11254] <... futex resumed>) = 0 [pid 11253] chdir("./file0" [pid 11252] <... futex resumed>) = 0 [pid 11273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11273] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11258] sendfile(-1, -1, [0] [pid 11256] <... futex resumed>) = 1 [pid 11255] <... futex resumed>) = 0 [pid 11254] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11253] <... chdir resumed>) = 0 [pid 11252] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11270] <... ioctl resumed>) = 0 [pid 11273] <... write resumed>) = 16 [pid 11258] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11256] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11255] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11270] close(3 [pid 11253] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11273] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11273] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11258] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11258] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11256] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11270] <... close resumed>) = 0 [pid 11255] <... futex resumed>) = 0 [pid 11254] <... futex resumed>) = 0 [pid 11253] <... openat resumed>) = 4 [pid 11252] <... futex resumed>) = 0 [pid 11255] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11254] exit_group(0 [pid 11253] ioctl(4, LOOP_CLR_FD [pid 11252] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11271] <... futex resumed>) = ? [pid 11257] <... futex resumed>) = 0 [pid 11254] <... exit_group resumed>) = ? [pid 11253] <... ioctl resumed>) = 0 [pid 11252] <... futex resumed>) = 1 [pid 11271] +++ exited with 0 +++ [pid 11257] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11253] close(4 [pid 11252] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11257] <... mmap resumed>) = 0x20000000 [pid 11253] <... close resumed>) = 0 [pid 11257] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11253] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11257] <... futex resumed>) = 1 [pid 11253] <... futex resumed>) = 1 [pid 11252] <... futex resumed>) = 0 [pid 11249] <... futex resumed>) = 0 [pid 11257] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11253] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11252] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11249] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11252] <... futex resumed>) = 0 [pid 11249] <... futex resumed>) = 0 [pid 11270] close(4 [pid 11258] <... futex resumed>) = ? [pid 11258] +++ exited with 0 +++ [pid 11254] +++ exited with 0 +++ [pid 11256] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11256] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11256] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11256] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11253] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11253] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11253] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11252] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11249] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 11249] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11253] <... futex resumed>) = 0 [pid 11249] <... futex resumed>) = 1 [pid 11253] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11249] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11253] <... write resumed>) = 16 [pid 11249] <... futex resumed>) = 0 [pid 11253] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11249] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11253] <... futex resumed>) = 0 [pid 11249] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11253] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11249] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11249] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11249] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11274]}, 88) = 11274 [pid 11249] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11249] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11249] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11254, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 297] umount2("./437", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./437", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [ 154.918174][T11258] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 154.918280][T11270] loop1: detected capacity change from 0 to 2048 [ 154.940643][T11256] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 297] umount2("./437/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./437/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./437/binderfs") = 0 [pid 297] umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 11274 attached [pid 11255] <... futex resumed>) = 0 [pid 11274] set_robust_list(0x7fe45c3c99a0, 24 [pid 11255] exit_group(0 [pid 11274] <... set_robust_list resumed>) = 0 [pid 11269] <... futex resumed>) = ? [pid 11257] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11256] <... futex resumed>) = ? [pid 11255] <... exit_group resumed>) = ? [pid 11274] rt_sigprocmask(SIG_SETMASK, [], [pid 11269] +++ exited with 0 +++ [pid 11257] sendfile(-1, -1, [0] [pid 11256] +++ exited with 0 +++ [pid 11255] +++ exited with 0 +++ [pid 11274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11274] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11257] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11255, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 11274] <... write resumed>) = 16 [pid 11274] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11257] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11274] <... futex resumed>) = 1 [pid 11249] <... futex resumed>) = 0 [pid 11274] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11257] <... futex resumed>) = 1 [pid 11252] <... futex resumed>) = 0 [pid 11249] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] umount2("./437", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11257] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11253] <... futex resumed>) = 0 [pid 11252] exit_group(0 [pid 11249] <... futex resumed>) = 1 [pid 11273] <... futex resumed>) = ? [pid 11257] <... futex resumed>) = ? [pid 11253] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11252] <... exit_group resumed>) = ? [pid 11249] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11273] +++ exited with 0 +++ [pid 295] openat(AT_FDCWD, "./437", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 11253] <... mmap resumed>) = 0x20000000 [pid 295] newfstatat(3, "", [pid 11253] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11253] <... futex resumed>) = 1 [pid 11249] <... futex resumed>) = 0 [pid 295] getdents64(3, [pid 11253] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11249] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11249] <... futex resumed>) = 0 [pid 295] umount2("./437/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11257] +++ exited with 0 +++ [pid 11252] +++ exited with 0 +++ [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11252, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 295] newfstatat(AT_FDCWD, "./437/binderfs", [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./437/binderfs") = 0 [pid 299] <... restart_syscall resumed>) = 0 [pid 295] umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./432", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./432", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./432/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./432/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./432/binderfs") = 0 [pid 299] umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11249] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11253] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11253] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11253] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11249] <... futex resumed>) = 0 [pid 11253] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11249] exit_group(0 [pid 11274] <... futex resumed>) = ? [pid 11253] <... futex resumed>) = ? [pid 11249] <... exit_group resumed>) = ? [pid 11274] +++ exited with 0 +++ [pid 11253] +++ exited with 0 +++ [pid 11249] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11249, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./437", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./437", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./437/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./437/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./437/binderfs") = 0 [pid 298] umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11270] <... close resumed>) = 0 [pid 11270] mkdir("./file0", 0777) = 0 [pid 11270] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./437/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./437/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./437/file0") = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./437") = 0 [pid 297] mkdir("./438", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11275 attached , child_tidptr=0x5555557b6750) = 11275 [pid 11275] set_robust_list(0x5555557b6760, 24) = 0 [pid 11275] chdir("./438") = 0 [pid 11275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11275] setpgid(0, 0) = 0 [pid 11275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11275] write(3, "1000", 4) = 4 [pid 11275] close(3) = 0 [pid 11275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11275] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11275] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11275] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [ 154.945680][T11257] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 154.974711][T11253] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11275] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11276]}, 88) = 11276 [pid 11275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11275] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11275] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11276 attached [pid 11276] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11276] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11276] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11275] <... futex resumed>) = 0 [pid 11275] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11275] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11276] <... futex resumed>) = 1 [pid 11276] memfd_create("syzkaller", 0) = 3 [pid 11276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 299] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 295] umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./437/file0", [pid 295] newfstatat(AT_FDCWD, "./437/file0", [pid 299] newfstatat(AT_FDCWD, "./432/file0", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11276] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 299] umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./437/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] openat(AT_FDCWD, "./437/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... openat resumed>) = 4 [pid 295] <... openat resumed>) = 4 [pid 299] openat(AT_FDCWD, "./432/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] newfstatat(4, "", [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... openat resumed>) = 4 [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] newfstatat(4, "", [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] getdents64(4, [pid 298] getdents64(4, [pid 295] close(4 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] <... close resumed>) = 0 [pid 299] getdents64(4, [pid 295] rmdir("./437/file0" [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4 [pid 295] <... rmdir resumed>) = 0 [pid 299] close(4 [pid 298] <... close resumed>) = 0 [pid 298] rmdir("./437/file0" [pid 295] getdents64(3, [pid 299] <... close resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 299] rmdir("./432/file0" [pid 298] getdents64(3, [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 295] close(3 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] <... close resumed>) = 0 [pid 299] getdents64(3, [pid 298] close(3 [pid 295] rmdir("./437" [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] <... close resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 299] close(3 [pid 298] rmdir("./437" [pid 299] <... close resumed>) = 0 [pid 295] mkdir("./438", 0777 [pid 298] <... rmdir resumed>) = 0 [pid 299] rmdir("./432" [pid 295] <... mkdir resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 298] mkdir("./438", 0777 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 298] <... mkdir resumed>) = 0 [pid 299] mkdir("./433", 0777 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 295] <... openat resumed>) = 3 [pid 299] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 295] ioctl(3, LOOP_CLR_FD [pid 298] <... openat resumed>) = 3 [pid 299] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] ioctl(3, LOOP_CLR_FD [pid 295] close(3 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 298] close(3 [pid 295] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11276] <... write resumed>) = 1048576 [pid 11276] munmap(0x7fe453fca000, 138412032) = 0 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 11277 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 11278 [pid 11276] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11276] ioctl(4, LOOP_SET_FD, 3 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 11279 ./strace-static-x86_64: Process 11279 attached ./strace-static-x86_64: Process 11278 attached ./strace-static-x86_64: Process 11277 attached [pid 11277] set_robust_list(0x5555557b6760, 24) = 0 [pid 11277] chdir("./438") = 0 [pid 11277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11277] setpgid(0, 0) = 0 [pid 11277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11277] write(3, "1000", 4) = 4 [pid 11277] close(3) = 0 [pid 11277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11277] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11277] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11277] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11279] set_robust_list(0x5555557b6760, 24 [pid 11277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11277] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11278] set_robust_list(0x5555557b6760, 24 [pid 11277] <... mprotect resumed>) = 0 [pid 11277] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11279] <... set_robust_list resumed>) = 0 [pid 11278] <... set_robust_list resumed>) = 0 [pid 11277] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11279] chdir("./433" [pid 11277] <... clone3 resumed> => {parent_tid=[11280]}, 88) = 11280 [pid 11277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11277] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11277] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11276] <... ioctl resumed>) = 0 [pid 11276] close(3) = 0 [pid 11276] close(4./strace-static-x86_64: Process 11280 attached [pid 11280] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11280] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11280] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11280] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11277] <... futex resumed>) = 0 [pid 11277] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11277] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11280] <... futex resumed>) = 1 [pid 11280] memfd_create("syzkaller", 0) = 3 [pid 11280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11279] <... chdir resumed>) = 0 [pid 11278] chdir("./438" [pid 11279] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11278] <... chdir resumed>) = 0 [pid 11279] <... prctl resumed>) = 0 [pid 11278] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11279] setpgid(0, 0 [pid 11278] <... prctl resumed>) = 0 [pid 11278] setpgid(0, 0 [pid 11279] <... setpgid resumed>) = 0 [pid 11279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11278] <... setpgid resumed>) = 0 [pid 11278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11279] <... openat resumed>) = 3 [pid 11279] write(3, "1000", 4 [pid 11278] write(3, "1000", 4 [pid 11279] <... write resumed>) = 4 [pid 11278] <... write resumed>) = 4 [pid 11279] close(3 [pid 11278] close(3 [pid 11279] <... close resumed>) = 0 [pid 11278] <... close resumed>) = 0 [pid 11280] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11279] symlink("/dev/binderfs", "./binderfs" [pid 11278] symlink("/dev/binderfs", "./binderfs" [pid 11280] <... write resumed>) = 1048576 [pid 11280] munmap(0x7fe453fca000, 138412032) = 0 [pid 11280] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11280] ioctl(4, LOOP_SET_FD, 3 [pid 11279] <... symlink resumed>) = 0 [pid 11278] <... symlink resumed>) = 0 [pid 11270] <... mount resumed>) = 0 [pid 11279] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11278] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11279] <... futex resumed>) = 0 [pid 11280] <... ioctl resumed>) = 0 [pid 11280] close(3) = 0 [pid 11280] close(4 [pid 11276] <... close resumed>) = 0 [pid 11276] mkdir("./file0", 0777) = 0 [pid 11276] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11278] <... futex resumed>) = 0 [pid 11279] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11278] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11279] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11278] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11279] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11278] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11279] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11278] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11279] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11278] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11279] <... mprotect resumed>) = 0 [pid 11278] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11279] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11278] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11279] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11279] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 11283 attached [pid 11283] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11278] <... clone3 resumed> => {parent_tid=[11283]}, 88) = 11283 [pid 11279] <... clone3 resumed> => {parent_tid=[11284]}, 88) = 11284 [pid 11278] rt_sigprocmask(SIG_SETMASK, [], [pid 11279] rt_sigprocmask(SIG_SETMASK, [], [pid 11278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11279] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11278] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11283] <... set_robust_list resumed>) = 0 [pid 11283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11279] <... futex resumed>) = 0 [pid 11278] <... futex resumed>) = 0 [pid 11283] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11283] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11283] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 11284 attached [pid 11284] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11284] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11284] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11284] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11279] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11278] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11279] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11278] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11279] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11278] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11279] <... futex resumed>) = 1 [pid 11278] <... futex resumed>) = 1 [pid 11279] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11278] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11283] <... futex resumed>) = 0 [pid 11283] memfd_create("syzkaller", 0) = 3 [pid 11283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11284] <... futex resumed>) = 0 [pid 11283] <... mmap resumed>) = 0x7fe453fca000 [pid 11270] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11284] memfd_create("syzkaller", 0 [pid 11270] chdir("./file0") = 0 [pid 11284] <... memfd_create resumed>) = 3 [pid 11270] openat(AT_FDCWD, "/dev/loop1", O_RDWR [ 155.040510][T11276] loop2: detected capacity change from 0 to 2048 [ 155.064483][T11270] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 155.067951][T11280] loop3: detected capacity change from 0 to 2048 [pid 11284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11270] <... openat resumed>) = 4 [pid 11270] ioctl(4, LOOP_CLR_FD) = 0 [pid 11284] <... mmap resumed>) = 0x7fe453fca000 [pid 11270] close(4 [pid 11284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11270] <... close resumed>) = 0 [pid 11276] <... mount resumed>) = 0 [pid 11270] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11268] <... futex resumed>) = 0 [pid 11283] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11276] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11270] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11268] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11268] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11280] <... close resumed>) = 0 [pid 11270] <... openat resumed>) = 4 [pid 11280] mkdir("./file0", 0777 [pid 11276] <... openat resumed>) = 3 [pid 11270] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11280] <... mkdir resumed>) = 0 [pid 11276] chdir("./file0" [pid 11270] <... futex resumed>) = 1 [pid 11268] <... futex resumed>) = 0 [pid 11280] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11270] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11276] <... chdir resumed>) = 0 [pid 11268] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11276] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11268] <... futex resumed>) = 0 [pid 11270] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11268] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11276] <... openat resumed>) = 4 [pid 11268] <... futex resumed>) = 0 [pid 11270] <... write resumed>) = 16 [pid 11268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11270] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11276] ioctl(4, LOOP_CLR_FD [pid 11268] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11270] <... futex resumed>) = 0 [pid 11276] <... ioctl resumed>) = 0 [pid 11270] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11276] close(4 [pid 11268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11287]}, 88) = 11287 [pid 11276] <... close resumed>) = 0 [pid 11268] rt_sigprocmask(SIG_SETMASK, [], [pid 11276] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11275] <... futex resumed>) = 0 [pid 11268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11275] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11268] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11276] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11268] <... futex resumed>) = 0 [pid 11275] <... futex resumed>) = 0 [pid 11268] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11275] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11276] <... openat resumed>) = 4 [pid 11283] <... write resumed>) = 1048576 [pid 11276] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11283] munmap(0x7fe453fca000, 138412032 [pid 11276] <... futex resumed>) = 1 [pid 11275] <... futex resumed>) = 0 [pid 11275] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11275] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 ./strace-static-x86_64: Process 11287 attached [pid 11276] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11275] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11287] set_robust_list(0x7fe45c3c99a0, 24 [pid 11284] <... write resumed>) = 1048576 [pid 11283] <... munmap resumed>) = 0 [pid 11275] <... mprotect resumed>) = 0 [pid 11276] <... write resumed>) = 16 [pid 11275] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11276] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11275] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11276] <... futex resumed>) = 0 [pid 11275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11287] <... set_robust_list resumed>) = 0 [pid 11283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11276] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11284] munmap(0x7fe453fca000, 138412032 [pid 11275] <... clone3 resumed> => {parent_tid=[11288]}, 88) = 11288 ./strace-static-x86_64: Process 11288 attached [pid 11287] rt_sigprocmask(SIG_SETMASK, [], [pid 11284] <... munmap resumed>) = 0 [pid 11283] <... openat resumed>) = 4 [pid 11275] rt_sigprocmask(SIG_SETMASK, [], [pid 11288] set_robust_list(0x7fe45c3c99a0, 24 [pid 11284] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 155.102662][T11276] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11284] ioctl(4, LOOP_SET_FD, 3 [pid 11288] <... set_robust_list resumed>) = 0 [pid 11287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11283] ioctl(4, LOOP_SET_FD, 3 [pid 11275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11288] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11287] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11287] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11268] <... futex resumed>) = 0 [pid 11287] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11268] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11270] <... futex resumed>) = 0 [pid 11268] <... futex resumed>) = 1 [pid 11270] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11268] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11270] <... mmap resumed>) = 0x20000000 [pid 11270] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11268] <... futex resumed>) = 0 [pid 11270] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11268] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11268] <... futex resumed>) = 0 [pid 11268] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11284] <... ioctl resumed>) = 0 [pid 11275] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11284] close(3 [pid 11275] <... futex resumed>) = 1 [pid 11284] <... close resumed>) = 0 [pid 11275] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11284] close(4 [pid 11288] <... futex resumed>) = 0 [pid 11283] <... ioctl resumed>) = 0 [pid 11288] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11288] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11275] <... futex resumed>) = 0 [pid 11275] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11275] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11288] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11283] close(3) = 0 [pid 11283] close(4 [pid 11276] <... futex resumed>) = 0 [pid 11276] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11270] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11270] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11270] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11270] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11276] <... mmap resumed>) = 0x20000000 [pid 11268] <... futex resumed>) = 0 [pid 11276] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11275] <... futex resumed>) = 0 [pid 11275] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11268] exit_group(0 [pid 11287] <... futex resumed>) = ? [pid 11268] <... exit_group resumed>) = ? [pid 11287] +++ exited with 0 +++ [pid 11270] <... futex resumed>) = ? [pid 11270] +++ exited with 0 +++ [pid 11268] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11268, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 296] umount2("./438", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./438", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./438/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./438/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./438/binderfs") = 0 [pid 296] umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11275] <... futex resumed>) = 0 [pid 11275] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11276] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11276] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11276] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11276] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11275] <... futex resumed>) = 0 [pid 11275] exit_group(0) = ? [pid 11288] <... futex resumed>) = ? [pid 11288] +++ exited with 0 +++ [pid 11276] <... futex resumed>) = ? [pid 11276] +++ exited with 0 +++ [pid 11275] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11275, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./438", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./438", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./438/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./438/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./438/binderfs") = 0 [pid 297] umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11284] <... close resumed>) = 0 [ 155.143638][T11284] loop4: detected capacity change from 0 to 2048 [ 155.149526][T11283] loop0: detected capacity change from 0 to 2048 [ 155.150686][T11270] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 155.173100][T11276] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11284] mkdir("./file0", 0777) = 0 [pid 11284] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11280] <... mount resumed>) = 0 [pid 11280] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11280] chdir("./file0") = 0 [pid 11280] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11280] ioctl(4, LOOP_CLR_FD) = 0 [pid 11280] close(4) = 0 [pid 11280] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11280] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11277] <... futex resumed>) = 0 [pid 11277] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11277] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11280] <... futex resumed>) = 0 [pid 11280] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11280] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11277] <... futex resumed>) = 0 [pid 11280] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11277] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11280] <... write resumed>) = 16 [pid 11277] <... futex resumed>) = 0 [pid 11280] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11280] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11277] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11280] <... futex resumed>) = 0 [pid 11277] <... futex resumed>) = 1 [pid 11280] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11277] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11283] <... close resumed>) = 0 [pid 11280] <... write resumed>) = 16 [pid 296] <... umount2 resumed>) = 0 [pid 11283] mkdir("./file0", 0777 [pid 11280] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11280] <... futex resumed>) = 1 [pid 11277] <... futex resumed>) = 0 [pid 11283] <... mkdir resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11283] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11280] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11277] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11280] <... mmap resumed>) = 0x20000000 [pid 11277] <... futex resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./438/file0", [pid 11280] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11277] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11280] <... futex resumed>) = 0 [pid 11277] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11277] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11277] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./438/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./438/file0") = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./438") = 0 [pid 296] mkdir("./439", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11292 ./strace-static-x86_64: Process 11292 attached [pid 11292] set_robust_list(0x5555557b6760, 24) = 0 [pid 11292] chdir("./439") = 0 [pid 11292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11292] setpgid(0, 0) = 0 [pid 11280] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11292] write(3, "1000", 4) = 4 [pid 11292] close(3) = 0 [pid 11292] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11292] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11292] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11292] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11292] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11292] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11294]}, 88) = 11294 [pid 11292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11292] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11292] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11294 attached [pid 11294] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11294] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11294] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11292] <... futex resumed>) = 0 [pid 11292] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11292] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11294] <... futex resumed>) = 1 [pid 11294] memfd_create("syzkaller", 0) = 3 [pid 11294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11280] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11280] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11277] <... futex resumed>) = 0 [pid 11280] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11277] exit_group(0) = ? [pid 11280] <... futex resumed>) = ? [pid 11280] +++ exited with 0 +++ [pid 11277] +++ exited with 0 +++ [pid 11294] <... write resumed>) = 1048576 [pid 11294] munmap(0x7fe453fca000, 138412032 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11277, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 11294] <... munmap resumed>) = 0 [pid 11294] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 298] restart_syscall(<... resuming interrupted clone ...> [ 155.193651][T11280] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 155.215906][T11280] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 155.232096][T11284] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11294] ioctl(4, LOOP_SET_FD, 3 [pid 11284] <... mount resumed>) = 0 [pid 298] <... restart_syscall resumed>) = 0 [pid 298] umount2("./438", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./438", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./438/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./438/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./438/binderfs") = 0 [pid 298] umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11284] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11284] chdir("./file0") = 0 [pid 11284] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11284] ioctl(4, LOOP_CLR_FD) = 0 [pid 11284] close(4) = 0 [pid 11284] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11279] <... futex resumed>) = 0 [pid 11279] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11279] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11294] <... ioctl resumed>) = 0 [pid 11284] <... futex resumed>) = 1 [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./438/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./438/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./438/file0") = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./438") = 0 [pid 297] mkdir("./439", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11296 [pid 11284] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11294] close(3) = 0 [pid 11294] close(4) = 0 [pid 11294] mkdir("./file0", 0777) = 0 [pid 11294] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11284] <... openat resumed>) = 4 ./strace-static-x86_64: Process 11296 attached [pid 11296] set_robust_list(0x5555557b6760, 24) = 0 [pid 11296] chdir("./439") = 0 [pid 11296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11296] setpgid(0, 0) = 0 [pid 11296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11284] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11279] <... futex resumed>) = 0 [pid 11284] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11279] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11279] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11279] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11279] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11279] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11298]}, 88) = 11298 [pid 11279] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11279] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11279] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11296] <... openat resumed>) = 3 [pid 11296] write(3, "1000", 4) = 4 [pid 11296] close(3) = 0 [pid 11296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11296] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11296] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11296] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11296] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11296] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] <... umount2 resumed>) = 0 [pid 11296] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11299]}, 88) = 11299 [pid 11296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11296] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11296] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11299 attached [pid 11299] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11299] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11299] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11296] <... futex resumed>) = 0 [pid 11296] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11296] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11299] <... futex resumed>) = 1 [pid 11299] memfd_create("syzkaller", 0) = 3 [pid 11299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 298] umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./438/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11284] <... write resumed>) = 16 [pid 298] umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./438/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 155.246115][T11294] loop1: detected capacity change from 0 to 2048 [pid 11284] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] getdents64(4, [pid 11284] <... futex resumed>) = 0 [pid 11284] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./438/file0" [pid 11299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 298] <... rmdir resumed>) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./438") = 0 [pid 298] mkdir("./439", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11299] <... write resumed>) = 1048576 [pid 11299] munmap(0x7fe453fca000, 138412032) = 0 [pid 11299] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11299] ioctl(4, LOOP_SET_FD, 3 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 11301 [pid 11299] <... ioctl resumed>) = 0 [pid 11299] close(3) = 0 [pid 11299] close(4) = 0 [pid 11299] mkdir("./file0", 0777) = 0 [pid 11299] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue"./strace-static-x86_64: Process 11298 attached [pid 11298] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11298] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11298] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11298] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 11301 attached [pid 11301] set_robust_list(0x5555557b6760, 24) = 0 [pid 11301] chdir("./439" [pid 11279] <... futex resumed>) = 0 [pid 11301] <... chdir resumed>) = 0 [pid 11301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11279] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11279] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11301] setpgid(0, 0) = 0 [pid 11301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11301] write(3, "1000", 4) = 4 [pid 11301] close(3) = 0 [pid 11301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11301] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11301] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11301] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11301] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11303]}, 88) = 11303 [pid 11301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11301] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11301] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11284] <... futex resumed>) = 0 [pid 11283] <... mount resumed>) = 0 [pid 11283] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11283] chdir("./file0") = 0 [pid 11283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11283] ioctl(4, LOOP_CLR_FD) = 0 [pid 11283] close(4) = 0 [pid 11283] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11278] <... futex resumed>) = 0 [pid 11278] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11278] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11283] <... futex resumed>) = 1 [pid 11283] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 11303 attached [pid 11303] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11303] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11303] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11301] <... futex resumed>) = 0 [pid 11301] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11301] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11303] <... futex resumed>) = 1 [pid 11303] memfd_create("syzkaller", 0) = 3 [pid 11303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11284] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 11284] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11279] <... futex resumed>) = 0 [pid 11284] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11283] <... openat resumed>) = 4 [pid 11279] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11283] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [ 155.322353][T11299] loop2: detected capacity change from 0 to 2048 [ 155.323099][T11283] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11279] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 11303] munmap(0x7fe453fca000, 138412032) = 0 [pid 11303] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11283] <... futex resumed>) = 1 [pid 11303] close(3 [pid 11283] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11303] <... close resumed>) = 0 [pid 11303] close(4 [pid 11278] <... futex resumed>) = 0 [pid 11278] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11283] <... futex resumed>) = 0 [pid 11278] <... futex resumed>) = 1 [pid 11283] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11278] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11283] <... write resumed>) = 16 [pid 11278] <... futex resumed>) = 0 [pid 11283] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11283] <... futex resumed>) = 0 [pid 11278] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11283] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11278] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11278] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11306]}, 88) = 11306 [pid 11278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11278] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11278] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11306 attached [pid 11294] <... mount resumed>) = 0 [pid 11284] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11306] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11306] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11306] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11278] <... futex resumed>) = 0 [pid 11306] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11278] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11283] <... futex resumed>) = 0 [pid 11278] <... futex resumed>) = 1 [pid 11283] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11278] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11283] <... mmap resumed>) = 0x20000000 [pid 11283] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11278] <... futex resumed>) = 0 [pid 11283] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11278] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11278] <... futex resumed>) = 0 [pid 11299] <... mount resumed>) = 0 [pid 11294] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11284] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11294] <... openat resumed>) = 3 [pid 11284] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11294] chdir("./file0" [pid 11284] <... futex resumed>) = 1 [pid 11299] chdir("./file0" [pid 11294] <... chdir resumed>) = 0 [pid 11299] <... chdir resumed>) = 0 [pid 11284] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11294] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11299] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11294] <... openat resumed>) = 4 [pid 11299] <... openat resumed>) = 4 [pid 11299] ioctl(4, LOOP_CLR_FD) = 0 [pid 11294] ioctl(4, LOOP_CLR_FD) = 0 [pid 11299] close(4 [pid 11294] close(4 [pid 11299] <... close resumed>) = 0 [pid 11294] <... close resumed>) = 0 [pid 11294] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11299] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11292] <... futex resumed>) = 0 [pid 11292] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11292] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11296] <... futex resumed>) = 0 [pid 11296] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11296] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11294] <... futex resumed>) = 1 [pid 11299] <... futex resumed>) = 1 [pid 11294] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 155.364011][T11284] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 155.376012][T11303] loop3: detected capacity change from 0 to 2048 [ 155.380073][T11294] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 155.395199][T11299] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11299] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11278] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11279] <... futex resumed>) = 0 [pid 11279] exit_group(0 [pid 11298] <... futex resumed>) = ? [pid 11279] <... exit_group resumed>) = ? [pid 11298] +++ exited with 0 +++ [pid 11284] <... futex resumed>) = ? [pid 11284] +++ exited with 0 +++ [pid 11279] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11279, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 299] umount2("./433", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./433", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, [pid 11299] <... openat resumed>) = 4 [pid 11294] <... openat resumed>) = 4 [pid 11283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11299] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11296] <... futex resumed>) = 0 [pid 11299] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11296] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11296] <... futex resumed>) = 0 [pid 11299] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11296] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11299] <... write resumed>) = 16 [pid 11296] <... futex resumed>) = 0 [pid 11299] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11299] <... futex resumed>) = 0 [pid 11296] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11299] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11296] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11294] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11283] sendfile(-1, -1, [0] [pid 299] umount2("./433/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11294] <... futex resumed>) = 1 [pid 11292] <... futex resumed>) = 0 [pid 11283] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 11307 attached [pid 11296] <... clone3 resumed> => {parent_tid=[11307]}, 88) = 11307 [pid 11294] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11292] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11283] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(AT_FDCWD, "./433/binderfs", [pid 11307] set_robust_list(0x7fe45c3c99a0, 24 [pid 11294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11296] rt_sigprocmask(SIG_SETMASK, [], [pid 11283] <... futex resumed>) = 1 [pid 11278] <... futex resumed>) = 0 [pid 11292] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11294] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11283] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11278] exit_group(0 [pid 299] unlink("./433/binderfs" [pid 11307] <... set_robust_list resumed>) = 0 [pid 11306] <... futex resumed>) = ? [pid 11296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11294] <... write resumed>) = 16 [pid 11292] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11283] <... futex resumed>) = ? [pid 11278] <... exit_group resumed>) = ? [pid 299] <... unlink resumed>) = 0 [pid 11307] rt_sigprocmask(SIG_SETMASK, [], [pid 11306] +++ exited with 0 +++ [pid 11296] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11294] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11292] <... futex resumed>) = 0 [pid 11283] +++ exited with 0 +++ [pid 11278] +++ exited with 0 +++ [pid 299] umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11307] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11296] <... futex resumed>) = 0 [pid 11294] <... futex resumed>) = 0 [pid 11292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11278, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 11296] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11294] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11292] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11292] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11307] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11307] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11296] <... futex resumed>) = 0 [pid 11292] <... mprotect resumed>) = 0 [pid 295] umount2("./438", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11307] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11296] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11292] rt_sigprocmask(SIG_BLOCK, ~[], [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11299] <... futex resumed>) = 0 [pid 11296] <... futex resumed>) = 1 [pid 11292] <... rt_sigprocmask resumed>[], 8) = 0 [pid 295] openat(AT_FDCWD, "./438", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11299] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11296] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 295] <... openat resumed>) = 3 [pid 11299] <... mmap resumed>) = 0x20000000 [pid 295] newfstatat(3, "", ./strace-static-x86_64: Process 11308 attached [pid 11299] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11292] <... clone3 resumed> => {parent_tid=[11308]}, 88) = 11308 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11299] <... futex resumed>) = 1 [pid 11296] <... futex resumed>) = 0 [pid 11292] rt_sigprocmask(SIG_SETMASK, [], [pid 11299] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11296] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] getdents64(3, [pid 11299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11296] <... futex resumed>) = 0 [pid 11292] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11308] set_robust_list(0x7fe45c3c99a0, 24 [pid 11296] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11292] <... futex resumed>) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11308] <... set_robust_list resumed>) = 0 [pid 11308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11308] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11308] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11308] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11292] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 11292] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11294] <... futex resumed>) = 0 [pid 11292] <... futex resumed>) = 1 [pid 11294] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11292] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11294] <... mmap resumed>) = 0x20000000 [pid 11294] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11292] <... futex resumed>) = 0 [pid 11294] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11292] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11292] <... futex resumed>) = 0 [pid 295] umount2("./438/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./438/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./438/binderfs") = 0 [pid 295] umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11299] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11299] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11299] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11296] <... futex resumed>) = 0 [pid 11296] exit_group(0) = ? [pid 11307] <... futex resumed>) = ? [pid 11307] +++ exited with 0 +++ [pid 11299] <... futex resumed>) = ? [pid 11299] +++ exited with 0 +++ [pid 11296] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11296, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./439", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./439", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./439/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./439/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./439/binderfs") = 0 [pid 297] umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11292] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11303] <... close resumed>) = 0 [pid 11303] mkdir("./file0", 0777) = 0 [pid 11303] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11294] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11294] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11294] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11292] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 11292] exit_group(0 [pid 11308] <... futex resumed>) = ? [pid 11292] <... exit_group resumed>) = ? [pid 299] umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11308] +++ exited with 0 +++ [pid 11294] <... futex resumed>) = ? [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./433/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./433/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./433/file0" [pid 11294] +++ exited with 0 +++ [pid 11292] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11292, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 299] <... rmdir resumed>) = 0 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./433" [pid 296] <... restart_syscall resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 299] mkdir("./434", 0777 [pid 296] umount2("./439", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./439", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./439/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... openat resumed>) = 3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] ioctl(3, LOOP_CLR_FD [pid 296] newfstatat(AT_FDCWD, "./439/binderfs", [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] close(3 [pid 296] unlink("./439/binderfs") = 0 [pid 299] <... close resumed>) = 0 [pid 296] umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11309 ./strace-static-x86_64: Process 11309 attached [pid 11309] set_robust_list(0x5555557b6760, 24) = 0 [pid 11309] chdir("./434") = 0 [pid 11309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11309] setpgid(0, 0) = 0 [pid 11309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11309] write(3, "1000", 4) = 4 [pid 11309] close(3) = 0 [pid 11309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11309] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11309] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11309] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11309] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 11310 attached => {parent_tid=[11310]}, 88) = 11310 [pid 11309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11309] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11309] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11310] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11310] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11310] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11309] <... futex resumed>) = 0 [pid 11309] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11309] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11310] memfd_create("syzkaller", 0) = 3 [pid 11310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [ 155.397709][T11283] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 155.430009][T11299] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 155.433511][T11294] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 11310] munmap(0x7fe453fca000, 138412032) = 0 [pid 11310] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11310] ioctl(4, LOOP_SET_FD, 3 [pid 297] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 295] umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./439/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./439/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] newfstatat(AT_FDCWD, "./438/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./439/file0", [pid 295] openat(AT_FDCWD, "./438/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] getdents64(4, [pid 295] <... openat resumed>) = 4 [pid 297] openat(AT_FDCWD, "./439/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] newfstatat(4, "", [pid 297] <... openat resumed>) = 4 [pid 296] getdents64(4, [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(4, "", [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] close(4 [pid 297] getdents64(4, [pid 296] <... close resumed>) = 0 [pid 295] getdents64(4, [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, [pid 296] rmdir("./439/file0" [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] close(4 [pid 296] <... rmdir resumed>) = 0 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4 [pid 297] <... close resumed>) = 0 [pid 296] getdents64(3, [pid 295] <... close resumed>) = 0 [pid 295] rmdir("./438/file0" [pid 297] rmdir("./439/file0" [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./438" [pid 297] <... rmdir resumed>) = 0 [pid 296] close(3 [pid 295] <... rmdir resumed>) = 0 [pid 297] getdents64(3, [pid 295] mkdir("./439", 0777 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] <... close resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 297] close(3 [pid 296] rmdir("./439" [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 297] <... close resumed>) = 0 [pid 297] rmdir("./439" [pid 296] <... rmdir resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11313 ./strace-static-x86_64: Process 11313 attached [pid 11313] set_robust_list(0x5555557b6760, 24) = 0 [pid 11313] chdir("./439") = 0 [pid 11313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11313] setpgid(0, 0) = 0 [pid 11313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11313] write(3, "1000", 4) = 4 [pid 11313] close(3) = 0 [pid 11313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11313] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11313] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11313] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11314]}, 88) = 11314 [pid 11313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11313] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11313] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... rmdir resumed>) = 0 [pid 296] mkdir("./440", 0777 [pid 297] mkdir("./440", 0777 [pid 296] <... mkdir resumed>) = 0 [pid 11310] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 11314 attached [pid 11314] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11310] close(3 [pid 11314] <... set_robust_list resumed>) = 0 [pid 11310] <... close resumed>) = 0 [pid 11314] rt_sigprocmask(SIG_SETMASK, [], [pid 11310] close(4 [pid 11314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11314] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11314] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11313] <... futex resumed>) = 0 [pid 11313] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11313] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11314] <... futex resumed>) = 1 [pid 11314] memfd_create("syzkaller", 0) = 3 [pid 11314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 297] <... mkdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11303] <... mount resumed>) = 0 [pid 11303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11303] chdir("./file0") = 0 [pid 11303] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11303] ioctl(4, LOOP_CLR_FD) = 0 [pid 11303] close(4) = 0 [pid 11303] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 11301] <... futex resumed>) = 0 [pid 297] ioctl(3, LOOP_CLR_FD [pid 11301] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] ioctl(3, LOOP_CLR_FD [pid 11301] <... futex resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11301] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] close(3 [pid 11303] <... futex resumed>) = 1 [pid 11303] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 296] close(3 [pid 297] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11315 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 11316 [pid 11314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 11315 attached [pid 11315] set_robust_list(0x5555557b6760, 24) = 0 [pid 11315] chdir("./440") = 0 [pid 11315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11315] setpgid(0, 0) = 0 [pid 11315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11310] <... close resumed>) = 0 [pid 11303] <... openat resumed>) = 4 ./strace-static-x86_64: Process 11316 attached [pid 11310] mkdir("./file0", 0777 [pid 11303] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11301] <... futex resumed>) = 0 [pid 11301] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11315] <... openat resumed>) = 3 [pid 11301] <... futex resumed>) = 0 [pid 11315] write(3, "1000", 4) = 4 [pid 11315] close(3) = 0 [pid 11315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11303] <... futex resumed>) = 1 [pid 11301] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11303] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11301] <... futex resumed>) = 0 [pid 11310] <... mkdir resumed>) = 0 [pid 11301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11303] <... write resumed>) = 16 [pid 11310] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11301] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11303] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11301] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11316] set_robust_list(0x5555557b6760, 24 [pid 11303] <... futex resumed>) = 0 [pid 11301] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11303] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11301] <... clone3 resumed> => {parent_tid=[11317]}, 88) = 11317 [pid 11301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11301] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11301] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11316] <... set_robust_list resumed>) = 0 [pid 11316] chdir("./440" [pid 11314] <... write resumed>) = 1048576 [pid 11316] <... chdir resumed>) = 0 [pid 11316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11314] munmap(0x7fe453fca000, 138412032 [pid 11316] setpgid(0, 0) = 0 [pid 11316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11314] <... munmap resumed>) = 0 [pid 11314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11314] ioctl(4, LOOP_SET_FD, 3 [ 155.499866][T11310] loop4: detected capacity change from 0 to 2048 [ 155.528190][T11303] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11316] write(3, "1000", 4) = 4 [pid 11316] close(3) = 0 [pid 11316] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 11317 attached ) = 0 [pid 11315] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11316] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11316] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11316] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11316] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11316] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11316] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11318]}, 88) = 11318 [pid 11316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11316] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11316] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11315] <... futex resumed>) = 0 [pid 11315] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11314] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 11318 attached [pid 11317] set_robust_list(0x7fe45c3c99a0, 24 [pid 11315] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11314] close(3 [pid 11318] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11317] <... set_robust_list resumed>) = 0 [pid 11315] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11314] <... close resumed>) = 0 [pid 11317] rt_sigprocmask(SIG_SETMASK, [], [pid 11315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11314] close(4 [pid 11318] <... set_robust_list resumed>) = 0 [pid 11317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11317] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11315] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11318] rt_sigprocmask(SIG_SETMASK, [], [pid 11317] <... write resumed>) = 16 [pid 11315] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11317] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11315] <... mprotect resumed>) = 0 [pid 11318] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11317] <... futex resumed>) = 1 [pid 11315] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11301] <... futex resumed>) = 0 [pid 11318] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11317] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11315] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11301] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11318] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11303] <... futex resumed>) = 0 [pid 11301] <... futex resumed>) = 1 [pid 11315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11303] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11301] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11318] <... futex resumed>) = 1 [pid 11316] <... futex resumed>) = 0 [pid 11303] <... mmap resumed>) = 0x20000000 [pid 11318] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11316] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11303] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11303] <... futex resumed>) = 1 [pid 11316] <... futex resumed>) = 0 [pid 11301] <... futex resumed>) = 0 [pid 11303] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11301] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11316] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11315] <... clone3 resumed> => {parent_tid=[11319]}, 88) = 11319 [pid 11303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11301] <... futex resumed>) = 0 [pid 11318] memfd_create("syzkaller", 0) = 3 [pid 11318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 11318] munmap(0x7fe453fca000, 138412032) = 0 [pid 11318] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11318] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 11319 attached [pid 11315] rt_sigprocmask(SIG_SETMASK, [], [pid 11303] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11301] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11319] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11319] <... set_robust_list resumed>) = 0 [pid 11315] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11319] rt_sigprocmask(SIG_SETMASK, [], [pid 11315] <... futex resumed>) = 0 [pid 11319] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11315] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11319] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11319] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11315] <... futex resumed>) = 0 [pid 11319] memfd_create("syzkaller", 0 [pid 11315] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11319] <... memfd_create resumed>) = 3 [pid 11315] <... futex resumed>) = 0 [pid 11319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11315] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11319] <... mmap resumed>) = 0x7fe453fca000 [pid 11318] <... ioctl resumed>) = 0 [pid 11303] sendfile(-1, -1, [0] [pid 11318] close(3) = 0 [pid 11318] close(4 [pid 11303] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11303] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11301] <... futex resumed>) = 0 [pid 11301] exit_group(0 [pid 11317] <... futex resumed>) = ? [pid 11301] <... exit_group resumed>) = ? [pid 11317] +++ exited with 0 +++ [pid 11319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11303] +++ exited with 0 +++ [pid 11301] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11301, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./439", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./439", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11319] <... write resumed>) = 1048576 [pid 298] umount2("./439/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11319] munmap(0x7fe453fca000, 138412032 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./439/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./439/binderfs") = 0 [pid 298] umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11319] <... munmap resumed>) = 0 [pid 11319] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11319] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11314] <... close resumed>) = 0 [pid 11319] close(3 [pid 11314] mkdir("./file0", 0777 [pid 11319] <... close resumed>) = 0 [pid 11314] <... mkdir resumed>) = 0 [pid 11314] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11319] close(4 [pid 11318] <... close resumed>) = 0 [ 155.567363][T11314] loop0: detected capacity change from 0 to 2048 [ 155.577559][T11303] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 155.589810][T11318] loop2: detected capacity change from 0 to 2048 [ 155.608888][T11319] loop1: detected capacity change from 0 to 2048 [pid 11318] mkdir("./file0", 0777) = 0 [pid 11319] <... close resumed>) = 0 [pid 11318] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11319] mkdir("./file0", 0777) = 0 [pid 11319] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11310] <... mount resumed>) = 0 [pid 11310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11310] chdir("./file0") = 0 [pid 11310] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11310] ioctl(4, LOOP_CLR_FD) = 0 [pid 11310] close(4) = 0 [pid 11310] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11309] <... futex resumed>) = 0 [pid 11309] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11309] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11310] <... futex resumed>) = 1 [pid 11310] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 298] <... umount2 resumed>) = 0 [pid 11310] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11309] <... futex resumed>) = 0 [pid 11309] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11309] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11309] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11322]}, 88) = 11322 [pid 11309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11309] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11309] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11310] <... futex resumed>) = 1 [pid 11310] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11310] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11310] <... futex resumed>) = 0 [pid 11310] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 11322 attached [pid 11322] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11322] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 298] newfstatat(AT_FDCWD, "./439/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./439/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./439/file0" [pid 11322] <... write resumed>) = 16 [pid 11322] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... rmdir resumed>) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./439") = 0 [pid 298] mkdir("./440", 0777 [pid 11309] <... futex resumed>) = 0 [pid 11309] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 298] <... mkdir resumed>) = 0 [pid 11309] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 11310] <... futex resumed>) = 0 [pid 298] close(3 [pid 11310] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 298] <... close resumed>) = 0 [pid 11310] <... mmap resumed>) = 0x20000000 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11310] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11309] <... futex resumed>) = 0 ./strace-static-x86_64: Process 11329 attached [pid 11322] <... futex resumed>) = 1 [pid 11309] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11329] set_robust_list(0x5555557b6760, 24 [pid 11322] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11329] <... set_robust_list resumed>) = 0 [pid 11329] chdir("./440") = 0 [pid 11329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11329] setpgid(0, 0) = 0 [pid 11329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11329] write(3, "1000", 4) = 4 [pid 11329] close(3) = 0 [pid 11329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11329] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11329] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11329] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11330]}, 88) = 11330 [pid 11329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11329] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 155.622612][T11310] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 155.653810][T11310] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11329] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11309] <... futex resumed>) = 0 [pid 11314] <... mount resumed>) = 0 [pid 11314] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11314] chdir("./file0") = 0 [pid 11314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11314] ioctl(4, LOOP_CLR_FD) = 0 [pid 11314] close(4) = 0 [pid 11314] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11314] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 11329 ./strace-static-x86_64: Process 11330 attached [pid 11330] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11330] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11313] <... futex resumed>) = 0 [pid 11313] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11309] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11313] <... futex resumed>) = 1 [pid 11330] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11319] <... mount resumed>) = 0 [pid 11314] <... futex resumed>) = 0 [pid 11313] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11330] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11314] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11310] sendfile(-1, -1, [0] [pid 11330] <... futex resumed>) = 1 [pid 11329] <... futex resumed>) = 0 [pid 11314] <... openat resumed>) = 4 [pid 11310] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11330] memfd_create("syzkaller", 0 [pid 11329] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11314] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11310] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11330] <... memfd_create resumed>) = 3 [pid 11329] <... futex resumed>) = 0 [pid 11314] <... futex resumed>) = 1 [pid 11313] <... futex resumed>) = 0 [pid 11310] <... futex resumed>) = 1 [pid 11309] <... futex resumed>) = 0 [pid 11330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11329] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11314] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11313] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11310] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11309] exit_group(0 [pid 11330] <... mmap resumed>) = 0x7fe453fca000 [pid 11322] <... futex resumed>) = ? [pid 11314] <... write resumed>) = 16 [pid 11313] <... futex resumed>) = 0 [pid 11310] <... futex resumed>) = ? [pid 11309] <... exit_group resumed>) = ? [pid 11322] +++ exited with 0 +++ [pid 11314] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11313] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11310] +++ exited with 0 +++ [pid 11309] +++ exited with 0 +++ [pid 11314] <... futex resumed>) = 0 [pid 11313] <... futex resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11309, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 11314] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11313] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 299] umount2("./434", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11313] <... mprotect resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11313] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] openat(AT_FDCWD, "./434", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11313] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] <... openat resumed>) = 3 [pid 11313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11313] <... clone3 resumed> => {parent_tid=[11331]}, 88) = 11331 [pid 299] getdents64(3, [pid 11313] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] umount2("./434/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11313] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11313] <... futex resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./434/binderfs", [pid 11313] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./434/binderfs") = 0 [pid 11319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11318] <... mount resumed>) = 0 [pid 299] umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 11331 attached [pid 11330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11319] <... openat resumed>) = 3 [pid 11318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11319] chdir("./file0" [pid 11318] <... openat resumed>) = 3 [pid 11319] <... chdir resumed>) = 0 [pid 11318] chdir("./file0") = 0 [pid 11318] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11318] ioctl(4, LOOP_CLR_FD) = 0 [pid 11318] close(4 [pid 11331] set_robust_list(0x7fe45c3c99a0, 24 [pid 11330] <... write resumed>) = 1048576 [pid 11319] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11318] <... close resumed>) = 0 [pid 11331] <... set_robust_list resumed>) = 0 [pid 11319] <... openat resumed>) = 4 [pid 11331] rt_sigprocmask(SIG_SETMASK, [], [pid 11319] ioctl(4, LOOP_CLR_FD [pid 11331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11319] <... ioctl resumed>) = 0 [pid 11331] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11319] close(4 [pid 11331] <... write resumed>) = 16 [pid 11319] <... close resumed>) = 0 [pid 11331] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11319] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11331] <... futex resumed>) = 1 [pid 11319] <... futex resumed>) = 1 [pid 11315] <... futex resumed>) = 0 [pid 11313] <... futex resumed>) = 0 [pid 11331] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11319] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11315] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11313] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11318] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11315] <... futex resumed>) = 0 [pid 11314] <... futex resumed>) = 0 [pid 11313] <... futex resumed>) = 1 [pid 11319] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11318] <... futex resumed>) = 1 [pid 11316] <... futex resumed>) = 0 [pid 11315] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11314] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11313] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11330] munmap(0x7fe453fca000, 138412032 [pid 11319] <... openat resumed>) = 4 [pid 11318] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11316] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11314] <... mmap resumed>) = 0x20000000 [pid 11330] <... munmap resumed>) = 0 [pid 11319] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11316] <... futex resumed>) = 0 [pid 11314] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11330] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11319] <... futex resumed>) = 1 [pid 11318] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11316] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11315] <... futex resumed>) = 0 [pid 11314] <... futex resumed>) = 1 [pid 11313] <... futex resumed>) = 0 [pid 11330] <... openat resumed>) = 4 [pid 11319] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11318] <... openat resumed>) = 4 [pid 11315] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11314] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11313] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11330] ioctl(4, LOOP_SET_FD, 3 [pid 11319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 155.670120][T11314] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 155.670658][T11319] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 155.692283][T11318] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 155.703046][T10458] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [pid 11318] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11315] <... futex resumed>) = 0 [pid 11314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11313] <... futex resumed>) = 0 [pid 11319] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11318] <... futex resumed>) = 1 [pid 11316] <... futex resumed>) = 0 [pid 11318] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11316] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11316] <... futex resumed>) = 0 [pid 11318] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11316] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11318] <... write resumed>) = 16 [pid 11316] <... futex resumed>) = 0 [pid 11318] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11318] <... futex resumed>) = 0 [pid 11316] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11318] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11316] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11316] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11316] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11332]}, 88) = 11332 [pid 11316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11316] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11316] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11315] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11315] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11333]}, 88) = 11333 [pid 11315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11315] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11315] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11313] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11319] <... write resumed>) = 16 [pid 11319] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11319] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11330] <... ioctl resumed>) = 0 [pid 11330] close(3) = 0 [pid 11330] close(4) = 0 [pid 11330] mkdir("./file0", 0777) = 0 ./strace-static-x86_64: Process 11333 attached ./strace-static-x86_64: Process 11332 attached [pid 11314] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 299] <... umount2 resumed>) = 0 [pid 11333] set_robust_list(0x7fe45c3c99a0, 24 [pid 11332] set_robust_list(0x7fe45c3c99a0, 24 [pid 11330] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11333] <... set_robust_list resumed>) = 0 [pid 11332] <... set_robust_list resumed>) = 0 [pid 11333] rt_sigprocmask(SIG_SETMASK, [], [pid 11332] rt_sigprocmask(SIG_SETMASK, [], [pid 11333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11333] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11332] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11333] <... write resumed>) = 16 [pid 11332] <... write resumed>) = 16 [pid 11333] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11332] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11333] <... futex resumed>) = 1 [pid 11332] <... futex resumed>) = 1 [pid 11316] <... futex resumed>) = 0 [pid 11315] <... futex resumed>) = 0 [pid 299] umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11333] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11332] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11316] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11315] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11319] <... futex resumed>) = 0 [pid 11318] <... futex resumed>) = 0 [pid 11316] <... futex resumed>) = 1 [pid 11315] <... futex resumed>) = 1 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11319] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11318] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11316] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11315] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11319] <... mmap resumed>) = 0x20000000 [pid 11318] <... mmap resumed>) = 0x20000000 [pid 11319] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11318] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11319] <... futex resumed>) = 1 [pid 11318] <... futex resumed>) = 1 [pid 11316] <... futex resumed>) = 0 [pid 11315] <... futex resumed>) = 0 [pid 11319] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11316] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11315] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11314] sendfile(-1, -1, [0] [pid 299] newfstatat(AT_FDCWD, "./434/file0", [pid 11319] sendfile(-1, -1, [0] [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11319] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11319] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11319] <... futex resumed>) = 0 [pid 11319] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./434/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./434/file0") = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./434") = 0 [pid 299] mkdir("./435", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11334 [pid 11314] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11314] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11313] <... futex resumed>) = 0 [pid 11313] exit_group(0 [pid 11331] <... futex resumed>) = ? [pid 11313] <... exit_group resumed>) = ? [pid 11331] +++ exited with 0 +++ [pid 11314] <... futex resumed>) = ? [pid 11314] +++ exited with 0 +++ [pid 11313] +++ exited with 0 +++ ./strace-static-x86_64: Process 11334 attached [pid 11319] <... futex resumed>) = 0 [pid 11316] <... futex resumed>) = 0 [pid 11315] <... futex resumed>) = 1 [pid 11334] set_robust_list(0x5555557b6760, 24 [pid 11319] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11334] <... set_robust_list resumed>) = 0 [pid 11316] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11313, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 11315] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11334] chdir("./435" [pid 11315] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11334] <... chdir resumed>) = 0 [pid 11315] exit_group(0 [pid 11334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11334] setpgid(0, 0) = 0 [pid 11333] <... futex resumed>) = ? [pid 11315] <... exit_group resumed>) = ? [pid 11334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11319] <... futex resumed>) = ? [pid 295] umount2("./439", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11333] +++ exited with 0 +++ [pid 11334] <... openat resumed>) = 3 [pid 11334] write(3, "1000", 4) = 4 [pid 11334] close(3) = 0 [pid 11334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11334] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11319] +++ exited with 0 +++ [pid 11315] +++ exited with 0 +++ [pid 11334] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11315, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11334] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 295] openat(AT_FDCWD, "./439", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 295] <... openat resumed>) = 3 [pid 11334] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 296] umount2("./440", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] newfstatat(3, "", [pid 11334] <... mprotect resumed>) = 0 [pid 11334] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11334] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] openat(AT_FDCWD, "./440", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 295] getdents64(3, [pid 296] <... openat resumed>) = 3 [pid 11334] <... clone3 resumed> => {parent_tid=[11335]}, 88) = 11335 [pid 11334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11334] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11334] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] newfstatat(3, "", [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] umount2("./439/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] getdents64(3, [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11318] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] newfstatat(AT_FDCWD, "./439/binderfs", ./strace-static-x86_64: Process 11335 attached [pid 11318] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11318] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11318] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] umount2("./440/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./440/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./440/binderfs") = 0 [pid 296] umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11316] <... futex resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11316] exit_group(0 [pid 295] unlink("./439/binderfs" [pid 11335] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 295] <... unlink resumed>) = 0 [pid 11335] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11332] <... futex resumed>) = ? [pid 11316] <... exit_group resumed>) = ? [pid 11335] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11335] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11332] +++ exited with 0 +++ [pid 11335] <... futex resumed>) = 1 [pid 11334] <... futex resumed>) = 0 [pid 11335] memfd_create("syzkaller", 0 [pid 11334] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11335] <... memfd_create resumed>) = 3 [pid 11334] <... futex resumed>) = 0 [pid 11335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11334] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11335] <... mmap resumed>) = 0x7fe453fca000 [pid 11318] <... futex resumed>) = ? [pid 11318] +++ exited with 0 +++ [pid 11316] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11316, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 297] umount2("./440", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./440", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./440/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./440/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 155.734945][T11330] loop3: detected capacity change from 0 to 2048 [ 155.741496][T11314] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 155.765610][T11318] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 297] unlink("./440/binderfs") = 0 [pid 297] umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 11335] munmap(0x7fe453fca000, 138412032) = 0 [pid 11335] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11335] ioctl(4, LOOP_SET_FD, 3 [pid 11330] <... mount resumed>) = 0 [pid 11330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11330] chdir("./file0") = 0 [pid 11330] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11330] ioctl(4, LOOP_CLR_FD) = 0 [pid 11330] close(4) = 0 [pid 11330] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11329] <... futex resumed>) = 0 [pid 11329] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11329] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11330] <... futex resumed>) = 1 [pid 11330] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11330] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11329] <... futex resumed>) = 0 [pid 11329] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11329] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11329] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11338]}, 88) = 11338 [pid 11329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11329] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11329] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11330] <... futex resumed>) = 1 [pid 11330] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11330] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11330] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11335] <... ioctl resumed>) = 0 [pid 11335] close(3) = 0 [pid 11335] close(4./strace-static-x86_64: Process 11338 attached [pid 11338] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11338] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11338] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11329] <... futex resumed>) = 0 [pid 11329] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11330] <... futex resumed>) = 0 [pid 11329] <... futex resumed>) = 1 [pid 11330] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11329] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11330] <... mmap resumed>) = 0x20000000 [pid 11330] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11329] <... futex resumed>) = 0 [pid 11338] <... futex resumed>) = 1 [pid 11329] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11338] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11329] <... futex resumed>) = 0 [pid 11329] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11330] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11330] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11329] <... futex resumed>) = 0 [pid 11329] exit_group(0) = ? [pid 11338] <... futex resumed>) = ? [pid 11338] +++ exited with 0 +++ [pid 295] <... umount2 resumed>) = 0 [pid 11330] <... futex resumed>) = ? [pid 11330] +++ exited with 0 +++ [pid 11329] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11329, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./440", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11335] <... close resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = 0 [pid 295] umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11335] mkdir("./file0", 0777) = 0 [pid 296] umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11335] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./439/file0", [pid 296] newfstatat(AT_FDCWD, "./440/file0", [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./439/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./440/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... openat resumed>) = 4 [pid 296] <... openat resumed>) = 4 [pid 295] newfstatat(4, "", [pid 296] newfstatat(4, "", [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, [pid 296] getdents64(4, [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, [pid 297] <... umount2 resumed>) = 0 [pid 296] getdents64(4, [pid 298] openat(AT_FDCWD, "./440", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4 [pid 296] close(4 [pid 295] <... close resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 298] newfstatat(3, "", [pid 296] <... close resumed>) = 0 [pid 295] rmdir("./439/file0" [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, [pid 296] rmdir("./440/file0" [pid 295] <... rmdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 295] getdents64(3, [pid 296] getdents64(3, [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3 [pid 296] close(3 [pid 295] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./440/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... close resumed>) = 0 [pid 295] rmdir("./439" [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] rmdir("./440" [pid 295] <... rmdir resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./440/binderfs", [pid 297] umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... rmdir resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] mkdir("./441", 0777 [pid 295] mkdir("./440", 0777 [pid 298] unlink("./440/binderfs" [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... mkdir resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 298] <... unlink resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 296] ioctl(3, LOOP_CLR_FD [pid 295] ioctl(3, LOOP_CLR_FD [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] close(3 [pid 295] close(3 [pid 298] umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./440/file0", [pid 296] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 11339 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 11340 ./strace-static-x86_64: Process 11340 attached ./strace-static-x86_64: Process 11339 attached [pid 297] umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11340] set_robust_list(0x5555557b6760, 24 [pid 11339] set_robust_list(0x5555557b6760, 24 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11340] <... set_robust_list resumed>) = 0 [pid 11339] <... set_robust_list resumed>) = 0 [pid 297] openat(AT_FDCWD, "./440/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11340] chdir("./440" [pid 11339] chdir("./441" [pid 297] <... openat resumed>) = 4 [pid 11340] <... chdir resumed>) = 0 [pid 11339] <... chdir resumed>) = 0 [pid 297] newfstatat(4, "", [pid 11340] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11339] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11340] <... prctl resumed>) = 0 [pid 11339] <... prctl resumed>) = 0 [pid 297] getdents64(4, [pid 11340] setpgid(0, 0 [pid 11339] setpgid(0, 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11340] <... setpgid resumed>) = 0 [pid 11339] <... setpgid resumed>) = 0 [ 155.796338][T11330] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 155.804119][T11335] loop4: detected capacity change from 0 to 2048 [ 155.821148][T11330] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 297] getdents64(4, [pid 11340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 11340] <... openat resumed>) = 3 [pid 11340] write(3, "1000", 4) = 4 [pid 11340] close(3) = 0 [pid 11340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11340] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11340] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11340] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11340] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11343]}, 88) = 11343 [pid 11340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11340] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11340] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11343 attached [pid 11343] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11343] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11343] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11340] <... futex resumed>) = 0 [pid 11340] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11340] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11343] <... futex resumed>) = 1 [pid 11343] memfd_create("syzkaller", 0) = 3 [pid 11343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 297] rmdir("./440/file0") = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./440") = 0 [pid 297] mkdir("./441", 0777 [pid 11343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11339] <... openat resumed>) = 3 [pid 11335] <... mount resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 11339] write(3, "1000", 4 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11339] <... write resumed>) = 4 [pid 297] <... openat resumed>) = 3 [pid 11339] close(3 [pid 297] ioctl(3, LOOP_CLR_FD [pid 11339] <... close resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11339] symlink("/dev/binderfs", "./binderfs" [pid 297] close(3 [pid 11339] <... symlink resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 11339] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11339] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 11339] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 11344 [pid 11339] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11339] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11345]}, 88) = 11345 [pid 11339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11339] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11339] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11335] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11335] chdir("./file0") = 0 [pid 11335] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11335] ioctl(4, LOOP_CLR_FD) = 0 [pid 11335] close(4) = 0 [pid 11335] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11334] <... futex resumed>) = 0 [pid 11334] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11334] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./440/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./440/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 11343] <... write resumed>) = 1048576 ./strace-static-x86_64: Process 11345 attached ./strace-static-x86_64: Process 11344 attached [pid 11343] munmap(0x7fe453fca000, 138412032 [pid 11335] <... futex resumed>) = 1 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, [pid 11343] <... munmap resumed>) = 0 [pid 11344] set_robust_list(0x5555557b6760, 24 [pid 11343] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11335] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 11344] <... set_robust_list resumed>) = 0 [pid 11344] chdir("./441" [pid 11343] <... openat resumed>) = 4 [pid 298] close(4 [pid 11344] <... chdir resumed>) = 0 [pid 11343] ioctl(4, LOOP_SET_FD, 3 [pid 298] <... close resumed>) = 0 [pid 11345] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11335] <... openat resumed>) = 4 [pid 298] rmdir("./440/file0" [pid 11345] <... set_robust_list resumed>) = 0 [pid 11344] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11335] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... rmdir resumed>) = 0 [pid 11344] <... prctl resumed>) = 0 [pid 298] getdents64(3, [pid 11344] setpgid(0, 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 11344] <... setpgid resumed>) = 0 [pid 11335] <... futex resumed>) = 1 [pid 11334] <... futex resumed>) = 0 [pid 298] close(3 [pid 11344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11335] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11334] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... close resumed>) = 0 [pid 11344] <... openat resumed>) = 3 [pid 11335] <... write resumed>) = 16 [pid 11334] <... futex resumed>) = 0 [pid 298] rmdir("./440" [pid 11344] write(3, "1000", 4 [pid 11335] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11334] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... rmdir resumed>) = 0 [pid 11344] <... write resumed>) = 4 [pid 11335] <... futex resumed>) = 0 [pid 11334] <... futex resumed>) = 0 [pid 298] mkdir("./441", 0777 [pid 11345] rt_sigprocmask(SIG_SETMASK, [], [pid 11344] close(3 [pid 11335] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... mkdir resumed>) = 0 [pid 11345] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11344] <... close resumed>) = 0 [pid 11334] <... mmap resumed>) = 0x7fe45c3a9000 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11345] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11344] symlink("/dev/binderfs", "./binderfs" [pid 11334] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 298] <... openat resumed>) = 3 [pid 11345] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11344] <... symlink resumed>) = 0 [pid 11334] <... mprotect resumed>) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 11345] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11344] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11343] <... ioctl resumed>) = 0 [pid 11334] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11345] <... futex resumed>) = 1 [pid 11344] <... futex resumed>) = 0 [pid 11339] <... futex resumed>) = 0 [pid 11334] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11344] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11339] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11345] memfd_create("syzkaller", 0 [pid 11344] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11339] <... futex resumed>) = 0 [pid 298] close(3 [pid 11343] close(3 [pid 11339] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11345] <... memfd_create resumed>) = 3 [pid 11344] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11334] <... clone3 resumed> => {parent_tid=[11346]}, 88) = 11346 [pid 298] <... close resumed>) = 0 [pid 11345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11334] rt_sigprocmask(SIG_SETMASK, [], [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11345] <... mmap resumed>) = 0x7fe453fca000 [pid 11344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11344] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11334] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 11347 ./strace-static-x86_64: Process 11347 attached ./strace-static-x86_64: Process 11346 attached [pid 11344] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11343] <... close resumed>) = 0 [pid 11334] <... futex resumed>) = 0 [pid 11347] set_robust_list(0x5555557b6760, 24 [pid 11346] set_robust_list(0x7fe45c3c99a0, 24 [pid 11344] <... mprotect resumed>) = 0 [pid 11343] close(4 [pid 11334] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11347] <... set_robust_list resumed>) = 0 [pid 11346] <... set_robust_list resumed>) = 0 [pid 11344] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11347] chdir("./441" [pid 11346] rt_sigprocmask(SIG_SETMASK, [], [pid 11344] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11347] <... chdir resumed>) = 0 [pid 11346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11347] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11346] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11347] <... prctl resumed>) = 0 [pid 11346] <... write resumed>) = 16 [pid 11347] setpgid(0, 0 [pid 11346] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11344] <... clone3 resumed> => {parent_tid=[11348]}, 88) = 11348 [pid 11347] <... setpgid resumed>) = 0 [pid 11346] <... futex resumed>) = 1 [pid 11344] rt_sigprocmask(SIG_SETMASK, [], [pid 11334] <... futex resumed>) = 0 [pid 11347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11346] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11334] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 11348 attached [pid 11347] <... openat resumed>) = 3 [pid 11345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11344] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11335] <... futex resumed>) = 0 [pid 11334] <... futex resumed>) = 1 [pid 11347] write(3, "1000", 4 [pid 11344] <... futex resumed>) = 0 [pid 11335] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11334] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11348] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11347] <... write resumed>) = 4 [pid 11344] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11335] <... mmap resumed>) = 0x20000000 [pid 11348] <... set_robust_list resumed>) = 0 [pid 11335] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11334] <... futex resumed>) = 0 [pid 11348] rt_sigprocmask(SIG_SETMASK, [], [pid 11335] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11334] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11334] <... futex resumed>) = 0 [ 155.868620][T11335] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 155.900608][T11343] loop0: detected capacity change from 0 to 2048 [pid 11347] close(3) = 0 [pid 11347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11347] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11347] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11347] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11347] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11350]}, 88) = 11350 [pid 11347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11347] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11347] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11345] <... write resumed>) = 1048576 [pid 11345] munmap(0x7fe453fca000, 138412032) = 0 [pid 11345] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11345] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 11350 attached [pid 11348] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11335] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11334] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11350] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11348] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11350] <... set_robust_list resumed>) = 0 [pid 11348] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11350] rt_sigprocmask(SIG_SETMASK, [], [pid 11348] <... futex resumed>) = 1 [pid 11344] <... futex resumed>) = 0 [pid 11350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11348] memfd_create("syzkaller", 0 [pid 11344] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11350] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11348] <... memfd_create resumed>) = 3 [pid 11344] <... futex resumed>) = 0 [pid 11350] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11344] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11350] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11348] <... mmap resumed>) = 0x7fe453fca000 [pid 11350] <... futex resumed>) = 1 [pid 11347] <... futex resumed>) = 0 [pid 11345] <... ioctl resumed>) = 0 [pid 11335] sendfile(-1, -1, [0] [pid 11350] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11347] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11347] <... futex resumed>) = 0 [pid 11350] memfd_create("syzkaller", 0 [pid 11347] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11350] <... memfd_create resumed>) = 3 [pid 11350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11345] close(3) = 0 [pid 11345] close(4 [pid 11335] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11335] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11335] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11334] <... futex resumed>) = 0 [pid 11334] exit_group(0) = ? [pid 11346] <... futex resumed>) = ? [pid 11335] <... futex resumed>) = ? [pid 11346] +++ exited with 0 +++ [pid 11335] +++ exited with 0 +++ [pid 11334] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11334, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] umount2("./435", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./435", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./435/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./435/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./435/binderfs") = 0 [pid 299] umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11348] <... write resumed>) = 1048576 [pid 11348] munmap(0x7fe453fca000, 138412032) = 0 [pid 11348] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11348] ioctl(4, LOOP_SET_FD, 3 [pid 11350] <... write resumed>) = 1048576 [pid 11350] munmap(0x7fe453fca000, 138412032) = 0 [pid 11350] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11350] ioctl(4, LOOP_SET_FD, 3 [pid 11348] <... ioctl resumed>) = 0 [pid 11348] close(3) = 0 [pid 11343] <... close resumed>) = 0 [pid 11343] mkdir("./file0", 0777) = 0 [pid 11343] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11348] close(4 [pid 11350] <... ioctl resumed>) = 0 [pid 11350] close(3) = 0 [pid 11350] close(4 [pid 11345] <... close resumed>) = 0 [pid 11345] mkdir("./file0", 0777) = 0 [pid 11345] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./435/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./435/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./435/file0") = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./435") = 0 [pid 299] mkdir("./436", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11351 ./strace-static-x86_64: Process 11351 attached [pid 11351] set_robust_list(0x5555557b6760, 24) = 0 [pid 11351] chdir("./436") = 0 [pid 11351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11351] setpgid(0, 0) = 0 [pid 11351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11351] write(3, "1000", 4) = 4 [pid 11350] <... close resumed>) = 0 [pid 11348] <... close resumed>) = 0 [pid 11351] close(3) = 0 [ 155.919051][T11335] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 155.928817][T11345] loop1: detected capacity change from 0 to 2048 [ 155.953610][T11348] loop2: detected capacity change from 0 to 2048 [ 155.956815][T11350] loop3: detected capacity change from 0 to 2048 [pid 11351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11351] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11351] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11351] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11351] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11351] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11354]}, 88) = 11354 [pid 11351] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11351] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11351] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11350] mkdir("./file0", 0777) = 0 [pid 11350] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11348] mkdir("./file0", 0777) = 0 [pid 11348] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue"./strace-static-x86_64: Process 11354 attached [pid 11345] <... mount resumed>) = 0 [pid 11354] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11354] <... set_robust_list resumed>) = 0 [pid 11345] <... openat resumed>) = 3 [pid 11354] rt_sigprocmask(SIG_SETMASK, [], [pid 11345] chdir("./file0" [pid 11354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11345] <... chdir resumed>) = 0 [pid 11354] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11345] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11354] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11345] <... openat resumed>) = 4 [pid 11354] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11345] ioctl(4, LOOP_CLR_FD [pid 11354] <... futex resumed>) = 1 [pid 11351] <... futex resumed>) = 0 [pid 11345] <... ioctl resumed>) = 0 [pid 11354] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11351] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11345] close(4 [pid 11354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11351] <... futex resumed>) = 0 [pid 11345] <... close resumed>) = 0 [pid 11354] memfd_create("syzkaller", 0 [pid 11351] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11345] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11354] <... memfd_create resumed>) = 3 [pid 11345] <... futex resumed>) = 1 [pid 11339] <... futex resumed>) = 0 [pid 11354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11345] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11339] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11354] <... mmap resumed>) = 0x7fe453fca000 [pid 11345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11339] <... futex resumed>) = 0 [pid 11354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11345] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11339] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11345] <... openat resumed>) = 4 [pid 11345] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11339] <... futex resumed>) = 0 [pid 11345] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11339] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11339] <... futex resumed>) = 0 [pid 11345] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11339] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11345] <... write resumed>) = 16 [pid 11339] <... futex resumed>) = 0 [pid 11345] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11345] <... futex resumed>) = 0 [pid 11339] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11345] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11339] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11357]}, 88) = 11357 [pid 11339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11339] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11339] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11357 attached [pid 11343] <... mount resumed>) = 0 [pid 11343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11343] chdir("./file0") = 0 [pid 11343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11343] ioctl(4, LOOP_CLR_FD) = 0 [pid 11343] close(4 [pid 11357] set_robust_list(0x7fe45c3c99a0, 24 [pid 11343] <... close resumed>) = 0 [pid 11357] <... set_robust_list resumed>) = 0 [pid 11343] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11357] rt_sigprocmask(SIG_SETMASK, [], [pid 11343] <... futex resumed>) = 1 [pid 11340] <... futex resumed>) = 0 [pid 11354] <... write resumed>) = 1048576 [pid 11340] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11343] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11354] munmap(0x7fe453fca000, 138412032 [pid 11340] <... futex resumed>) = 0 [pid 11357] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11354] <... munmap resumed>) = 0 [pid 11340] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11354] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11354] ioctl(4, LOOP_SET_FD, 3 [pid 11343] <... openat resumed>) = 4 [pid 11357] <... write resumed>) = 16 [pid 11343] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11357] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11343] <... futex resumed>) = 1 [pid 11357] <... futex resumed>) = 1 [pid 11343] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11357] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11340] <... futex resumed>) = 0 [pid 11340] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11343] <... futex resumed>) = 0 [pid 11340] <... futex resumed>) = 1 [pid 11343] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11340] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11343] <... write resumed>) = 16 [pid 11340] <... futex resumed>) = 0 [pid 11343] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11343] <... futex resumed>) = 0 [pid 11340] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11343] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11340] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11339] <... futex resumed>) = 0 [pid 11340] <... mprotect resumed>) = 0 [pid 11340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11359]}, 88) = 11359 [pid 11340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11340] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11340] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11354] <... ioctl resumed>) = 0 [pid 11354] close(3) = 0 [pid 11354] close(4 [pid 11339] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11345] <... futex resumed>) = 0 [pid 11339] <... futex resumed>) = 1 [pid 11345] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11339] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11345] <... mmap resumed>) = 0x20000000 [pid 11345] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11339] <... futex resumed>) = 0 [pid 11345] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11339] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11339] <... futex resumed>) = 0 ./strace-static-x86_64: Process 11359 attached [pid 11359] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11359] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11359] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11340] <... futex resumed>) = 0 [pid 11340] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11343] <... futex resumed>) = 0 [pid 11340] <... futex resumed>) = 1 [pid 11343] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [ 155.997940][T11345] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 156.012284][T11343] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 156.028624][T11354] loop4: detected capacity change from 0 to 2048 [pid 11340] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11343] <... mmap resumed>) = 0x20000000 [pid 11339] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11343] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11340] <... futex resumed>) = 0 [pid 11340] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11340] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11359] <... futex resumed>) = 1 [pid 11359] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11343] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11343] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11343] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11340] <... futex resumed>) = 0 [pid 11343] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11340] exit_group(0 [pid 11359] <... futex resumed>) = ? [pid 11343] <... futex resumed>) = ? [pid 11340] <... exit_group resumed>) = ? [pid 11359] +++ exited with 0 +++ [pid 11343] +++ exited with 0 +++ [pid 11340] +++ exited with 0 +++ [pid 11339] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11340, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 11354] <... close resumed>) = 0 [pid 11345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11348] <... mount resumed>) = 0 [pid 11345] sendfile(-1, -1, [0] [pid 11350] <... mount resumed>) = 0 [pid 11348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11345] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11348] <... openat resumed>) = 3 [pid 11345] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11354] mkdir("./file0", 0777 [pid 11350] <... openat resumed>) = 3 [pid 11350] chdir("./file0") = 0 [pid 11350] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11350] ioctl(4, LOOP_CLR_FD) = 0 [pid 11350] close(4) = 0 [pid 11350] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11347] <... futex resumed>) = 0 [pid 11347] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11347] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11350] <... futex resumed>) = 1 [pid 11350] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11339] exit_group(0 [pid 11348] chdir("./file0" [pid 11339] <... exit_group resumed>) = ? [pid 11357] <... futex resumed>) = ? [pid 11345] <... futex resumed>) = ? [pid 11357] +++ exited with 0 +++ [pid 11354] <... mkdir resumed>) = 0 [pid 11348] <... chdir resumed>) = 0 [pid 11354] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11348] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 295] umount2("./440", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11345] +++ exited with 0 +++ [pid 11339] +++ exited with 0 +++ [pid 11350] <... openat resumed>) = 4 [pid 11350] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11348] <... openat resumed>) = 4 [pid 11347] <... futex resumed>) = 0 [pid 11348] ioctl(4, LOOP_CLR_FD [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11339, si_uid=0, si_status=0, si_utime=1, si_stime=2} --- [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11347] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11347] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11347] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 295] openat(AT_FDCWD, "./440", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11348] <... ioctl resumed>) = 0 [pid 11347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11363]}, 88) = 11363 [pid 11348] close(4 [pid 11347] rt_sigprocmask(SIG_SETMASK, [], [pid 296] <... restart_syscall resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 11347] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11347] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11348] <... close resumed>) = 0 [pid 11347] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] newfstatat(3, "", [pid 11348] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11344] <... futex resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11348] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11344] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./441", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11344] <... futex resumed>) = 0 [pid 295] getdents64(3, [pid 11348] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11344] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] openat(AT_FDCWD, "./441", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11350] <... futex resumed>) = 1 [pid 11350] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 296] <... openat resumed>) = 3 [pid 295] umount2("./440/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(3, "", [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] newfstatat(AT_FDCWD, "./440/binderfs", [pid 296] getdents64(3, [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./441/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] unlink("./440/binderfs" [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 156.042850][T11345] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 156.050118][T11343] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 156.058708][T11350] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 156.083435][T11348] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11348] <... openat resumed>) = 4 [pid 296] newfstatat(AT_FDCWD, "./441/binderfs", [pid 295] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 11363 attached [pid 11363] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11363] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11363] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11347] <... futex resumed>) = 0 [pid 11347] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11347] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11363] <... futex resumed>) = 1 [pid 11350] <... write resumed>) = 16 [pid 11363] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11350] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11363] <... mmap resumed>) = 0x20000000 [pid 11350] <... futex resumed>) = 0 [pid 11350] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11363] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11347] <... futex resumed>) = 0 [pid 11347] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11347] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11350] <... futex resumed>) = 0 [pid 11348] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11348] <... futex resumed>) = 1 [pid 11344] <... futex resumed>) = 0 [pid 296] unlink("./441/binderfs" [pid 11348] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11344] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11363] <... futex resumed>) = 1 [pid 11363] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11344] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... unlink resumed>) = 0 [pid 11348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11344] <... futex resumed>) = 0 [pid 11344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11344] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11348] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11344] <... mprotect resumed>) = 0 [pid 296] umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11344] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11348] <... write resumed>) = 16 [pid 11344] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11348] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11344] <... clone3 resumed> => {parent_tid=[11364]}, 88) = 11364 [pid 11348] <... futex resumed>) = 0 [pid 11344] rt_sigprocmask(SIG_SETMASK, [], [pid 11348] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11344] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 11364 attached [pid 11344] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11364] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11364] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11364] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11344] <... futex resumed>) = 0 [pid 11364] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11344] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11348] <... futex resumed>) = 0 [pid 11344] <... futex resumed>) = 1 [pid 11348] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11344] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11348] <... mmap resumed>) = 0x20000000 [pid 11348] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11344] <... futex resumed>) = 0 [pid 11348] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11344] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11344] <... futex resumed>) = 0 [pid 11350] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11350] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11350] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11347] <... futex resumed>) = 0 [pid 11347] exit_group(0 [pid 11363] <... futex resumed>) = ? [pid 11347] <... exit_group resumed>) = ? [pid 11363] +++ exited with 0 +++ [pid 11350] <... futex resumed>) = ? [pid 11350] +++ exited with 0 +++ [pid 11347] +++ exited with 0 +++ [pid 11344] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11347, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./441", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./441", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./441/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./441/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./441/binderfs") = 0 [pid 298] umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11348] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 298] <... umount2 resumed>) = 0 [pid 11348] sendfile(-1, -1, [0] [pid 298] umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11348] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11348] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11344] <... futex resumed>) = 0 [pid 11344] exit_group(0 [pid 11364] <... futex resumed>) = ? [pid 11344] <... exit_group resumed>) = ? [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11364] +++ exited with 0 +++ [pid 298] newfstatat(AT_FDCWD, "./441/file0", [pid 11348] <... futex resumed>) = ? [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./441/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 11348] +++ exited with 0 +++ [pid 11344] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11344, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 297] umount2("./441", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./441/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./441") = 0 [pid 298] mkdir("./442", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./441", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./441/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./441/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./441/binderfs") = 0 [ 156.117402][T11350] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 156.136009][T11348] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 297] umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11354] <... mount resumed>) = 0 [pid 11354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11354] chdir("./file0") = 0 [pid 11354] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11354] ioctl(4, LOOP_CLR_FD) = 0 [pid 11354] close(4) = 0 [pid 11354] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11351] <... futex resumed>) = 0 [pid 11351] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11354] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11351] <... futex resumed>) = 0 [pid 11351] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11354] <... openat resumed>) = 4 [pid 11354] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11351] <... futex resumed>) = 0 [pid 11351] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11351] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11351] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11351] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11367]}, 88) = 11367 [pid 11351] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11351] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11351] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11354] <... futex resumed>) = 1 [pid 298] <... openat resumed>) = 3 [pid 297] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 297] umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 11367 attached [pid 11354] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./441/file0", [pid 295] newfstatat(AT_FDCWD, "./440/file0", [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./441/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] openat(AT_FDCWD, "./440/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... openat resumed>) = 4 [pid 298] <... close resumed>) = 0 [pid 297] newfstatat(4, "", [pid 296] umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... openat resumed>) = 4 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(4, "", [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 11368 [pid 297] getdents64(4, [pid 296] newfstatat(AT_FDCWD, "./441/file0", [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, [pid 297] getdents64(4, [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] getdents64(4, [pid 297] close(4 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] <... close resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] close(4 [pid 297] rmdir("./441/file0" [pid 295] <... close resumed>) = 0 [pid 296] openat(AT_FDCWD, "./441/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... rmdir resumed>) = 0 [pid 296] <... openat resumed>) = 4 [pid 295] rmdir("./440/file0" [pid 297] getdents64(3, [pid 296] newfstatat(4, "", [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 297] close(3 [pid 295] getdents64(3, [pid 297] <... close resumed>) = 0 [pid 296] getdents64(4, [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] rmdir("./441" [pid 295] close(3 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] <... rmdir resumed>) = 0 [pid 296] getdents64(4, [pid 295] <... close resumed>) = 0 [pid 297] mkdir("./442", 0777 [pid 295] rmdir("./440" [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 296] close(4) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] rmdir("./441/file0" [pid 297] <... openat resumed>) = 3 [pid 296] <... rmdir resumed>) = 0 [pid 295] mkdir("./441", 0777 [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... close resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 297] close(3 [pid 296] rmdir("./441" [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 297] <... close resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] mkdir("./442", 0777 [pid 295] <... openat resumed>) = 3 [pid 296] <... mkdir resumed>) = 0 [pid 295] ioctl(3, LOOP_CLR_FD [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 11369 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... openat resumed>) = 3 [pid 295] close(3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11370 [pid 11367] set_robust_list(0x7fe45c3c99a0, 24 [pid 295] <... close resumed>) = 0 [pid 11354] <... write resumed>) = 16 [pid 11354] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11354] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 11368 attached [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11368] set_robust_list(0x5555557b6760, 24) = 0 [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 11371 [pid 11368] chdir("./442") = 0 [pid 11368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11368] setpgid(0, 0) = 0 [pid 11368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11368] write(3, "1000", 4) = 4 [pid 11368] close(3 [pid 11367] <... set_robust_list resumed>) = 0 [pid 11367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11367] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11368] <... close resumed>) = 0 [pid 11367] <... write resumed>) = 16 [pid 11368] symlink("/dev/binderfs", "./binderfs") = 0 [ 156.161063][T11354] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11368] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 11369 attached [pid 11367] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11368] <... futex resumed>) = 0 [pid 11368] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11368] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11368] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11368] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11367] <... futex resumed>) = 1 [pid 11351] <... futex resumed>) = 0 [pid 11367] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11351] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11368] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11354] <... futex resumed>) = 0 [pid 11351] <... futex resumed>) = 1 [pid 11354] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11351] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11354] <... mmap resumed>) = 0x20000000 [pid 11354] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11351] <... futex resumed>) = 0 [pid 11368] <... clone3 resumed> => {parent_tid=[11372]}, 88) = 11372 [pid 11354] <... futex resumed>) = 1 [pid 11351] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 11371 attached [pid 11368] rt_sigprocmask(SIG_SETMASK, [], [pid 11351] <... futex resumed>) = 0 [pid 11371] set_robust_list(0x5555557b6760, 24 [pid 11368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11371] <... set_robust_list resumed>) = 0 [pid 11368] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11371] chdir("./441" [pid 11368] <... futex resumed>) = 0 [pid 11371] <... chdir resumed>) = 0 [pid 11368] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11371] setpgid(0, 0) = 0 [pid 11371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11371] write(3, "1000", 4) = 4 [pid 11371] close(3) = 0 [pid 11371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11371] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11371] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11371] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11373]}, 88) = 11373 [pid 11371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11371] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11371] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11370 attached [pid 11370] set_robust_list(0x5555557b6760, 24) = 0 [pid 11370] chdir("./442") = 0 [pid 11370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11370] setpgid(0, 0) = 0 [pid 11370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11370] write(3, "1000", 4) = 4 [pid 11370] close(3) = 0 [pid 11370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11370] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11370] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11370] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11370] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11370] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11374]}, 88) = 11374 [pid 11370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11370] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11351] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11370] <... futex resumed>) = 0 [pid 11370] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11374 attached ./strace-static-x86_64: Process 11373 attached ./strace-static-x86_64: Process 11372 attached [pid 11369] set_robust_list(0x5555557b6760, 24 [pid 11354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11354] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11354] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11354] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11374] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11373] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11372] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11369] <... set_robust_list resumed>) = 0 [pid 11351] <... futex resumed>) = 0 [pid 11374] <... set_robust_list resumed>) = 0 [pid 11373] <... set_robust_list resumed>) = 0 [pid 11372] <... set_robust_list resumed>) = 0 [pid 11369] chdir("./442" [pid 11351] exit_group(0 [pid 11374] rt_sigprocmask(SIG_SETMASK, [], [pid 11373] rt_sigprocmask(SIG_SETMASK, [], [pid 11372] rt_sigprocmask(SIG_SETMASK, [], [pid 11369] <... chdir resumed>) = 0 [pid 11367] <... futex resumed>) = ? [pid 11351] <... exit_group resumed>) = ? [pid 11374] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11369] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11367] +++ exited with 0 +++ [pid 11374] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11373] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11372] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11369] <... prctl resumed>) = 0 [pid 11374] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11373] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11372] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11374] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11373] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11372] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11369] setpgid(0, 0 [pid 11374] <... futex resumed>) = 1 [pid 11373] <... futex resumed>) = 1 [pid 11372] <... futex resumed>) = 1 [pid 11371] <... futex resumed>) = 0 [pid 11369] <... setpgid resumed>) = 0 [pid 11368] <... futex resumed>) = 0 [pid 11374] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11373] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11372] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11371] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11371] <... futex resumed>) = 0 [pid 11369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11368] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11373] memfd_create("syzkaller", 0 [pid 11372] memfd_create("syzkaller", 0 [pid 11371] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11373] <... memfd_create resumed>) = 3 [pid 11372] <... memfd_create resumed>) = 3 [pid 11369] <... openat resumed>) = 3 [pid 11368] <... futex resumed>) = 0 [pid 11373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11370] <... futex resumed>) = 0 [pid 11369] write(3, "1000", 4 [pid 11368] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11373] <... mmap resumed>) = 0x7fe453fca000 [pid 11372] <... mmap resumed>) = 0x7fe453fca000 [pid 11370] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11369] <... write resumed>) = 4 [pid 11354] <... futex resumed>) = ? [pid 11354] +++ exited with 0 +++ [pid 11351] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11351, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] umount2("./436", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./436", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./436/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./436/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./436/binderfs") = 0 [pid 299] umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11369] close(3) = 0 [pid 11369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11369] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11369] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11369] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11374] <... futex resumed>) = 0 [pid 11370] <... futex resumed>) = 1 [pid 11369] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11374] memfd_create("syzkaller", 0 [pid 11370] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11369] <... mprotect resumed>) = 0 [pid 11374] <... memfd_create resumed>) = 3 [pid 11369] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11369] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11374] <... mmap resumed>) = 0x7fe453fca000 [pid 11369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11373] <... write resumed>) = 1048576 [pid 11369] <... clone3 resumed> => {parent_tid=[11375]}, 88) = 11375 [pid 11369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11369] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11369] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11373] munmap(0x7fe453fca000, 138412032) = 0 [pid 11373] openat(AT_FDCWD, "/dev/loop0", O_RDWR [ 156.213379][T11354] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11373] <... openat resumed>) = 4 [pid 11373] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 11375 attached [pid 11374] <... write resumed>) = 1048576 [pid 11372] <... write resumed>) = 1048576 [pid 11375] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11374] munmap(0x7fe453fca000, 138412032 [pid 11373] <... ioctl resumed>) = 0 [pid 11372] munmap(0x7fe453fca000, 138412032 [pid 11375] <... set_robust_list resumed>) = 0 [pid 11375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11375] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11375] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11373] close(3 [pid 11369] <... futex resumed>) = 0 [pid 11369] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11369] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11375] <... futex resumed>) = 1 [pid 11375] memfd_create("syzkaller", 0 [pid 11373] <... close resumed>) = 0 [pid 11374] <... munmap resumed>) = 0 [pid 11373] close(4 [pid 11375] <... memfd_create resumed>) = 3 [pid 11374] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11372] <... munmap resumed>) = 0 [pid 11375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 11375] munmap(0x7fe453fca000, 138412032 [pid 299] <... umount2 resumed>) = 0 [pid 11375] <... munmap resumed>) = 0 [pid 299] umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11375] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11375] ioctl(4, LOOP_SET_FD, 3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11375] <... ioctl resumed>) = 0 [pid 11374] <... openat resumed>) = 4 [pid 11372] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 299] newfstatat(AT_FDCWD, "./436/file0", [pid 11374] ioctl(4, LOOP_SET_FD, 3 [pid 11372] <... openat resumed>) = 4 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11375] close(3 [pid 11372] ioctl(4, LOOP_SET_FD, 3 [pid 299] umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11375] <... close resumed>) = 0 [pid 11374] <... ioctl resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11374] close(3) = 0 [pid 11374] close(4 [pid 11375] close(4 [pid 299] openat(AT_FDCWD, "./436/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [ 156.261666][T11373] loop0: detected capacity change from 0 to 2048 [ 156.295056][T11375] loop2: detected capacity change from 0 to 2048 [ 156.302373][T11374] loop1: detected capacity change from 0 to 2048 [pid 299] close(4) = 0 [pid 299] rmdir("./436/file0") = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./436") = 0 [pid 299] mkdir("./437", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11372] <... ioctl resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 11372] close(3) = 0 [pid 11372] close(4 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11376 ./strace-static-x86_64: Process 11376 attached [pid 11376] set_robust_list(0x5555557b6760, 24) = 0 [pid 11376] chdir("./437") = 0 [pid 11376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11376] setpgid(0, 0) = 0 [pid 11376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11376] write(3, "1000", 4) = 4 [pid 11376] close(3) = 0 [pid 11376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11376] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11376] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11376] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11376] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11376] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 11377 attached => {parent_tid=[11377]}, 88) = 11377 [pid 11377] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11377] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11376] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11377] <... futex resumed>) = 0 [pid 11376] <... futex resumed>) = 1 [pid 11377] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11376] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11377] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11377] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11376] <... futex resumed>) = 0 [pid 11376] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11377] memfd_create("syzkaller", 0 [pid 11376] <... futex resumed>) = 0 [pid 11377] <... memfd_create resumed>) = 3 [pid 11377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11376] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11377] <... mmap resumed>) = 0x7fe453fca000 [pid 11375] <... close resumed>) = 0 [pid 11374] <... close resumed>) = 0 [pid 11373] <... close resumed>) = 0 [pid 11372] <... close resumed>) = 0 [pid 11375] mkdir("./file0", 0777 [pid 11374] mkdir("./file0", 0777 [pid 11373] mkdir("./file0", 0777 [pid 11372] mkdir("./file0", 0777 [pid 11375] <... mkdir resumed>) = 0 [pid 11374] <... mkdir resumed>) = 0 [pid 11373] <... mkdir resumed>) = 0 [pid 11372] <... mkdir resumed>) = 0 [pid 11375] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11374] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11373] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11372] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11377] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 11377] munmap(0x7fe453fca000, 138412032) = 0 [pid 11377] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 156.307668][T11372] loop3: detected capacity change from 0 to 2048 [pid 11377] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11377] close(3) = 0 [pid 11377] close(4 [pid 11375] <... mount resumed>) = 0 [pid 11372] <... mount resumed>) = 0 [pid 11372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11372] chdir("./file0") = 0 [pid 11372] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11372] ioctl(4, LOOP_CLR_FD) = 0 [pid 11372] close(4) = 0 [pid 11372] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11368] <... futex resumed>) = 0 [pid 11368] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11368] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11372] <... futex resumed>) = 1 [pid 11372] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11372] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11368] <... futex resumed>) = 0 [pid 11368] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11368] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11368] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11384]}, 88) = 11384 [pid 11368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11368] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11368] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11372] <... futex resumed>) = 1 [pid 11372] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11372] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11372] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 11384 attached [pid 11384] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11384] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11384] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11368] <... futex resumed>) = 0 [pid 11368] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11368] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11372] <... futex resumed>) = 0 [pid 11372] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 11372] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11368] <... futex resumed>) = 0 [pid 11368] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 156.340959][T11377] loop4: detected capacity change from 0 to 2048 [ 156.343976][T11375] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 156.354870][T11372] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 156.362416][T11373] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11368] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11372] <... futex resumed>) = 1 [pid 11384] <... futex resumed>) = 1 [pid 11375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11373] <... mount resumed>) = 0 [pid 11375] <... openat resumed>) = 3 [pid 11375] chdir("./file0") = 0 [pid 11375] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11375] ioctl(4, LOOP_CLR_FD) = 0 [pid 11375] close(4) = 0 [pid 11375] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11369] <... futex resumed>) = 0 [pid 11375] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11384] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11373] <... openat resumed>) = 3 [pid 11373] chdir("./file0" [pid 11369] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11375] <... futex resumed>) = 0 [pid 11375] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11369] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11373] <... chdir resumed>) = 0 [pid 11373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11373] ioctl(4, LOOP_CLR_FD) = 0 [pid 11373] close(4) = 0 [pid 11373] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11375] <... openat resumed>) = 4 [pid 11371] <... futex resumed>) = 0 [pid 11373] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11375] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11371] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11371] <... futex resumed>) = 0 [pid 11375] <... futex resumed>) = 1 [pid 11369] <... futex resumed>) = 0 [pid 11371] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11369] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11375] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11369] <... futex resumed>) = 0 [pid 11375] <... write resumed>) = 16 [pid 11369] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11375] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11369] <... futex resumed>) = 0 [pid 11373] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11375] <... futex resumed>) = 0 [pid 11369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11369] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11375] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11369] <... mprotect resumed>) = 0 [pid 11369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11385]}, 88) = 11385 [pid 11369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11369] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11369] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11373] <... openat resumed>) = 4 [pid 11373] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11371] <... futex resumed>) = 0 ./strace-static-x86_64: Process 11385 attached [pid 11371] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11372] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11385] set_robust_list(0x7fe45c3c99a0, 24 [pid 11371] <... futex resumed>) = 0 [pid 11373] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11371] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11373] <... write resumed>) = 16 [pid 11385] <... set_robust_list resumed>) = 0 [pid 11371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11372] sendfile(-1, -1, [0] [pid 11377] <... close resumed>) = 0 [pid 11373] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11377] mkdir("./file0", 0777 [pid 11371] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11373] <... futex resumed>) = 0 [pid 11377] <... mkdir resumed>) = 0 [pid 11371] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11377] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11371] <... mprotect resumed>) = 0 [pid 11373] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11385] rt_sigprocmask(SIG_SETMASK, [], [pid 11371] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11371] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11385] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11385] <... write resumed>) = 16 [pid 11385] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11371] <... clone3 resumed> => {parent_tid=[11387]}, 88) = 11387 [pid 11369] <... futex resumed>) = 0 [pid 11371] rt_sigprocmask(SIG_SETMASK, [], [pid 11369] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11375] <... futex resumed>) = 0 [pid 11371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11369] <... futex resumed>) = 1 [pid 11375] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11371] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11369] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11387 attached [pid 11385] <... futex resumed>) = 1 [pid 11375] <... mmap resumed>) = 0x20000000 [pid 11372] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11374] <... mount resumed>) = 0 [pid 11374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11371] <... futex resumed>) = 0 [pid 11375] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11372] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11374] <... openat resumed>) = 3 [pid 11374] chdir("./file0") = 0 [pid 11374] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11374] ioctl(4, LOOP_CLR_FD) = 0 [pid 11374] close(4 [pid 11375] <... futex resumed>) = 1 [pid 11372] <... futex resumed>) = 1 [pid 11368] <... futex resumed>) = 0 [pid 11385] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11371] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11369] <... futex resumed>) = 0 [pid 11369] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11372] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11368] exit_group(0 [pid 11369] <... futex resumed>) = 0 [pid 11369] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11387] set_robust_list(0x7fe45c3c99a0, 24 [pid 11384] <... futex resumed>) = ? [pid 11374] <... close resumed>) = 0 [pid 11372] <... futex resumed>) = ? [pid 11368] <... exit_group resumed>) = ? [pid 11372] +++ exited with 0 +++ [pid 11387] <... set_robust_list resumed>) = 0 [pid 11387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11387] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11374] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11370] <... futex resumed>) = 0 [pid 11370] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11370] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11374] <... futex resumed>) = 1 [pid 11374] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11387] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11371] <... futex resumed>) = 0 [pid 11371] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11371] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11387] <... futex resumed>) = 1 [pid 11387] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11384] +++ exited with 0 +++ [pid 11368] +++ exited with 0 +++ [pid 11374] <... openat resumed>) = 4 [pid 11374] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11370] <... futex resumed>) = 0 [pid 11370] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11370] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11370] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11370] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11389]}, 88) = 11389 [pid 11370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11370] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11370] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11374] <... futex resumed>) = 1 [pid 11374] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11374] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11374] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11373] <... futex resumed>) = 0 [pid 11373] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 11373] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11371] <... futex resumed>) = 0 [pid 11373] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11371] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11371] <... futex resumed>) = 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11368, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 298] umount2("./442", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./442", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./442/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./442/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./442/binderfs") = 0 [pid 298] umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 11389 attached [pid 11389] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11389] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11389] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11370] <... futex resumed>) = 0 [pid 11370] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11370] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11389] <... futex resumed>) = 1 [pid 11389] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11374] <... futex resumed>) = 0 [pid 11374] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 11374] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11370] <... futex resumed>) = 0 [ 156.378528][T11372] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 156.404135][T11374] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 156.416871][T11375] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11370] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11370] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11374] <... futex resumed>) = 1 [pid 11371] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11373] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11373] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11373] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11371] <... futex resumed>) = 0 [pid 11371] exit_group(0 [pid 11387] <... futex resumed>) = ? [pid 11371] <... exit_group resumed>) = ? [pid 11387] +++ exited with 0 +++ [pid 11373] <... futex resumed>) = ? [pid 11374] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11374] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11374] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11370] <... futex resumed>) = 0 [pid 11374] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11370] exit_group(0 [pid 11389] <... futex resumed>) = ? [pid 11370] <... exit_group resumed>) = ? [pid 11389] +++ exited with 0 +++ [pid 11374] <... futex resumed>) = ? [pid 11369] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 11373] +++ exited with 0 +++ [pid 11371] +++ exited with 0 +++ [pid 11369] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 11375] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11369] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11371, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 295] restart_syscall(<... resuming interrupted clone ...> [pid 11375] sendfile(-1, -1, [0] [pid 295] <... restart_syscall resumed>) = 0 [pid 11375] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11374] +++ exited with 0 +++ [pid 11370] +++ exited with 0 +++ [pid 11375] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11375] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11370, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 295] umount2("./441", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 295] openat(AT_FDCWD, "./441", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11369] exit_group(0 [pid 296] <... restart_syscall resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 11385] <... futex resumed>) = ? [pid 11375] <... futex resumed>) = ? [pid 11369] <... exit_group resumed>) = ? [pid 295] newfstatat(3, "", [pid 11385] +++ exited with 0 +++ [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] umount2("./442", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] getdents64(3, [pid 11375] +++ exited with 0 +++ [pid 11369] +++ exited with 0 +++ [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11369, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 296] openat(AT_FDCWD, "./442", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] umount2("./441/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 296] <... openat resumed>) = 3 [pid 297] <... restart_syscall resumed>) = 0 [pid 296] newfstatat(3, "", [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] newfstatat(AT_FDCWD, "./441/binderfs", [pid 296] getdents64(3, [pid 297] umount2("./442", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./442/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] unlink("./441/binderfs" [pid 297] openat(AT_FDCWD, "./442", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... openat resumed>) = 3 [pid 296] newfstatat(AT_FDCWD, "./442/binderfs", [pid 295] <... unlink resumed>) = 0 [pid 297] newfstatat(3, "", [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] unlink("./442/binderfs" [pid 297] getdents64(3, [pid 296] <... unlink resumed>) = 0 [pid 295] umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./442/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./442/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./442/binderfs") = 0 [pid 297] umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./441/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 156.425240][T11373] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 156.441019][T11374] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 295] umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./441/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./441/file0") = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./441") = 0 [pid 295] mkdir("./442", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = 0 [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11392 ./strace-static-x86_64: Process 11392 attached [pid 11377] <... mount resumed>) = 0 [pid 11392] set_robust_list(0x5555557b6760, 24) = 0 [pid 11392] chdir("./442" [pid 11377] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11377] chdir("./file0") = 0 [pid 11392] <... chdir resumed>) = 0 [pid 11377] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11392] setpgid(0, 0 [pid 11377] ioctl(4, LOOP_CLR_FD) = 0 [pid 11392] <... setpgid resumed>) = 0 [pid 11377] close(4 [pid 11392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11392] write(3, "1000", 4) = 4 [pid 11392] close(3) = 0 [pid 11392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11392] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11392] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11377] <... close resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 11377] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11376] <... futex resumed>) = 0 [pid 11376] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11376] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11377] <... futex resumed>) = 1 [pid 11377] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11392] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 298] umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11392] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11393]}, 88) = 11393 [pid 11392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11392] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11392] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11393 attached [pid 11393] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11393] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11393] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11392] <... futex resumed>) = 0 [pid 11392] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11392] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./442/file0", [pid 11393] <... futex resumed>) = 1 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11393] memfd_create("syzkaller", 0) = 3 [pid 11393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 298] umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./442/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./442/file0") = 0 [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./442") = 0 [pid 298] mkdir("./443", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11394 [pid 11393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11377] <... openat resumed>) = 4 ./strace-static-x86_64: Process 11394 attached [pid 11377] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11394] set_robust_list(0x5555557b6760, 24) = 0 [pid 11394] chdir("./443" [pid 11377] <... futex resumed>) = 1 [pid 11376] <... futex resumed>) = 0 [pid 11376] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 11377] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11377] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11377] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] <... umount2 resumed>) = 0 [pid 11376] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11376] <... futex resumed>) = 1 [pid 11376] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 156.484236][T11377] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 296] newfstatat(AT_FDCWD, "./442/file0", [pid 11377] <... futex resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./442/file0", [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11377] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11377] <... write resumed>) = 16 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11377] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./442/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11377] <... futex resumed>) = 1 [pid 11376] <... futex resumed>) = 0 [pid 297] openat(AT_FDCWD, "./442/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11394] <... chdir resumed>) = 0 [pid 11377] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11376] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... openat resumed>) = 4 [pid 11394] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11376] <... futex resumed>) = 0 [pid 297] <... openat resumed>) = 4 [pid 296] newfstatat(4, "", [pid 11394] <... prctl resumed>) = 0 [pid 11377] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11376] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] newfstatat(4, "", [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11394] setpgid(0, 0 [pid 11377] <... mmap resumed>) = 0x20000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, [pid 11394] <... setpgid resumed>) = 0 [pid 11377] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(4, [pid 11377] <... futex resumed>) = 1 [pid 11376] <... futex resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11376] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11393] <... write resumed>) = 1048576 [pid 11393] munmap(0x7fe453fca000, 138412032) = 0 [pid 11393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11393] ioctl(4, LOOP_SET_FD, 3 [pid 11394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11376] <... futex resumed>) = 0 [pid 297] getdents64(4, [pid 296] getdents64(4, [pid 11394] <... openat resumed>) = 3 [pid 11376] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 11394] write(3, "1000", 4 [pid 297] close(4 [pid 296] close(4 [pid 11394] <... write resumed>) = 4 [pid 297] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 11394] close(3 [pid 297] rmdir("./442/file0" [pid 296] rmdir("./442/file0" [pid 11394] <... close resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 11394] symlink("/dev/binderfs", "./binderfs" [pid 297] getdents64(3, [pid 296] getdents64(3, [pid 11394] <... symlink resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 11394] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] close(3 [pid 296] close(3 [pid 11394] <... futex resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 11394] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 297] rmdir("./442" [pid 296] rmdir("./442" [pid 11394] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11393] <... ioctl resumed>) = 0 [pid 11377] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 297] <... rmdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 11394] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11393] close(3 [pid 11377] sendfile(-1, -1, [0] [pid 297] mkdir("./443", 0777 [pid 296] mkdir("./443", 0777 [pid 11394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11393] <... close resumed>) = 0 [pid 11377] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 297] <... mkdir resumed>) = 0 [pid 11394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] <... mkdir resumed>) = 0 [pid 11394] <... mmap resumed>) = 0x7fe45c3ca000 [pid 297] <... openat resumed>) = 3 [pid 11393] close(4 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11377] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11394] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 297] ioctl(3, LOOP_CLR_FD [pid 11394] <... mprotect resumed>) = 0 [pid 11394] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... openat resumed>) = 3 [pid 11377] <... futex resumed>) = 1 [pid 296] ioctl(3, LOOP_CLR_FD [pid 11394] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11377] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11376] <... futex resumed>) = 0 [pid 297] close(3 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11394] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11376] exit_group(0 [pid 297] <... close resumed>) = 0 [pid 296] close(3 [pid 11376] <... exit_group resumed>) = ? [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11395 attached [pid 11394] <... clone3 resumed> => {parent_tid=[11395]}, 88) = 11395 [pid 296] <... close resumed>) = 0 [pid 11394] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 11396 [pid 11394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11394] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11394] <... futex resumed>) = 0 [pid 11394] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11377] <... futex resumed>) = ? [pid 11395] set_robust_list(0x7fe45c3ea9a0, 24./strace-static-x86_64: Process 11396 attached [pid 11377] +++ exited with 0 +++ [pid 11376] +++ exited with 0 +++ ./strace-static-x86_64: Process 11397 attached [pid 11397] set_robust_list(0x5555557b6760, 24) = 0 [pid 11397] chdir("./443") = 0 [pid 11397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 11397 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11376, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 11396] set_robust_list(0x5555557b6760, 24 [pid 11395] <... set_robust_list resumed>) = 0 [pid 11397] setpgid(0, 0 [pid 11395] rt_sigprocmask(SIG_SETMASK, [], [pid 11396] <... set_robust_list resumed>) = 0 [pid 11397] <... setpgid resumed>) = 0 [pid 11397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] umount2("./437", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11397] write(3, "1000", 4) = 4 [pid 11397] close(3) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11395] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11397] symlink("/dev/binderfs", "./binderfs" [pid 299] openat(AT_FDCWD, "./437", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11395] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11397] <... symlink resumed>) = 0 [pid 11397] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11397] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11397] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11397] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 299] <... openat resumed>) = 3 [pid 299] newfstatat(3, "", [pid 11395] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, [pid 11397] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11397] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] umount2("./437/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./437/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./437/binderfs" [pid 11397] <... clone3 resumed> => {parent_tid=[11398]}, 88) = 11398 [pid 11397] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... unlink resumed>) = 0 [pid 11397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11396] chdir("./443" [pid 11395] <... futex resumed>) = 1 [pid 11394] <... futex resumed>) = 0 [pid 11396] <... chdir resumed>) = 0 [pid 11395] memfd_create("syzkaller", 0 [pid 11394] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11396] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11395] <... memfd_create resumed>) = 3 [pid 11394] <... futex resumed>) = 0 [pid 11396] <... prctl resumed>) = 0 [pid 11395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11394] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11395] <... mmap resumed>) = 0x7fe453fca000 [pid 11396] setpgid(0, 0 [pid 11397] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11397] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11398 attached [pid 11398] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11398] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11398] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11397] <... futex resumed>) = 0 [pid 11397] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11397] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11398] <... futex resumed>) = 1 [pid 11398] memfd_create("syzkaller", 0) = 3 [pid 11398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11396] <... setpgid resumed>) = 0 [pid 11396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11396] write(3, "1000", 4) = 4 [pid 11396] close(3) = 0 [pid 11396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11396] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11396] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11396] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11396] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11399]}, 88) = 11399 [pid 11396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11396] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11396] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11393] <... close resumed>) = 0 [pid 11393] mkdir("./file0", 0777) = 0 [pid 11393] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11398] <... write resumed>) = 1048576 ./strace-static-x86_64: Process 11399 attached [pid 11399] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11399] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11399] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11399] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11398] munmap(0x7fe453fca000, 138412032 [pid 11396] <... futex resumed>) = 0 [pid 11396] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11399] <... futex resumed>) = 0 [pid 11399] memfd_create("syzkaller", 0 [pid 11396] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11399] <... memfd_create resumed>) = 3 [pid 11398] <... munmap resumed>) = 0 [pid 11399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11398] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11398] ioctl(4, LOOP_SET_FD, 3 [pid 11395] <... write resumed>) = 1048576 [pid 11395] munmap(0x7fe453fca000, 138412032) = 0 [ 156.535186][T11377] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 156.540070][T11393] loop0: detected capacity change from 0 to 2048 [pid 11395] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11395] ioctl(4, LOOP_SET_FD, 3 [pid 11399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11395] <... ioctl resumed>) = 0 [pid 11395] close(3 [pid 11398] <... ioctl resumed>) = 0 [pid 11398] close(3 [pid 11395] <... close resumed>) = 0 [pid 11395] close(4 [pid 11398] <... close resumed>) = 0 [pid 11398] close(4 [pid 11399] <... write resumed>) = 1048576 [pid 11399] munmap(0x7fe453fca000, 138412032) = 0 [pid 11399] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11399] ioctl(4, LOOP_SET_FD, 3 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./437/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11399] <... ioctl resumed>) = 0 [pid 11399] close(3) = 0 [pid 11399] close(4 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./437/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11398] <... close resumed>) = 0 [pid 11395] <... close resumed>) = 0 [pid 299] getdents64(4, [pid 11398] mkdir("./file0", 0777 [pid 11395] mkdir("./file0", 0777 [pid 11398] <... mkdir resumed>) = 0 [pid 11395] <... mkdir resumed>) = 0 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 11398] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11395] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 299] close(4) = 0 [pid 11393] <... mount resumed>) = 0 [pid 11393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11393] chdir("./file0") = 0 [pid 11393] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] rmdir("./437/file0") = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3 [pid 11393] <... openat resumed>) = 4 [pid 299] <... close resumed>) = 0 [pid 11393] ioctl(4, LOOP_CLR_FD) = 0 [pid 11393] close(4) = 0 [pid 11393] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11392] <... futex resumed>) = 0 [pid 299] rmdir("./437" [pid 11392] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11392] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... rmdir resumed>) = 0 [pid 11393] <... futex resumed>) = 1 [pid 299] mkdir("./438", 0777 [pid 11393] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 299] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11393] <... openat resumed>) = 4 [pid 299] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 11393] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11392] <... futex resumed>) = 0 [pid 11392] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11392] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11392] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 11402 [pid 11392] <... mprotect resumed>) = 0 [pid 11392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11393] <... futex resumed>) = 1 ./strace-static-x86_64: Process 11402 attached [pid 11392] <... clone3 resumed> => {parent_tid=[11405]}, 88) = 11405 [pid 11393] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11392] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11392] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11405 attached [pid 11393] <... write resumed>) = 16 [pid 11393] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11402] set_robust_list(0x5555557b6760, 24 [pid 11405] set_robust_list(0x7fe45c3c99a0, 24 [pid 11402] <... set_robust_list resumed>) = 0 [pid 11393] <... futex resumed>) = 0 [pid 11405] <... set_robust_list resumed>) = 0 [pid 11405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11405] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11405] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11392] <... futex resumed>) = 0 [pid 11392] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11392] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11405] <... futex resumed>) = 1 [pid 11393] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 11393] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11405] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11392] <... futex resumed>) = 0 [pid 11392] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11392] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11402] chdir("./438" [pid 11393] <... futex resumed>) = 1 [pid 11402] <... chdir resumed>) = 0 [ 156.592495][T11398] loop1: detected capacity change from 0 to 2048 [ 156.599210][T11395] loop3: detected capacity change from 0 to 2048 [ 156.611422][T11399] loop2: detected capacity change from 0 to 2048 [ 156.623668][T11393] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11402] setpgid(0, 0) = 0 [pid 11402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11402] write(3, "1000", 4) = 4 [pid 11402] close(3) = 0 [pid 11402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11402] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11402] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11402] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11402] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11402] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11408]}, 88) = 11408 [pid 11402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11402] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11402] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11395] <... mount resumed>) = 0 [pid 11395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11395] chdir("./file0") = 0 [pid 11395] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11395] ioctl(4, LOOP_CLR_FD) = 0 [pid 11395] close(4) = 0 [pid 11395] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11394] <... futex resumed>) = 0 [pid 11394] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11394] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11395] <... futex resumed>) = 1 [pid 11395] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 11408 attached [pid 11408] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11408] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11399] <... close resumed>) = 0 [pid 11399] mkdir("./file0", 0777) = 0 [pid 11399] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11408] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11402] <... futex resumed>) = 0 [pid 11402] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11402] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11408] <... futex resumed>) = 1 [pid 11408] memfd_create("syzkaller", 0) = 3 [pid 11408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11395] <... openat resumed>) = 4 [pid 11393] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11395] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11393] sendfile(-1, -1, [0] [pid 11395] <... futex resumed>) = 1 [pid 11394] <... futex resumed>) = 0 [pid 11398] <... mount resumed>) = 0 [pid 11395] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11394] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11393] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11398] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11394] <... futex resumed>) = 0 [pid 11393] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11398] <... openat resumed>) = 3 [pid 11395] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11394] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11393] <... futex resumed>) = 1 [pid 11392] <... futex resumed>) = 0 [pid 11395] <... write resumed>) = 16 [pid 11394] <... futex resumed>) = 0 [pid 11393] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11398] chdir("./file0" [pid 11392] exit_group(0 [pid 11395] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11405] <... futex resumed>) = -1 (errno 18446744073709551414) [pid 11394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11392] <... exit_group resumed>) = ? [pid 11405] +++ exited with 0 +++ [pid 11398] <... chdir resumed>) = 0 [pid 11395] <... futex resumed>) = 0 [pid 11393] <... futex resumed>) = ? [pid 11394] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11395] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11398] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11393] +++ exited with 0 +++ [pid 11392] +++ exited with 0 +++ [pid 11394] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11392, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 11394] <... mprotect resumed>) = 0 [pid 11394] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11394] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11398] <... openat resumed>) = 4 [pid 11394] <... clone3 resumed> => {parent_tid=[11409]}, 88) = 11409 [pid 11394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11394] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11394] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11398] ioctl(4, LOOP_CLR_FD [pid 295] umount2("./442", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11398] <... ioctl resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11398] close(4 [pid 295] openat(AT_FDCWD, "./442", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11398] <... close resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 11398] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] newfstatat(3, "", [pid 11397] <... futex resumed>) = 0 [pid 11398] <... futex resumed>) = 1 [pid 11397] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11398] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11397] <... futex resumed>) = 0 [pid 295] getdents64(3, [pid 11397] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./442/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11398] <... openat resumed>) = 4 [pid 295] newfstatat(AT_FDCWD, "./442/binderfs", [pid 11398] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11398] <... futex resumed>) = 1 [pid 11397] <... futex resumed>) = 0 [pid 295] unlink("./442/binderfs" [pid 11398] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11397] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 11409 attached [pid 11408] <... write resumed>) = 1048576 [pid 11397] <... futex resumed>) = 0 [pid 295] <... unlink resumed>) = 0 [pid 11408] munmap(0x7fe453fca000, 138412032 [pid 11398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11397] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11409] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11409] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 295] umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11397] <... futex resumed>) = 0 [pid 11409] <... write resumed>) = 16 [pid 11409] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11409] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11394] <... futex resumed>) = 0 [pid 11408] <... munmap resumed>) = 0 [pid 11394] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11408] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11395] <... futex resumed>) = 0 [pid 11394] <... futex resumed>) = 1 [pid 11397] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11395] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11394] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11408] <... openat resumed>) = 4 [pid 11408] ioctl(4, LOOP_SET_FD, 3 [pid 11395] <... mmap resumed>) = 0x20000000 [pid 11397] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [ 156.648507][T11393] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 156.648810][T11395] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 156.674811][T11398] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11395] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11398] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11397] <... mprotect resumed>) = 0 [pid 11395] <... futex resumed>) = 1 [pid 11394] <... futex resumed>) = 0 [pid 11398] <... write resumed>) = 16 [pid 11397] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11395] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11394] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11398] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11397] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11394] <... futex resumed>) = 0 [pid 11408] <... ioctl resumed>) = 0 [pid 11398] <... futex resumed>) = 0 [pid 11397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11408] close(3) = 0 [pid 11408] close(4 [pid 11394] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11397] <... clone3 resumed> => {parent_tid=[11410]}, 88) = 11410 [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./442/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11397] rt_sigprocmask(SIG_SETMASK, [], [pid 295] umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11397] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] openat(AT_FDCWD, "./442/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11397] <... futex resumed>) = 0 [pid 295] <... openat resumed>) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./442/file0") = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./442") = 0 [pid 295] mkdir("./443", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 11398] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11397] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11395] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11395] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11394] <... futex resumed>) = 0 [pid 11395] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11394] exit_group(0 [pid 11409] <... futex resumed>) = ? [pid 11394] <... exit_group resumed>) = ? [pid 11409] +++ exited with 0 +++ [pid 11395] <... futex resumed>) = ? ./strace-static-x86_64: Process 11410 attached [pid 11395] +++ exited with 0 +++ [pid 11394] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11394, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 298] umount2("./443", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./443", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", [pid 11410] set_robust_list(0x7fe45c3c99a0, 24 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11410] <... set_robust_list resumed>) = 0 [pid 11410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11410] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11410] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11410] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 298] umount2("./443/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./443/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./443/binderfs") = 0 [pid 298] umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11397] <... futex resumed>) = 0 [pid 11397] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11398] <... futex resumed>) = 0 [pid 11397] <... futex resumed>) = 1 [pid 11398] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11397] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11398] <... mmap resumed>) = 0x20000000 [pid 11398] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11397] <... futex resumed>) = 0 [pid 11398] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11397] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11397] <... futex resumed>) = 0 [pid 11399] <... mount resumed>) = 0 [pid 11399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11399] chdir("./file0") = 0 [pid 11399] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11399] ioctl(4, LOOP_CLR_FD) = 0 [pid 11399] close(4) = 0 [pid 11399] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11396] <... futex resumed>) = 0 [pid 11396] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11396] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11399] <... futex resumed>) = 1 [pid 11399] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 156.715733][T11408] loop4: detected capacity change from 0 to 2048 [ 156.719062][T11395] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 156.749940][T11399] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11399] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11396] <... futex resumed>) = 0 [pid 11396] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11396] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11396] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11413]}, 88) = 11413 [pid 11396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11396] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11396] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11399] <... futex resumed>) = 1 [pid 11399] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11399] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11399] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 11413 attached [pid 11413] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11413] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11413] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11396] <... futex resumed>) = 0 [pid 11396] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11396] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11399] <... futex resumed>) = 0 [pid 11399] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 11399] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11396] <... futex resumed>) = 0 [pid 11396] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11396] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11399] <... futex resumed>) = 1 [pid 11413] <... futex resumed>) = 1 [pid 11398] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11397] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11413] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11398] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11398] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11397] <... futex resumed>) = 0 [pid 11397] exit_group(0 [pid 11410] <... futex resumed>) = ? [pid 11397] <... exit_group resumed>) = ? [pid 11410] +++ exited with 0 +++ [pid 11398] <... futex resumed>) = ? [pid 11398] +++ exited with 0 +++ [pid 11397] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11397, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./443", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./443", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./443/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./443/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./443/binderfs") = 0 [pid 296] umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11399] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11399] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11408] <... close resumed>) = 0 [pid 295] <... openat resumed>) = 3 [pid 11408] mkdir("./file0", 0777 [pid 295] ioctl(3, LOOP_CLR_FD [pid 11408] <... mkdir resumed>) = 0 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11408] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11414 [pid 11399] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11396] <... futex resumed>) = 0 [pid 11396] exit_group(0 [pid 11399] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 11414 attached [pid 11396] <... exit_group resumed>) = ? [pid 11414] set_robust_list(0x5555557b6760, 24) = 0 [pid 11413] <... futex resumed>) = ? [pid 11414] chdir("./443" [pid 11413] +++ exited with 0 +++ [pid 11399] <... futex resumed>) = ? [pid 11414] <... chdir resumed>) = 0 [pid 11414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11414] setpgid(0, 0 [pid 11399] +++ exited with 0 +++ [pid 11396] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11396, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 11414] <... setpgid resumed>) = 0 [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 11414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] <... restart_syscall resumed>) = 0 [pid 11414] <... openat resumed>) = 3 [pid 11414] write(3, "1000", 4 [pid 297] umount2("./443", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11414] <... write resumed>) = 4 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11414] close(3 [pid 297] openat(AT_FDCWD, "./443", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11414] <... close resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 297] newfstatat(3, "", [pid 11414] symlink("/dev/binderfs", "./binderfs" [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, [pid 11414] <... symlink resumed>) = 0 [pid 11414] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11414] <... futex resumed>) = 0 [pid 297] umount2("./443/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11414] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11414] <... rt_sigaction resumed>NULL, 8) = 0 [pid 297] newfstatat(AT_FDCWD, "./443/binderfs", [pid 11414] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./443/binderfs" [pid 11414] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11414] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 297] <... unlink resumed>) = 0 [pid 297] umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11414] <... mprotect resumed>) = 0 [pid 11414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11415]}, 88) = 11415 [pid 11414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11414] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 11415 attached [pid 11414] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11415] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11415] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11415] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11414] <... futex resumed>) = 0 [pid 11414] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11415] memfd_create("syzkaller", 0 [pid 11414] <... futex resumed>) = 0 [pid 11414] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11415] <... memfd_create resumed>) = 3 [pid 11415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 298] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 11415] munmap(0x7fe453fca000, 138412032 [pid 298] umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./443/file0", [pid 296] newfstatat(AT_FDCWD, "./443/file0", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./443/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./443/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... openat resumed>) = 4 [pid 296] <... openat resumed>) = 4 [pid 298] newfstatat(4, "", [pid 296] newfstatat(4, "", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 296] getdents64(4, [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] getdents64(4, [pid 298] close(4 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] <... close resumed>) = 0 [pid 296] close(4 [pid 298] rmdir("./443/file0" [pid 296] <... close resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 296] rmdir("./443/file0" [pid 298] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 298] close(3 [pid 296] getdents64(3, [pid 298] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] rmdir("./443" [pid 296] close(3 [pid 298] <... rmdir resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 298] mkdir("./444", 0777 [pid 296] rmdir("./443" [pid 298] <... mkdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] mkdir("./444", 0777 [pid 298] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 296] <... mkdir resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] close(3 [pid 296] <... openat resumed>) = 3 [pid 298] <... close resumed>) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] close(3 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 11416 [pid 296] <... close resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 11416 attached [pid 11415] <... munmap resumed>) = 0 [pid 11416] set_robust_list(0x5555557b6760, 24 [pid 11415] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 296] <... clone resumed>, child_tidptr=0x5555557b6750) = 11417 [pid 11416] <... set_robust_list resumed>) = 0 [pid 11415] <... openat resumed>) = 4 [ 156.754720][T11398] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 156.770896][T11399] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11416] chdir("./444" [pid 11415] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 11417 attached [pid 11417] set_robust_list(0x5555557b6760, 24) = 0 [pid 11417] chdir("./444") = 0 [pid 11417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11417] setpgid(0, 0) = 0 [pid 11417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11417] write(3, "1000", 4) = 4 [pid 11417] close(3) = 0 [pid 11417] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11417] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11417] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11417] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11417] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11417] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11418]}, 88) = 11418 [pid 11417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11417] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11417] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11418 attached [pid 11418] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11418] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11418] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11417] <... futex resumed>) = 0 [pid 11417] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11417] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11418] <... futex resumed>) = 1 [pid 11418] memfd_create("syzkaller", 0) = 3 [pid 11418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11416] <... chdir resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./443/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./443/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./443/file0") = 0 [pid 297] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./443") = 0 [pid 297] mkdir("./444", 0777 [pid 11416] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] <... mkdir resumed>) = 0 [pid 11416] <... prctl resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11416] setpgid(0, 0 [pid 297] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD [pid 11416] <... setpgid resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] close(3) = 0 [pid 11416] <... openat resumed>) = 3 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11416] write(3, "1000", 4) = 4 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 11420 [pid 11416] close(3) = 0 [pid 11416] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 11420 attached ) = 0 [pid 11415] <... ioctl resumed>) = 0 [pid 11416] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11420] set_robust_list(0x5555557b6760, 24 [pid 11415] close(3 [pid 11420] <... set_robust_list resumed>) = 0 [pid 11416] <... futex resumed>) = 0 [pid 11415] <... close resumed>) = 0 [pid 11420] chdir("./444" [pid 11416] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11415] close(4 [pid 11416] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11416] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11420] <... chdir resumed>) = 0 [pid 11416] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11420] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11420] <... prctl resumed>) = 0 [pid 11416] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11420] setpgid(0, 0 [pid 11416] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11420] <... setpgid resumed>) = 0 [pid 11416] <... mprotect resumed>) = 0 [pid 11416] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 11422 attached => {parent_tid=[11422]}, 88) = 11422 [pid 11422] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11422] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11416] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11422] <... futex resumed>) = 0 [pid 11422] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11422] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11422] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11420] <... openat resumed>) = 3 [pid 11416] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11420] write(3, "1000", 4 [pid 11418] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11416] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 156.829703][T11415] loop0: detected capacity change from 0 to 2048 [pid 11420] <... write resumed>) = 4 [pid 11416] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11420] close(3 [pid 11416] <... futex resumed>) = 1 [pid 11420] <... close resumed>) = 0 [pid 11416] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11420] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11420] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11420] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11420] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11420] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11420] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11423]}, 88) = 11423 [pid 11420] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11420] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11420] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11415] <... close resumed>) = 0 [pid 11415] mkdir("./file0", 0777) = 0 [pid 11415] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11418] <... write resumed>) = 1048576 [pid 11418] munmap(0x7fe453fca000, 138412032) = 0 [pid 11418] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11418] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 11423 attached [pid 11422] <... futex resumed>) = 0 [pid 11408] <... mount resumed>) = 0 [pid 11423] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11422] memfd_create("syzkaller", 0 [pid 11423] <... set_robust_list resumed>) = 0 [pid 11422] <... memfd_create resumed>) = 3 [pid 11423] rt_sigprocmask(SIG_SETMASK, [], [pid 11422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11422] <... mmap resumed>) = 0x7fe453fca000 [pid 11423] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11423] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11420] <... futex resumed>) = 0 [pid 11418] <... ioctl resumed>) = 0 [pid 11408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11423] memfd_create("syzkaller", 0 [pid 11420] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11418] close(3 [pid 11408] <... openat resumed>) = 3 [pid 11423] <... memfd_create resumed>) = 3 [pid 11420] <... futex resumed>) = 0 [pid 11418] <... close resumed>) = 0 [pid 11408] chdir("./file0" [pid 11423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11422] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11420] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11415] <... mount resumed>) = 0 [pid 11418] close(4 [pid 11423] <... mmap resumed>) = 0x7fe453fca000 [pid 11408] <... chdir resumed>) = 0 [pid 11408] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11408] ioctl(4, LOOP_CLR_FD) = 0 [pid 11408] close(4) = 0 [pid 11408] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11402] <... futex resumed>) = 0 [pid 11422] <... write resumed>) = 1048576 [pid 11408] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11402] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11402] <... futex resumed>) = 0 [pid 11408] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11402] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11415] chdir("./file0") = 0 [pid 11415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11415] ioctl(4, LOOP_CLR_FD) = 0 [pid 11415] close(4) = 0 [pid 11415] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11414] <... futex resumed>) = 0 [pid 11415] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11414] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11414] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11422] munmap(0x7fe453fca000, 138412032 [pid 11415] <... openat resumed>) = 4 [pid 11408] <... openat resumed>) = 4 [pid 11422] <... munmap resumed>) = 0 [pid 11415] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11408] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11422] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11415] <... futex resumed>) = 1 [pid 11414] <... futex resumed>) = 0 [pid 11408] <... futex resumed>) = 1 [pid 11402] <... futex resumed>) = 0 [pid 11422] <... openat resumed>) = 4 [pid 11415] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11414] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11408] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11402] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11422] ioctl(4, LOOP_SET_FD, 3 [pid 11415] <... write resumed>) = 16 [pid 11414] <... futex resumed>) = 0 [pid 11408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11402] <... futex resumed>) = 0 [ 156.872673][T11408] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 156.889588][T11418] loop1: detected capacity change from 0 to 2048 [ 156.900083][T11415] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11415] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11414] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11408] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11402] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11415] <... futex resumed>) = 0 [pid 11414] <... futex resumed>) = 0 [pid 11408] <... write resumed>) = 16 [pid 11402] <... futex resumed>) = 0 [pid 11415] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11408] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11414] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11408] <... futex resumed>) = 0 [pid 11402] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11414] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11408] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11402] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11414] <... mprotect resumed>) = 0 [pid 11402] <... mprotect resumed>) = 0 [pid 11414] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11402] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11414] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11402] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11414] <... clone3 resumed> => {parent_tid=[11427]}, 88) = 11427 [pid 11402] <... clone3 resumed> => {parent_tid=[11428]}, 88) = 11428 [pid 11422] <... ioctl resumed>) = 0 [pid 11414] rt_sigprocmask(SIG_SETMASK, [], [pid 11402] rt_sigprocmask(SIG_SETMASK, [], [pid 11422] close(3 [pid 11414] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11402] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11422] <... close resumed>) = 0 [pid 11414] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11402] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11422] close(4 [pid 11414] <... futex resumed>) = 0 [pid 11402] <... futex resumed>) = 0 [pid 11414] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11402] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11423] <... write resumed>) = 1048576 ./strace-static-x86_64: Process 11428 attached ./strace-static-x86_64: Process 11427 attached [pid 11423] munmap(0x7fe453fca000, 138412032 [pid 11428] set_robust_list(0x7fe45c3c99a0, 24 [pid 11427] set_robust_list(0x7fe45c3c99a0, 24 [pid 11423] <... munmap resumed>) = 0 [pid 11428] <... set_robust_list resumed>) = 0 [pid 11427] <... set_robust_list resumed>) = 0 [pid 11423] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11428] rt_sigprocmask(SIG_SETMASK, [], [pid 11427] rt_sigprocmask(SIG_SETMASK, [], [pid 11423] <... openat resumed>) = 4 [pid 11428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11423] ioctl(4, LOOP_SET_FD, 3 [pid 11428] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11427] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11418] <... close resumed>) = 0 [pid 11428] <... write resumed>) = 16 [pid 11427] <... write resumed>) = 16 [pid 11418] mkdir("./file0", 0777 [pid 11428] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11427] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11423] <... ioctl resumed>) = 0 [pid 11428] <... futex resumed>) = 1 [pid 11427] <... futex resumed>) = 1 [pid 11428] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11427] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11418] <... mkdir resumed>) = 0 [pid 11423] close(3 [pid 11414] <... futex resumed>) = 0 [pid 11402] <... futex resumed>) = 0 [pid 11414] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11402] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11418] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11423] <... close resumed>) = 0 [pid 11415] <... futex resumed>) = 0 [pid 11414] <... futex resumed>) = 1 [pid 11408] <... futex resumed>) = 0 [pid 11402] <... futex resumed>) = 1 [pid 11423] close(4 [pid 11415] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11414] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11408] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11402] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11415] <... mmap resumed>) = 0x20000000 [pid 11408] <... mmap resumed>) = 0x20000000 [pid 11415] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11408] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11415] <... futex resumed>) = 1 [pid 11414] <... futex resumed>) = 0 [pid 11408] <... futex resumed>) = 1 [pid 11402] <... futex resumed>) = 0 [pid 11415] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11414] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11402] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11414] <... futex resumed>) = 0 [pid 11408] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11402] <... futex resumed>) = 0 [pid 11414] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11408] sendfile(-1, -1, [0] [pid 11402] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11408] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11408] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11402] <... futex resumed>) = 0 [pid 11408] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11402] exit_group(0 [pid 11428] <... futex resumed>) = ? [pid 11408] <... futex resumed>) = ? [pid 11402] <... exit_group resumed>) = ? [pid 11428] +++ exited with 0 +++ [pid 11408] +++ exited with 0 +++ [pid 11402] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11402, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 299] umount2("./438", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./438", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./438/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./438/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./438/binderfs") = 0 [pid 299] umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11415] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11415] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11415] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11414] <... futex resumed>) = 0 [pid 11414] exit_group(0 [pid 11427] <... futex resumed>) = ? [pid 11415] <... futex resumed>) = ? [pid 11414] <... exit_group resumed>) = ? [pid 11427] +++ exited with 0 +++ [pid 11415] +++ exited with 0 +++ [pid 11414] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11414, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 295] umount2("./443", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./443", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./443/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./443/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./443/binderfs") = 0 [pid 295] umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11423] <... close resumed>) = 0 [pid 11422] <... close resumed>) = 0 [pid 11423] mkdir("./file0", 0777 [pid 11422] mkdir("./file0", 0777 [pid 11423] <... mkdir resumed>) = 0 [pid 11423] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11422] <... mkdir resumed>) = 0 [ 156.923933][T11422] loop3: detected capacity change from 0 to 2048 [ 156.934255][T11423] loop2: detected capacity change from 0 to 2048 [ 156.943361][T11408] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 156.943655][T11415] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11422] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 299] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 299] umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./438/file0", [pid 295] newfstatat(AT_FDCWD, "./443/file0", [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./438/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] openat(AT_FDCWD, "./443/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... openat resumed>) = 4 [pid 295] <... openat resumed>) = 4 [pid 299] newfstatat(4, "", [pid 295] newfstatat(4, "", [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, [pid 295] getdents64(4, [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, [pid 295] getdents64(4, [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 299] close(4 [pid 295] close(4 [pid 299] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 299] rmdir("./438/file0" [pid 295] rmdir("./443/file0" [pid 299] <... rmdir resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 299] getdents64(3, [pid 295] getdents64(3, [pid 299] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 299] close(3 [pid 295] close(3 [pid 299] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 299] rmdir("./438" [pid 295] rmdir("./443" [pid 299] <... rmdir resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 299] mkdir("./439", 0777 [pid 295] mkdir("./444", 0777 [pid 299] <... mkdir resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 295] <... openat resumed>) = 3 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] <... close resumed>) = 0 [pid 11418] <... mount resumed>) = 0 [pid 11418] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11418] chdir("./file0") = 0 [pid 11418] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11418] ioctl(4, LOOP_CLR_FD) = 0 [pid 11418] close(4) = 0 [pid 11418] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11417] <... futex resumed>) = 0 [pid 11417] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] close(3 [pid 11417] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11418] <... futex resumed>) = 1 [pid 11418] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 295] <... close resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 11435 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11422] <... mount resumed>) = 0 [pid 11418] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11417] <... futex resumed>) = 0 [pid 11417] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11417] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11417] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11417] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11437]}, 88) = 11437 [pid 11417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11417] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11417] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11418] <... futex resumed>) = 1 [pid 11418] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11418] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11418] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] <... clone resumed>, child_tidptr=0x5555557b6750) = 11436 ./strace-static-x86_64: Process 11435 attached [pid 11422] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11435] set_robust_list(0x5555557b6760, 24 [pid 11423] <... mount resumed>) = 0 [pid 11422] chdir("./file0" [pid 11423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11422] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 11437 attached ./strace-static-x86_64: Process 11436 attached [pid 11435] <... set_robust_list resumed>) = 0 [pid 11423] <... openat resumed>) = 3 [pid 11435] chdir("./439" [pid 11423] chdir("./file0" [pid 11437] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11437] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11437] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11437] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11417] <... futex resumed>) = 0 [pid 11417] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11418] <... futex resumed>) = 0 [pid 11417] <... futex resumed>) = 1 [pid 11418] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11417] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11423] <... chdir resumed>) = 0 [pid 11422] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11435] <... chdir resumed>) = 0 [pid 11418] <... mmap resumed>) = 0x20000000 [pid 11418] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11417] <... futex resumed>) = 0 [pid 11437] <... futex resumed>) = 1 [pid 11436] set_robust_list(0x5555557b6760, 24 [ 157.025912][T11418] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 157.040193][T11422] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 157.053812][T11423] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11435] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11423] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11422] <... openat resumed>) = 4 [pid 11417] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11422] ioctl(4, LOOP_CLR_FD) = 0 [pid 11422] close(4) = 0 [pid 11422] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11416] <... futex resumed>) = 0 [pid 11423] <... openat resumed>) = 4 [pid 11422] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11416] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11437] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11435] <... prctl resumed>) = 0 [pid 11423] ioctl(4, LOOP_CLR_FD [pid 11422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11416] <... futex resumed>) = 0 [pid 11436] <... set_robust_list resumed>) = 0 [pid 11435] setpgid(0, 0 [pid 11423] <... ioctl resumed>) = 0 [pid 11422] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11416] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11436] chdir("./444" [pid 11435] <... setpgid resumed>) = 0 [pid 11423] close(4 [pid 11436] <... chdir resumed>) = 0 [pid 11435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11423] <... close resumed>) = 0 [pid 11436] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11435] <... openat resumed>) = 3 [pid 11423] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11436] <... prctl resumed>) = 0 [pid 11435] write(3, "1000", 4 [pid 11423] <... futex resumed>) = 1 [pid 11436] setpgid(0, 0 [pid 11435] <... write resumed>) = 4 [pid 11423] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11436] <... setpgid resumed>) = 0 [pid 11435] close(3 [pid 11436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11435] <... close resumed>) = 0 [pid 11436] <... openat resumed>) = 3 [pid 11435] symlink("/dev/binderfs", "./binderfs" [pid 11436] write(3, "1000", 4 [pid 11435] <... symlink resumed>) = 0 [pid 11436] <... write resumed>) = 4 [pid 11435] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11436] close(3 [pid 11435] <... futex resumed>) = 0 [pid 11436] <... close resumed>) = 0 [pid 11435] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11436] symlink("/dev/binderfs", "./binderfs" [pid 11435] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11436] <... symlink resumed>) = 0 [pid 11435] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11436] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11436] <... futex resumed>) = 0 [pid 11435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11436] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11435] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11436] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11435] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11436] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11435] <... mprotect resumed>) = 0 [pid 11436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11435] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11435] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11436] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11435] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11436] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11435] <... clone3 resumed> => {parent_tid=[11438]}, 88) = 11438 [pid 11436] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11435] rt_sigprocmask(SIG_SETMASK, [], [pid 11436] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11435] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11436] <... clone3 resumed> => {parent_tid=[11439]}, 88) = 11439 [pid 11435] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11436] rt_sigprocmask(SIG_SETMASK, [], [pid 11420] <... futex resumed>) = 0 [pid 11436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11422] <... openat resumed>) = 4 [pid 11420] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11417] <... futex resumed>) = 0 [pid 11436] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11423] <... futex resumed>) = 0 [pid 11422] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11420] <... futex resumed>) = 1 [pid 11417] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11436] <... futex resumed>) = 0 [pid 11423] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11422] <... futex resumed>) = 1 [pid 11420] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11416] <... futex resumed>) = 0 [pid 11436] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11423] <... openat resumed>) = 4 [pid 11422] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11416] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11423] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11416] <... futex resumed>) = 0 [pid 11423] <... futex resumed>) = 1 [pid 11422] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11420] <... futex resumed>) = 0 [pid 11416] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11423] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11422] <... write resumed>) = 16 [pid 11420] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11416] <... futex resumed>) = 0 [pid 11423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11422] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11420] <... futex resumed>) = 0 [pid 11416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 11439 attached [pid 11423] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11422] <... futex resumed>) = 0 [pid 11420] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11416] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11439] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11423] <... write resumed>) = 16 [pid 11422] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11420] <... futex resumed>) = 0 [pid 11416] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 11438 attached [pid 11439] <... set_robust_list resumed>) = 0 [pid 11423] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11416] <... mprotect resumed>) = 0 [pid 11439] rt_sigprocmask(SIG_SETMASK, [], [pid 11438] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11423] <... futex resumed>) = 0 [pid 11420] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11416] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11438] <... set_robust_list resumed>) = 0 [pid 11423] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11420] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11416] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11439] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11438] rt_sigprocmask(SIG_SETMASK, [], [pid 11420] <... mprotect resumed>) = 0 [pid 11416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11440]}, 88) = 11440 [pid 11416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11416] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11416] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11420] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11420] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11441]}, 88) = 11441 [pid 11420] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11420] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11420] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11439] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11438] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 11441 attached ./strace-static-x86_64: Process 11440 attached [pid 11439] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11438] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11418] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11441] set_robust_list(0x7fe45c3c99a0, 24 [pid 11440] set_robust_list(0x7fe45c3c99a0, 24 [pid 11439] <... futex resumed>) = 1 [pid 11438] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11436] <... futex resumed>) = 0 [pid 11418] sendfile(-1, -1, [0] [pid 11441] <... set_robust_list resumed>) = 0 [pid 11440] <... set_robust_list resumed>) = 0 [pid 11439] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11438] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11436] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11418] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11418] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11418] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11441] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11441] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11420] <... futex resumed>) = 0 [pid 11417] <... futex resumed>) = 0 [pid 11436] <... futex resumed>) = 0 [pid 11420] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11436] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11420] <... futex resumed>) = 1 [pid 11417] exit_group(0 [pid 11423] <... futex resumed>) = 0 [pid 11439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11438] <... futex resumed>) = 1 [pid 11437] <... futex resumed>) = ? [pid 11435] <... futex resumed>) = 0 [pid 11423] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11420] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11417] <... exit_group resumed>) = ? [pid 11439] memfd_create("syzkaller", 0 [pid 11437] +++ exited with 0 +++ [pid 11435] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11423] <... mmap resumed>) = 0x20000000 [pid 11439] <... memfd_create resumed>) = 3 [pid 11435] <... futex resumed>) = 0 [pid 11423] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11438] memfd_create("syzkaller", 0 [pid 11439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11435] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11423] <... futex resumed>) = 1 [pid 11420] <... futex resumed>) = 0 [pid 11439] <... mmap resumed>) = 0x7fe453fca000 [pid 11438] <... memfd_create resumed>) = 3 [pid 11420] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11441] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11440] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11440] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11416] <... futex resumed>) = 0 [pid 11416] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11422] <... futex resumed>) = 0 [pid 11416] <... futex resumed>) = 1 [pid 11422] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11416] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11422] <... mmap resumed>) = 0x20000000 [pid 11422] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11416] <... futex resumed>) = 0 [pid 11422] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 157.077003][T11418] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 157.107993][T11423] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11416] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11416] <... futex resumed>) = 0 [pid 11438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11420] <... futex resumed>) = 0 [pid 11418] <... futex resumed>) = ? [pid 11416] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11438] <... mmap resumed>) = 0x7fe453fca000 [pid 11422] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11420] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11418] +++ exited with 0 +++ [pid 11417] +++ exited with 0 +++ [pid 11440] <... futex resumed>) = 1 [pid 11439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11423] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11422] sendfile(-1, -1, [0] [pid 11440] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11438] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11439] <... write resumed>) = 1048576 [pid 11423] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11422] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11439] munmap(0x7fe453fca000, 138412032 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11417, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 11423] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11422] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11423] <... futex resumed>) = 1 [pid 11420] <... futex resumed>) = 0 [pid 296] umount2("./444", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11422] <... futex resumed>) = 1 [pid 11423] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11420] exit_group(0 [pid 11416] <... futex resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11422] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11441] <... futex resumed>) = ? [pid 11439] <... munmap resumed>) = 0 [pid 11423] <... futex resumed>) = ? [pid 11420] <... exit_group resumed>) = ? [pid 11416] exit_group(0 [pid 296] openat(AT_FDCWD, "./444", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11441] +++ exited with 0 +++ [pid 11423] +++ exited with 0 +++ [pid 11420] +++ exited with 0 +++ [pid 11416] <... exit_group resumed>) = ? [pid 11422] <... futex resumed>) = -1 (errno 18446744073709551359) [pid 11440] <... futex resumed>) = -1 (errno 18446744073709551359) [pid 11439] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 296] <... openat resumed>) = 3 [pid 11422] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11420, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 11440] +++ exited with 0 +++ [pid 11416] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11416, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 296] newfstatat(3, "", [pid 11439] <... openat resumed>) = 4 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11439] ioctl(4, LOOP_SET_FD, 3 [pid 297] umount2("./444", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./444/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] openat(AT_FDCWD, "./444", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./444", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11438] <... write resumed>) = 1048576 [pid 11438] munmap(0x7fe453fca000, 138412032) = 0 [pid 11438] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11438] ioctl(4, LOOP_SET_FD, 3 [pid 11439] <... ioctl resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] newfstatat(AT_FDCWD, "./444/binderfs", [pid 298] openat(AT_FDCWD, "./444", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] getdents64(3, [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... openat resumed>) = 3 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] unlink("./444/binderfs" [pid 298] newfstatat(3, "", [pid 297] umount2("./444/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... unlink resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] getdents64(3, [pid 297] newfstatat(AT_FDCWD, "./444/binderfs", [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./444/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] unlink("./444/binderfs" [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... unlink resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./444/binderfs", [pid 297] umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./444/binderfs") = 0 [pid 298] umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11439] close(3) = 0 [pid 11439] close(4 [pid 11438] <... ioctl resumed>) = 0 [pid 11438] close(3) = 0 [pid 11438] close(4 [pid 298] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 298] umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11439] <... close resumed>) = 0 [pid 11438] <... close resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] newfstatat(AT_FDCWD, "./444/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./444/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./444/file0") = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./444/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./444/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11439] mkdir("./file0", 0777 [pid 11438] mkdir("./file0", 0777 [pid 298] getdents64(3, [pid 297] getdents64(4, [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11439] <... mkdir resumed>) = 0 [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] newfstatat(AT_FDCWD, "./444/file0", [pid 11438] <... mkdir resumed>) = 0 [pid 298] close(3 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11439] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 297] getdents64(4, [pid 298] <... close resumed>) = 0 [pid 296] umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] rmdir("./444" [pid 297] close(4 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... close resumed>) = 0 [pid 297] rmdir("./444/file0" [pid 296] openat(AT_FDCWD, "./444/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... rmdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 296] <... openat resumed>) = 4 [pid 298] mkdir("./445", 0777 [pid 11438] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 297] getdents64(3, [pid 296] newfstatat(4, "", [pid 298] <... mkdir resumed>) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] close(3 [pid 296] getdents64(4, [pid 297] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] rmdir("./444" [pid 296] getdents64(4, [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... rmdir resumed>) = 0 [pid 296] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(3 [pid 297] mkdir("./445", 0777 [pid 296] close(4 [pid 298] <... close resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] rmdir("./444/file0"./strace-static-x86_64: Process 11442 attached [pid 297] <... openat resumed>) = 3 [pid 296] <... rmdir resumed>) = 0 [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 11442 [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] getdents64(3, [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] close(3 [pid 296] close(3 [pid 297] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 11442] set_robust_list(0x5555557b6760, 24 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] rmdir("./444" [pid 11442] <... set_robust_list resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 11443 attached [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 11443 [pid 296] mkdir("./445", 0777 [pid 11443] set_robust_list(0x5555557b6760, 24 [pid 11442] chdir("./445" [pid 296] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11444 ./strace-static-x86_64: Process 11444 attached [pid 11444] set_robust_list(0x5555557b6760, 24) = 0 [pid 11444] chdir("./445") = 0 [pid 11444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11444] setpgid(0, 0) = 0 [pid 11444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11444] write(3, "1000", 4) = 4 [pid 11444] close(3) = 0 [pid 11444] symlink("/dev/binderfs", "./binderfs") = 0 [ 157.112350][T11422] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 157.151721][T11439] loop0: detected capacity change from 0 to 2048 [ 157.153856][T11438] loop4: detected capacity change from 0 to 2048 [pid 11444] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11443] <... set_robust_list resumed>) = 0 [pid 11442] <... chdir resumed>) = 0 [pid 11443] chdir("./445" [pid 11442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11443] <... chdir resumed>) = 0 [pid 11443] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 11442] setpgid(0, 0 [pid 11443] <... prctl resumed>) = 0 [pid 11442] <... setpgid resumed>) = 0 [pid 11443] setpgid(0, 0 [pid 11442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11443] <... setpgid resumed>) = 0 [pid 11443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11442] <... openat resumed>) = 3 [pid 11438] <... mount resumed>) = 0 [pid 11443] write(3, "1000", 4 [pid 11442] write(3, "1000", 4 [pid 11438] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11443] <... write resumed>) = 4 [pid 11442] <... write resumed>) = 4 [pid 11443] close(3 [pid 11444] <... futex resumed>) = 0 [pid 11444] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11444] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11443] <... close resumed>) = 0 [pid 11442] close(3 [pid 11443] symlink("/dev/binderfs", "./binderfs" [pid 11444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11442] <... close resumed>) = 0 [pid 11444] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11443] <... symlink resumed>) = 0 [pid 11442] symlink("/dev/binderfs", "./binderfs" [pid 11443] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11442] <... symlink resumed>) = 0 [pid 11443] <... futex resumed>) = 0 [pid 11442] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11443] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11442] <... futex resumed>) = 0 [pid 11444] <... clone3 resumed> => {parent_tid=[11447]}, 88) = 11447 [pid 11444] rt_sigprocmask(SIG_SETMASK, [], [pid 11442] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, [pid 11443] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11442] <... rt_sigaction resumed>NULL, 8) = 0 [pid 11444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11443] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11442] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 11443] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11442] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11444] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11444] <... futex resumed>) = 0 [pid 11443] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11442] <... mmap resumed>) = 0x7fe45c3ca000 [pid 11444] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11443] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11442] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE [pid 11443] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 11447 attached [pid 11447] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11442] <... mprotect resumed>) = 0 [pid 11447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11443] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11447] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11442] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11443] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11443] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11442] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11442] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} [pid 11447] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11443] <... clone3 resumed> => {parent_tid=[11448]}, 88) = 11448 [pid 11443] rt_sigprocmask(SIG_SETMASK, [], [pid 11442] <... clone3 resumed> => {parent_tid=[11449]}, 88) = 11449 [pid 11443] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11442] rt_sigprocmask(SIG_SETMASK, [], [pid 11443] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11442] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11443] <... futex resumed>) = 0 [pid 11442] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11443] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11442] <... futex resumed>) = 0 [pid 11444] <... futex resumed>) = 0 [pid 11444] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11442] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11444] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11447] <... futex resumed>) = 1 [pid 11447] memfd_create("syzkaller", 0) = 3 [pid 11447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11438] <... openat resumed>) = 3 [pid 11438] chdir("./file0") = 0 [pid 11438] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11438] ioctl(4, LOOP_CLR_FD./strace-static-x86_64: Process 11449 attached ./strace-static-x86_64: Process 11448 attached ) = 0 [pid 11438] close(4 [pid 11449] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11448] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11438] <... close resumed>) = 0 [pid 11438] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11435] <... futex resumed>) = 0 [pid 11435] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11435] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11438] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11449] <... set_robust_list resumed>) = 0 [pid 11448] <... set_robust_list resumed>) = 0 [pid 11449] rt_sigprocmask(SIG_SETMASK, [], [pid 11448] rt_sigprocmask(SIG_SETMASK, [], [pid 11438] <... openat resumed>) = 4 [pid 11438] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11435] <... futex resumed>) = 0 [pid 11435] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11435] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11435] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11435] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11448] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11438] <... futex resumed>) = 1 [pid 11435] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11449] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11448] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11449] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11448] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11449] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11448] <... futex resumed>) = 1 [pid 11443] <... futex resumed>) = 0 [pid 11449] <... futex resumed>) = 1 [pid 11448] memfd_create("syzkaller", 0 [pid 11443] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11442] <... futex resumed>) = 0 [pid 11449] memfd_create("syzkaller", 0 [pid 11448] <... memfd_create resumed>) = 3 [pid 11443] <... futex resumed>) = 0 [pid 11442] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11449] <... memfd_create resumed>) = 3 [pid 11448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11443] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11435] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11452]}, 88) = 11452 [pid 11435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11435] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11435] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11438] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11438] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11438] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11442] <... futex resumed>) = 0 [pid 11448] <... mmap resumed>) = 0x7fe453fca000 [ 157.204934][T11438] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 157.235991][T11439] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11442] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 11452 attached [pid 11452] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11452] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11452] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11435] <... futex resumed>) = 0 [pid 11435] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11438] <... futex resumed>) = 0 [pid 11435] <... futex resumed>) = 1 [pid 11438] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11435] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11438] <... mmap resumed>) = 0x20000000 [pid 11438] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11435] <... futex resumed>) = 0 [pid 11452] <... futex resumed>) = 1 [pid 11449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11448] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11447] <... write resumed>) = 1048576 [pid 11439] <... mount resumed>) = 0 [pid 11435] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11449] <... mmap resumed>) = 0x7fe453fca000 [pid 11448] <... write resumed>) = 1048576 [pid 11435] <... futex resumed>) = 0 [pid 11435] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11452] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11448] munmap(0x7fe453fca000, 138412032 [pid 11447] munmap(0x7fe453fca000, 138412032 [pid 11439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11439] chdir("./file0") = 0 [pid 11439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11439] ioctl(4, LOOP_CLR_FD) = 0 [pid 11439] close(4) = 0 [pid 11439] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11436] <... futex resumed>) = 0 [pid 11436] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11436] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11439] <... futex resumed>) = 1 [pid 11439] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11448] <... munmap resumed>) = 0 [pid 11448] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11439] <... openat resumed>) = 4 [pid 11448] <... openat resumed>) = 4 [pid 11439] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11448] ioctl(4, LOOP_SET_FD, 3 [pid 11449] <... write resumed>) = 1048576 [pid 11447] <... munmap resumed>) = 0 [pid 11439] <... futex resumed>) = 1 [pid 11438] sendfile(-1, -1, [0] [pid 11436] <... futex resumed>) = 0 [pid 11449] munmap(0x7fe453fca000, 138412032) = 0 [pid 11449] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 11447] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 11449] <... openat resumed>) = 4 [pid 11447] <... openat resumed>) = 4 [pid 11438] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11449] ioctl(4, LOOP_SET_FD, 3 [pid 11447] ioctl(4, LOOP_SET_FD, 3 [pid 11438] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11448] <... ioctl resumed>) = 0 [pid 11439] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11438] <... futex resumed>) = 1 [pid 11436] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11438] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11447] <... ioctl resumed>) = 0 [pid 11447] close(3) = 0 [pid 11447] close(4 [pid 11435] <... futex resumed>) = 0 [pid 11435] exit_group(0 [pid 11452] <... futex resumed>) = ? [pid 11438] <... futex resumed>) = ? [pid 11435] <... exit_group resumed>) = ? [pid 11452] +++ exited with 0 +++ [pid 11438] +++ exited with 0 +++ [pid 11435] +++ exited with 0 +++ [pid 11448] close(3) = 0 [pid 11448] close(4 [pid 11439] <... write resumed>) = 16 [pid 11439] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11439] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 11436] <... futex resumed>) = 1 [pid 11439] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11436] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11436] <... futex resumed>) = 0 [pid 11439] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11436] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11439] <... write resumed>) = 16 [pid 11439] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11436] <... futex resumed>) = 0 [pid 11439] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11436] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11436] <... futex resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11435, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 11439] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11436] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11449] <... ioctl resumed>) = 0 [pid 11439] <... mmap resumed>) = 0x20000000 [pid 11439] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11436] <... futex resumed>) = 0 [pid 11439] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11436] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11436] <... futex resumed>) = 0 [pid 11449] close(3) = 0 [pid 11449] close(4 [pid 11436] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./439", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./439", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./439/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./439/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./439/binderfs") = 0 [ 157.254327][T11438] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 157.278312][T11448] loop2: detected capacity change from 0 to 2048 [ 157.280280][T11447] loop1: detected capacity change from 0 to 2048 [ 157.285054][T11449] loop3: detected capacity change from 0 to 2048 [pid 299] umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11439] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11439] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11439] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11439] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11436] <... futex resumed>) = 0 [pid 11436] exit_group(0 [pid 11439] <... futex resumed>) = ? [pid 11436] <... exit_group resumed>) = ? [pid 11439] +++ exited with 0 +++ [pid 11436] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11436, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 295] umount2("./444", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./444", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./444/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./444/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./444/binderfs") = 0 [pid 295] umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11449] <... close resumed>) = 0 [pid 11449] mkdir("./file0", 0777) = 0 [pid 11449] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11448] <... close resumed>) = 0 [pid 11447] <... close resumed>) = 0 [pid 295] <... umount2 resumed>) = 0 [pid 11448] mkdir("./file0", 0777 [pid 11447] mkdir("./file0", 0777 [pid 295] umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11448] <... mkdir resumed>) = 0 [pid 11447] <... mkdir resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11448] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11447] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 295] newfstatat(AT_FDCWD, "./444/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./444/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./444/file0") = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./444") = 0 [pid 295] mkdir("./445", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11455 ./strace-static-x86_64: Process 11455 attached [pid 11455] set_robust_list(0x5555557b6760, 24) = 0 [pid 11455] chdir("./445") = 0 [pid 11455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11455] setpgid(0, 0) = 0 [pid 11449] <... mount resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 11455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 11449] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 299] umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11455] <... openat resumed>) = 3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11455] write(3, "1000", 4) = 4 [pid 11455] close(3) = 0 [pid 11449] <... openat resumed>) = 3 [pid 299] newfstatat(AT_FDCWD, "./439/file0", [pid 11455] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11449] chdir("./file0" [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 11455] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11455] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11455] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11455] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11455] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11449] <... chdir resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11455] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] openat(AT_FDCWD, "./439/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11455] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0}./strace-static-x86_64: Process 11456 attached [pid 11449] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 299] <... openat resumed>) = 4 [pid 299] newfstatat(4, "", [pid 11449] <... openat resumed>) = 4 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11455] <... clone3 resumed> => {parent_tid=[11456]}, 88) = 11456 [pid 11455] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11455] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11456] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11455] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11449] ioctl(4, LOOP_CLR_FD [pid 299] getdents64(4, [pid 11456] <... set_robust_list resumed>) = 0 [pid 11456] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 11456] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11456] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 299] getdents64(4, [pid 11456] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11449] <... ioctl resumed>) = 0 [pid 11456] <... futex resumed>) = 1 [pid 11455] <... futex resumed>) = 0 [pid 11456] memfd_create("syzkaller", 0 [pid 11455] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 11456] <... memfd_create resumed>) = 3 [pid 11455] <... futex resumed>) = 0 [pid 11449] close(4 [pid 299] close(4 [pid 11456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 11455] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11456] <... mmap resumed>) = 0x7fe453fca000 [pid 11456] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 299] <... close resumed>) = 0 [pid 11449] <... close resumed>) = 0 [pid 299] rmdir("./439/file0") = 0 [pid 11449] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 11449] <... futex resumed>) = 1 [pid 11442] <... futex resumed>) = 0 [pid 11442] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] close(3 [pid 11449] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11442] <... futex resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 11442] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] rmdir("./439") = 0 [pid 299] mkdir("./440", 0777 [pid 11449] <... openat resumed>) = 4 [pid 299] <... mkdir resumed>) = 0 [pid 11449] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11442] <... futex resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 11449] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11442] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 3 [pid 11442] <... futex resumed>) = 0 [pid 11449] <... write resumed>) = 16 [pid 11442] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] ioctl(3, LOOP_CLR_FD [pid 11442] <... futex resumed>) = 0 [pid 11449] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 11442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11449] <... futex resumed>) = 0 [pid 299] close(3 [pid 11442] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11442] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11449] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... close resumed>) = 0 [pid 11442] <... mprotect resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 11442] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11442] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 299] <... clone resumed>, child_tidptr=0x5555557b6750) = 11460 [pid 11442] <... clone3 resumed> => {parent_tid=[11461]}, 88) = 11461 [pid 11442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11442] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11442] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11456] <... write resumed>) = 1048576 [pid 11456] munmap(0x7fe453fca000, 138412032) = 0 [ 157.298666][T11439] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 157.332649][T11449] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. ./strace-static-x86_64: Process 11461 attached ./strace-static-x86_64: Process 11460 attached [pid 11456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11456] ioctl(4, LOOP_SET_FD, 3 [pid 11461] set_robust_list(0x7fe45c3c99a0, 24 [pid 11460] set_robust_list(0x5555557b6760, 24 [pid 11447] <... mount resumed>) = 0 [pid 11456] <... ioctl resumed>) = 0 [pid 11456] close(3) = 0 [pid 11456] close(4 [pid 11448] <... mount resumed>) = 0 [pid 11448] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11448] chdir("./file0") = 0 [pid 11448] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11448] ioctl(4, LOOP_CLR_FD) = 0 [pid 11448] close(4) = 0 [pid 11448] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11443] <... futex resumed>) = 0 [pid 11443] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11443] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11456] <... close resumed>) = 0 [pid 11456] mkdir("./file0", 0777) = 0 [pid 11456] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11448] <... futex resumed>) = 1 [pid 11448] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11461] <... set_robust_list resumed>) = 0 [pid 11461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11461] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11460] <... set_robust_list resumed>) = 0 [pid 11460] chdir("./440") = 0 [pid 11460] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11460] setpgid(0, 0) = 0 [pid 11460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11460] write(3, "1000", 4) = 4 [pid 11460] close(3) = 0 [pid 11460] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11460] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11460] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11460] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11460] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11460] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11463]}, 88) = 11463 [pid 11460] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11460] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11460] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11463 attached [pid 11463] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11463] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11463] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11463] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11460] <... futex resumed>) = 0 [pid 11460] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11460] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11463] <... futex resumed>) = 1 [pid 11463] memfd_create("syzkaller", 0) = 3 [pid 11463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11461] <... write resumed>) = 16 [ 157.371182][T11447] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 157.371722][T11448] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 157.382314][T11456] loop0: detected capacity change from 0 to 2048 [pid 11442] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 11442] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11449] <... futex resumed>) = 0 [pid 11442] <... futex resumed>) = 1 [pid 11449] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11442] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11449] <... mmap resumed>) = 0x20000000 [pid 11449] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11442] <... futex resumed>) = 0 [pid 11461] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11449] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11442] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11449] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11461] <... futex resumed>) = 0 [pid 11442] <... futex resumed>) = 0 [pid 11463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 11442] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11463] <... write resumed>) = 1048576 [pid 11463] munmap(0x7fe453fca000, 138412032) = 0 [pid 11463] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11463] ioctl(4, LOOP_SET_FD, 3 [pid 11461] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11448] <... openat resumed>) = 4 [pid 11447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11463] <... ioctl resumed>) = 0 [pid 11463] close(3) = 0 [pid 11463] close(4 [pid 11447] <... openat resumed>) = 3 [pid 11449] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11449] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11449] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11442] <... futex resumed>) = 0 [pid 11463] <... close resumed>) = 0 [pid 11442] exit_group(0 [pid 11463] mkdir("./file0", 0777 [pid 11442] <... exit_group resumed>) = ? [pid 11449] +++ exited with 0 +++ [pid 11463] <... mkdir resumed>) = 0 [pid 11463] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11461] <... futex resumed>) = ? [pid 11461] +++ exited with 0 +++ [pid 11442] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11442, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 11447] chdir("./file0") = 0 [pid 298] umount2("./445", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./445", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", [pid 11447] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 11447] <... openat resumed>) = 4 [pid 11447] ioctl(4, LOOP_CLR_FD [pid 298] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 11447] <... ioctl resumed>) = 0 [pid 298] umount2("./445/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 11447] close(4 [pid 298] newfstatat(AT_FDCWD, "./445/binderfs", [pid 11447] <... close resumed>) = 0 [pid 11447] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./445/binderfs" [pid 11447] <... futex resumed>) = 1 [pid 11444] <... futex resumed>) = 0 [pid 11447] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11444] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... unlink resumed>) = 0 [pid 11444] <... futex resumed>) = 0 [pid 11444] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11447] <... openat resumed>) = 4 [pid 11447] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11444] <... futex resumed>) = 0 [pid 11444] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11447] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11444] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11447] <... write resumed>) = 16 [pid 11444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11447] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11443] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 11447] <... futex resumed>) = 0 [pid 11444] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11443] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 11447] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11444] <... mprotect resumed>) = 0 [pid 11443] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 11444] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11443] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11444] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11443] <... futex resumed>) = 0 [pid 11444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11443] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11444] <... clone3 resumed> => {parent_tid=[11466]}, 88) = 11466 [pid 11443] <... mprotect resumed>) = 0 [pid 11444] rt_sigprocmask(SIG_SETMASK, [], [pid 11443] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11443] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11444] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11443] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11444] <... futex resumed>) = 0 [pid 11443] <... clone3 resumed> => {parent_tid=[11467]}, 88) = 11467 [pid 11443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11443] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11444] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11443] <... futex resumed>) = 0 [pid 11443] futex(0x7fe45c4b66ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c388000 [pid 11443] mprotect(0x7fe45c389000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11443] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11443] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3a8990, parent_tid=0x7fe45c3a8990, exit_signal=0, stack=0x7fe45c388000, stack_size=0x20240, tls=0x7fe45c3a86c0} => {parent_tid=[11469]}, 88) = 11469 [pid 11443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11443] futex(0x7fe45c4b66e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11443] futex(0x7fe45c4b66ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11448] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 11466 attached [pid 11466] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11466] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11466] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11466] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 11467 attached [pid 11467] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11467] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11467] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11467] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 11469 attached [pid 11469] set_robust_list(0x7fe45c3a89a0, 24) = 0 [pid 11469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11469] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11469] futex(0x7fe45c4b66ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 11443] <... futex resumed>) = 0 [pid 11443] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11443] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11469] <... futex resumed>) = 1 [pid 11469] futex(0x7fe45c4b66e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11443] <... futex resumed>) = 0 [pid 11443] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 11448] <... futex resumed>) = 1 [pid 11448] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 11448] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11443] <... futex resumed>) = 0 [pid 11443] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11443] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11448] <... futex resumed>) = 1 [ 157.419568][T11449] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 157.423285][T11463] loop4: detected capacity change from 0 to 2048 [ 157.455134][T11456] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11456] <... mount resumed>) = 0 [pid 11444] <... futex resumed>) = 0 [pid 11444] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11447] <... futex resumed>) = 0 [pid 11444] <... futex resumed>) = 1 [pid 11447] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11444] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11447] <... mmap resumed>) = 0x20000000 [pid 11447] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11444] <... futex resumed>) = 0 [pid 11456] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11444] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11456] <... openat resumed>) = 3 [pid 11456] chdir("./file0") = 0 [pid 11456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11456] ioctl(4, LOOP_CLR_FD) = 0 [pid 11456] close(4) = 0 [pid 11456] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11455] <... futex resumed>) = 0 [pid 11455] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11455] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11456] <... futex resumed>) = 1 [pid 11456] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11444] <... futex resumed>) = 0 [pid 11444] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11456] <... openat resumed>) = 4 [pid 11456] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11455] <... futex resumed>) = 0 [pid 11455] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11455] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11455] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11455] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11455] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11471]}, 88) = 11471 [pid 11455] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11455] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11455] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11456] <... futex resumed>) = 1 [pid 11456] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11456] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11456] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 11471 attached [pid 11471] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11443] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 11471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11471] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11471] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11455] <... futex resumed>) = 0 [pid 11455] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11456] <... futex resumed>) = 0 [pid 11455] <... futex resumed>) = 1 [pid 11456] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11455] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11456] <... mmap resumed>) = 0x20000000 [pid 11456] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11455] <... futex resumed>) = 0 [pid 11471] <... futex resumed>) = 1 [pid 11463] <... mount resumed>) = 0 [pid 11455] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11448] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11448] sendfile(-1, -1, [0], 0) = -1 EFAULT (Bad address) [pid 11448] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11448] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11471] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11463] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11463] chdir("./file0") = 0 [pid 11463] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 11463] ioctl(4, LOOP_CLR_FD) = 0 [pid 11463] close(4) = 0 [pid 11463] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11460] <... futex resumed>) = 0 [pid 11460] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11460] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11463] <... futex resumed>) = 1 [ 157.458322][T11448] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 157.472442][T11447] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 157.501605][T11463] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 11463] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11455] <... futex resumed>) = 0 [pid 11447] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11455] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11443] exit_group(0 [pid 11447] sendfile(-1, -1, [0] [pid 11448] <... futex resumed>) = ? [pid 11443] <... exit_group resumed>) = ? [pid 11467] <... futex resumed>) = ? [pid 11469] <... futex resumed>) = ? [pid 11463] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11456] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11448] +++ exited with 0 +++ [pid 11467] +++ exited with 0 +++ [pid 11447] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11447] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11444] <... futex resumed>) = 0 [pid 11444] exit_group(0 [pid 11466] <... futex resumed>) = ? [pid 11444] <... exit_group resumed>) = ? [pid 11469] +++ exited with 0 +++ [pid 11466] +++ exited with 0 +++ [pid 11443] +++ exited with 0 +++ [pid 11447] <... futex resumed>) = ? [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11443, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 11463] <... futex resumed>) = 1 [pid 11460] <... futex resumed>) = 0 [pid 11456] sendfile(-1, -1, [0] [pid 11460] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11460] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11460] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11460] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11472]}, 88) = 11472 [pid 11460] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11460] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11460] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11472 attached [pid 11472] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11472] rt_sigprocmask(SIG_SETMASK, [], [pid 297] umount2("./445", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11472] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11472] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 11472] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] openat(AT_FDCWD, "./445", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 11460] <... futex resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 11460] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] newfstatat(3, "", [pid 11460] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, [pid 11472] <... futex resumed>) = 1 [pid 11472] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 297] umount2("./445/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./445/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./445/binderfs" [pid 11472] <... mmap resumed>) = 0x20000000 [pid 11472] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11460] <... futex resumed>) = 0 [pid 11460] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11460] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... unlink resumed>) = 0 [pid 297] umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11472] <... futex resumed>) = 1 [pid 11463] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11456] <... sendfile resumed>, 0) = -1 EFAULT (Bad address) [pid 11447] +++ exited with 0 +++ [pid 11444] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11444, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 296] umount2("./445", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./445", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 296] umount2("./445/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./445/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./445/binderfs" [pid 11472] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000080} --- [pid 11472] sendfile(-1, -1, [16] [pid 296] <... unlink resumed>) = 0 [pid 11472] <... sendfile resumed>, 0) = -1 EBADF (Bad file descriptor) [pid 11472] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11460] <... futex resumed>) = 0 [pid 296] umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11472] <... futex resumed>) = 1 [pid 11472] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11463] <... write resumed>) = 16 [pid 11456] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11455] <... futex resumed>) = 0 [pid 11455] exit_group(0 [pid 11471] <... futex resumed>) = ? [pid 11455] <... exit_group resumed>) = ? [pid 11471] +++ exited with 0 +++ [pid 11456] <... futex resumed>) = ? [pid 11463] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11460] exit_group(0) = ? [pid 11463] +++ exited with 0 +++ [pid 11456] +++ exited with 0 +++ [pid 11455] +++ exited with 0 +++ [pid 11472] <... futex resumed>) = ? [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11455, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./445", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./445", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 295] umount2("./445/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./445/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./445/binderfs") = 0 [ 157.512231][T11456] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 157.534358][T11472] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 157.554609][T11472] ------------[ cut here ]------------ [ 157.559919][T11472] WARNING: CPU: 1 PID: 11472 at fs/ext4/inode.c:3637 ext4_set_page_dirty+0x199/0x1a0 [ 157.569298][T11472] Modules linked in: [ 157.572993][T11472] CPU: 1 PID: 11472 Comm: syz-executor236 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0 [ 157.583266][T11472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 157.593308][T11472] RIP: 0010:ext4_set_page_dirty+0x199/0x1a0 [ 157.598954][T11472] Code: 5d c3 e8 ea 5b 87 ff 48 ff cb e9 e2 fe ff ff e8 dd 5b 87 ff 0f 0b eb d7 e8 d4 5b 87 ff 48 ff cb e9 3c ff ff ff e8 c7 5b 87 ff <0f> 0b e9 7a ff ff ff 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 [ 157.618507][T11472] RSP: 0018:ffffc900026b7488 EFLAGS: 00010293 [ 157.624380][T11472] RAX: ffffffff81e8c5b9 RBX: 0000000000000000 RCX: ffff88810c65a780 [ 157.632198][T11472] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 157.640011][T11472] RBP: ffffc900026b74b0 R08: ffffffff81e8c524 R09: fffff94000924fc9 [ 157.647930][T11472] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 157.656073][T11472] R13: 1ffffd4000924fc9 R14: ffffea0004927e40 R15: ffffea0004927e48 [ 157.663925][T11472] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 157.672688][T11472] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 157.679178][T11472] CR2: 00007fe45c481a58 CR3: 000000010b79b000 CR4: 00000000003506a0 [ 157.687384][T11472] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 157.695363][T11472] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 157.703464][T11472] Call Trace: [ 157.706705][T11472] [ 157.709481][T11472] ? show_regs+0x58/0x60 [ 157.714231][T11472] ? __warn+0x160/0x2f0 [ 157.718349][T11472] ? ext4_set_page_dirty+0x199/0x1a0 [ 157.723667][T11472] ? report_bug+0x3d9/0x5b0 [ 157.727940][T11472] ? ext4_set_page_dirty+0x199/0x1a0 [ 157.733611][T11472] ? handle_bug+0x41/0x70 [ 157.737833][T11472] ? exc_invalid_op+0x1b/0x50 [ 157.742492][T11472] ? asm_exc_invalid_op+0x1b/0x20 [ 157.747384][T11472] ? ext4_set_page_dirty+0x104/0x1a0 [ 157.752540][T11472] ? ext4_set_page_dirty+0x199/0x1a0 [ 157.758009][T11472] ? ext4_set_page_dirty+0x199/0x1a0 [ 157.763283][T11472] ? ext4_set_page_dirty+0x199/0x1a0 [ 157.768337][T11472] set_page_dirty+0x1a4/0x300 [ 157.773023][T11472] unmap_page_range+0xf33/0x1ca0 [ 157.777782][T11472] ? mmu_notifier_invalidate_range_end+0xe0/0xe0 [ 157.784324][T11472] ? uprobe_munmap+0x18d/0x450 [ 157.788878][T11472] ? finish_task_switch+0x167/0x7b0 [ 157.794637][T11472] unmap_vmas+0x389/0x560 [ 157.798862][T11472] ? unmap_page_range+0x1ca0/0x1ca0 [ 157.803933][T11472] ? tlb_gather_mmu_fullmm+0x165/0x210 [ 157.809291][T11472] exit_mmap+0x3d8/0x6f0 [ 157.813476][T11472] ? exit_aio+0x25e/0x3c0 [ 157.817608][T11472] ? vm_brk+0x30/0x30 [ 157.821543][T11472] ? mutex_unlock+0xb2/0x260 [ 157.825941][T11472] ? uprobe_clear_state+0x2cd/0x320 [ 157.831067][T11472] __mmput+0x95/0x310 [ 157.835063][T11472] mmput+0x5b/0x170 [ 157.838716][T11472] do_exit+0xb9c/0x2ca0 [ 157.842871][T11472] ? put_task_struct+0x80/0x80 [ 157.847613][T11472] ? update_curr+0x31a/0x5d0 [ 157.852199][T11472] ? __kasan_check_write+0x14/0x20 [ 157.857110][T11472] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 157.862072][T11472] ? _raw_spin_lock_irqsave+0x210/0x210 [ 157.867428][T11472] do_group_exit+0x141/0x310 [ 157.871926][T11472] get_signal+0x7a3/0x1630 [ 157.876203][T11472] arch_do_signal_or_restart+0xbd/0x1680 [ 157.883063][T11472] ? __kasan_check_write+0x14/0x20 [ 157.888054][T11472] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 157.893126][T11472] ? _raw_spin_lock_irqsave+0x210/0x210 [ 157.898589][T11472] ? _raw_spin_unlock_irq+0x4e/0x70 [ 157.903638][T11472] ? __kasan_check_write+0x14/0x20 [ 157.908538][T11472] ? ptrace_stop+0x6ff/0xa90 [ 157.913000][T11472] ? get_sigframe_size+0x10/0x10 [ 157.917758][T11472] exit_to_user_mode_loop+0xa0/0xe0 [ 157.922811][T11472] exit_to_user_mode_prepare+0x5a/0xa0 [ 157.928158][T11472] syscall_exit_to_user_mode+0x26/0x160 [ 157.933589][T11472] do_syscall_64+0x49/0xb0 [ 157.937798][T11472] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 157.943572][T11472] RIP: 0033:0x7fe45c42e149 [ 157.947780][T11472] Code: Unable to access opcode bytes at RIP 0x7fe45c42e11f. [ 157.955088][T11472] RSP: 002b:00007fe45c3c9178 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 157.963432][T11472] RAX: fffffffffffffe00 RBX: 00007fe45c4b66d8 RCX: 00007fe45c42e149 [pid 295] umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 11472] +++ exited with 0 +++ [pid 11460] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11460, si_uid=0, si_status=0, si_utime=0, si_stime=50} --- [pid 299] umount2("./440", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./440", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x5555557b77f0 /* 4 entries */, 32768) = 112 [pid 299] umount2("./440/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./440/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./440/binderfs") = 0 [ 157.971314][T11472] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe45c4b66d8 [ 157.979279][T11472] RBP: 00007fe45c4b66d0 R08: 00007fe45c3c96c0 R09: 00007fe45c3c96c0 [ 157.987250][T11472] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe45c4b66dc [ 157.996415][T11472] R13: 0000000000000006 R14: 00007fff845b7830 R15: 00007fff845b7918 [ 158.004622][T11472] [ 158.007443][T11472] ---[ end trace d6f34c51a2942794 ]--- [ 158.016378][ T333] ------------[ cut here ]------------ [pid 299] umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 298] umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./445/file0", [pid 297] newfstatat(AT_FDCWD, "./445/file0", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./445/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] openat(AT_FDCWD, "./445/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... openat resumed>) = 4 [pid 297] <... openat resumed>) = 4 [pid 298] newfstatat(4, "", [pid 297] newfstatat(4, "", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 297] getdents64(4, [pid 298] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, [pid 297] getdents64(4, [pid 298] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 298] close(4 [pid 297] close(4 [pid 298] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 298] rmdir("./445/file0" [pid 297] rmdir("./445/file0" [pid 298] <... rmdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 298] getdents64(3, [pid 297] getdents64(3, [pid 298] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 298] close(3 [pid 297] close(3 [pid 298] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 298] rmdir("./445" [pid 297] rmdir("./445" [pid 298] <... rmdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 298] mkdir("./446", 0777 [pid 297] mkdir("./446", 0777 [pid 298] <... mkdir resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 298] <... openat resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] ioctl(3, LOOP_CLR_FD [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 297] close(3 [pid 298] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... clone resumed>, child_tidptr=0x5555557b6750) = 11474 [pid 297] <... clone resumed>, child_tidptr=0x5555557b6750) = 11475 ./strace-static-x86_64: Process 11475 attached [pid 11475] set_robust_list(0x5555557b6760, 24) = 0 [pid 11475] chdir("./446") = 0 [pid 11475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11475] setpgid(0, 0) = 0 [pid 11475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11475] write(3, "1000", 4) = 4 [pid 11475] close(3) = 0 [pid 11475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11475] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11475] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11475] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11475] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11475] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11475] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11476]}, 88) = 11476 [pid 11475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11475] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11475] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11476 attached [pid 11476] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11476] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11476] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11475] <... futex resumed>) = 0 [pid 11475] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11475] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11476] <... futex resumed>) = 1 [pid 11476] memfd_create("syzkaller", 0) = 3 [pid 11476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [ 158.022065][ T333] kernel BUG at fs/ext4/inode.c:2735! [ 158.041613][ T333] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 158.047953][ T333] CPU: 0 PID: 333 Comm: kworker/u4:3 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 [ 158.060002][ T333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./445/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./445/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./445/file0") = 0 [pid 296] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./445") = 0 [pid 296] mkdir("./446", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11477 [pid 11476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 11476] munmap(0x7fe453fca000, 138412032) = 0 [pid 11476] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 11476] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11476] close(3) = 0 [pid 11476] close(4./strace-static-x86_64: Process 11474 attached [pid 11474] set_robust_list(0x5555557b6760, 24) = 0 [pid 11474] chdir("./446") = 0 [pid 11474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11474] setpgid(0, 0) = 0 [pid 11474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11474] write(3, "1000", 4) = 4 [pid 11474] close(3) = 0 [pid 11474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11474] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11474] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11474] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11474] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11478]}, 88) = 11478 [pid 11474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11474] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11474] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11478 attached [pid 11478] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11478] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11478] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11478] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11474] <... futex resumed>) = 0 [pid 11474] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11474] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11478] <... futex resumed>) = 1 [pid 11478] memfd_create("syzkaller", 0) = 3 [pid 11478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 11478] munmap(0x7fe453fca000, 138412032) = 0 [pid 11478] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11478] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11478] close(3) = 0 [ 158.061280][T11476] loop2: detected capacity change from 0 to 2048 [ 158.070302][ T333] Workqueue: writeback wb_workfn (flush-7:4) [ 158.082695][ T333] RIP: 0010:ext4_writepages+0x3fe6/0x4000 [ 158.088336][ T333] Code: 89 de e8 4d c9 87 ff 45 84 f6 75 2c e8 b3 c6 87 ff 49 be 00 00 00 00 00 fc ff df 4c 8b 64 24 50 e9 e4 c5 ff ff e8 9a c6 87 ff <0f> 0b e8 93 c6 87 ff e8 ba 26 18 ff eb 9b e8 87 c6 87 ff e8 ae 26 [ 158.096794][T11478] loop3: detected capacity change from 0 to 2048 [ 158.108314][ T333] RSP: 0018:ffffc90000af7000 EFLAGS: 00010293 [pid 11478] close(4./strace-static-x86_64: Process 11477 attached [pid 11477] set_robust_list(0x5555557b6760, 24) = 0 [pid 11477] chdir("./446") = 0 [pid 11477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11477] setpgid(0, 0) = 0 [pid 11477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11477] write(3, "1000", 4) = 4 [pid 11477] close(3) = 0 [pid 11477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11477] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11477] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11477] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11477] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11479]}, 88) = 11479 [pid 11477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11477] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11477] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11479 attached [pid 11479] set_robust_list(0x7fe45c3ea9a0, 24) = 0 [pid 11479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11479] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557) = -1 EBADF (Bad file descriptor) [pid 11479] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11477] <... futex resumed>) = 0 [pid 11477] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11477] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 11479] <... futex resumed>) = 1 [ 158.108338][ T333] RAX: ffffffff81e85ae6 RBX: 0000008000000000 RCX: ffff88811f5e2780 [ 158.108354][ T333] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 158.108368][ T333] RBP: ffffc90000af7410 R08: ffffffff81e85256 R09: ffffed10237d0528 [ 158.146964][ T333] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90000af77d0 [ 158.147654][T11479] loop1: detected capacity change from 0 to 2048 [ 158.155457][ T333] R13: 0000000000000000 R14: 000000c410000000 R15: 0000000000000001 [ 158.155482][ T333] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 158.155501][ T333] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 158.155515][ T333] CR2: 00005555557bf7f8 CR3: 000000011ea03000 CR4: 00000000003506b0 [ 158.155533][ T333] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 158.205474][ T333] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 158.213247][ T333] Call Trace: [ 158.217275][ T333] [ 158.220165][ T333] ? __die_body+0x62/0xb0 [ 158.224386][ T333] ? die+0x88/0xb0 [ 158.227942][ T333] ? do_trap+0x103/0x330 [ 158.232826][ T333] ? ext4_writepages+0x3fe6/0x4000 [ 158.238985][ T333] ? handle_invalid_op+0x95/0xc0 [ 158.244253][ T333] ? ext4_writepages+0x3fe6/0x4000 [ 158.249287][ T333] ? exc_invalid_op+0x32/0x50 [ 158.254591][ T333] ? asm_exc_invalid_op+0x1b/0x20 [ 158.261128][ T333] ? ext4_writepages+0x3756/0x4000 [ 158.267495][ T333] ? ext4_writepages+0x3fe6/0x4000 [ 158.272442][ T333] ? ext4_writepages+0x3fe6/0x4000 [ 158.277400][ T333] ? update_curr+0x31a/0x5d0 [ 158.282474][ T333] ? enqueue_task_fair+0xd61/0x29a0 [ 158.289721][ T333] ? sched_group_set_idle+0x640/0x640 [ 158.296505][ T333] ? sched_clock_cpu+0x18/0x3b0 [ 158.302538][ T333] ? ext4_readpage+0x230/0x230 [ 158.310789][ T333] ? psi_task_change+0x22c/0x360 [ 158.316620][ T333] ? resched_curr+0x9d/0x1c0 [ 158.321301][ T333] ? ext4_readpage+0x230/0x230 [ 158.325986][ T333] do_writepages+0x40e/0x670 [ 158.333414][ T333] ? __writepage+0x130/0x130 [ 158.339376][ T333] ? enqueue_task_fair+0x1f1d/0x29a0 [ 158.346882][ T333] __writeback_single_inode+0xdf/0xa70 [ 158.352669][ T333] writeback_sb_inodes+0xb2a/0x1920 [ 158.358483][ T333] ? _raw_spin_lock+0xa4/0x1b0 [ 158.363928][ T333] ? get_nohz_timer_target+0x79/0x750 [ 158.373307][ T333] ? queue_io+0x520/0x520 [ 158.380074][ T333] ? __writeback_inodes_wb+0x3f0/0x3f0 [ 158.387971][ T333] ? queue_io+0x3d0/0x520 [ 158.394614][ T333] wb_writeback+0x3b9/0x9e0 [ 158.401205][ T333] ? inode_cgwb_move_to_attached+0x3c0/0x3c0 [ 158.408081][ T333] ? set_worker_desc+0x158/0x1c0 [ 158.414823][ T333] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 158.421137][ T333] ? __kasan_check_write+0x14/0x20 [ 158.426915][ T333] wb_workfn+0x3d9/0x1110 [ 158.431815][ T333] ? inode_wait_for_writeback+0x280/0x280 [ 158.440632][ T333] ? sched_clock+0x9/0x10 [ 158.447724][ T333] ? _raw_spin_unlock+0x4d/0x70 [ 158.453723][ T333] ? finish_task_switch+0x167/0x7b0 [ 158.461934][ T333] ? __kasan_check_read+0x11/0x20 [ 158.468870][ T333] ? read_word_at_a_time+0x12/0x20 [ 158.480319][ T333] ? strscpy+0x9c/0x260 [ 158.485288][ T333] process_one_work+0x6bb/0xc10 [ 158.491415][ T333] worker_thread+0xad5/0x12a0 [ 158.499803][ T333] ? _raw_spin_lock+0x1b0/0x1b0 [ 158.504907][ T333] kthread+0x421/0x510 [ 158.511878][ T333] ? worker_clr_flags+0x180/0x180 [pid 11479] memfd_create("syzkaller", 0) = 3 [pid 11479] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fca000 [pid 11479] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 11479] munmap(0x7fe453fca000, 138412032) = 0 [pid 11479] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11479] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 11479] close(3) = 0 [pid 11479] close(4) = 0 [pid 11478] <... close resumed>) = 0 [pid 11476] <... close resumed>) = 0 [pid 11479] mkdir("./file0", 0777 [pid 11478] mkdir("./file0", 0777 [pid 11476] mkdir("./file0", 0777 [pid 11479] <... mkdir resumed>) = 0 [pid 11478] <... mkdir resumed>) = 0 [pid 11476] <... mkdir resumed>) = 0 [pid 11479] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 11478] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [ 158.519216][ T333] ? kthread_blkcg+0xd0/0xd0 [ 158.528501][ T333] ret_from_fork+0x1f/0x30 [ 158.535285][ T333] [ 158.540317][ T333] Modules linked in: [ 158.545990][ T333] ---[ end trace d6f34c51a2942795 ]--- [ 158.554023][ T333] RIP: 0010:ext4_writepages+0x3fe6/0x4000 [pid 11476] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_STRICTATIME|MS_LAZYTIME, ",errors=continue" [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./445/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./445/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x5555557bf830 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x5555557bf830 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./445/file0") = 0 [pid 295] getdents64(3, 0x5555557b77f0 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./445") = 0 [pid 295] mkdir("./446", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557b6750) = 11484 ./strace-static-x86_64: Process 11484 attached [pid 11484] set_robust_list(0x5555557b6760, 24) = 0 [pid 11484] chdir("./446") = 0 [pid 11484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 11484] setpgid(0, 0) = 0 [pid 11484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 11484] write(3, "1000", 4) = 4 [pid 11484] close(3) = 0 [pid 11484] symlink("/dev/binderfs", "./binderfs") = 0 [pid 11484] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11484] rt_sigaction(SIGRT_1, {sa_handler=0x7fe45c454340, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe45c3fd740}, NULL, 8) = 0 [pid 11484] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 11484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3ca000 [pid 11484] mprotect(0x7fe45c3cb000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11484] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11484] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3ea990, parent_tid=0x7fe45c3ea990, exit_signal=0, stack=0x7fe45c3ca000, stack_size=0x20240, tls=0x7fe45c3ea6c0} => {parent_tid=[11485]}, 88) = 11485 [pid 11484] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11484] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 158.561811][ T333] Code: 89 de e8 4d c9 87 ff 45 84 f6 75 2c e8 b3 c6 87 ff 49 be 00 00 00 00 00 fc ff df 4c 8b 64 24 50 e9 e4 c5 ff ff e8 9a c6 87 ff <0f> 0b e8 93 c6 87 ff e8 ba 26 18 ff eb 9b e8 87 c6 87 ff e8 ae 26 [ 158.584918][T11479] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 158.607353][ T333] RSP: 0018:ffffc90000af7000 EFLAGS: 00010293 [pid 11484] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11485 attached [pid 11485] set_robust_list(0x7fe45c3ea9a0, 24 [pid 11484] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 11484] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11485] <... set_robust_list resumed>) = 0 [pid 11485] rt_sigprocmask(SIG_SETMASK, [], [pid 11484] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11484] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11485] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11484] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11484] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11485] accept4(-1, NULL, NULL, SOCK_CLOEXEC|0x57118557 [pid 11484] <... clone3 resumed> => {parent_tid=[11487]}, 88) = 11487 [pid 11484] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11484] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11484] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 11487 attached [pid 11487] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11487] memfd_create("syzkaller", 0 [pid 11485] <... accept4 resumed>) = -1 EBADF (Bad file descriptor) [pid 11485] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11487] <... memfd_create resumed>) = 3 [pid 11487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe453fa9000 [ 158.612265][T11478] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 158.618170][ T333] RAX: ffffffff81e85ae6 RBX: 0000008000000000 RCX: ffff88811f5e2780 [ 158.647062][ T333] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 158.655661][ T333] RBP: ffffc90000af7410 R08: ffffffff81e85256 R09: ffffed10237d0528 [pid 11485] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11487] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 11487] munmap(0x7fe453fa9000, 138412032) = 0 [pid 11487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 11487] ioctl(4, LOOP_SET_FD, 3 [pid 11476] <... mount resumed>) = 0 [pid 11476] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11476] chdir("./file0") = 0 [pid 11487] <... ioctl resumed>) = 0 [pid 11476] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 11487] close(3) = 0 [pid 11487] close(4 [pid 11479] <... mount resumed>) = 0 [pid 11478] <... mount resumed>) = 0 [pid 11476] <... openat resumed>) = 4 [pid 11476] ioctl(4, LOOP_CLR_FD) = 0 [pid 11476] close(4) = 0 [pid 11476] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11475] <... futex resumed>) = 0 [pid 11476] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11475] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11475] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11476] <... openat resumed>) = 4 [pid 11476] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11475] <... futex resumed>) = 0 [pid 11476] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11475] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11476] <... write resumed>) = 16 [pid 11475] <... futex resumed>) = 0 [pid 11476] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11475] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11476] <... futex resumed>) = 0 [pid 11475] <... futex resumed>) = 0 [pid 11476] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe45c3a9000 [pid 11475] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11475] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 158.676615][T11476] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 158.684971][ T333] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90000af77d0 [ 158.707426][T11487] loop0: detected capacity change from 0 to 2048 [pid 11475] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11489]}, 88) = 11489 [pid 11475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11475] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11475] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11478] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 11478] chdir("./file0") = 0 [pid 11478] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 11478] ioctl(4, LOOP_CLR_FD) = 0 [pid 11478] close(4) = 0 [pid 11478] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11474] <... futex resumed>) = 0 [pid 11474] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11474] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11478] <... futex resumed>) = 1 [pid 11478] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 11478] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11474] <... futex resumed>) = 0 [pid 11478] <... futex resumed>) = 1 [pid 11474] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11478] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11474] <... futex resumed>) = 0 [pid 11478] <... write resumed>) = 16 [pid 11474] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11478] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11474] <... futex resumed>) = 0 [pid 11478] <... futex resumed>) = 0 [pid 11474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11478] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11474] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11474] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 11474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 11474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} => {parent_tid=[11490]}, 88) = 11490 [pid 11474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11479] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 11474] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11479] <... openat resumed>) = 3 [pid 11474] <... futex resumed>) = 0 [pid 11479] chdir("./file0" [pid 11474] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11479] <... chdir resumed>) = 0 [pid 11479] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 11479] ioctl(4, LOOP_CLR_FD) = 0 [pid 11479] close(4) = 0 [pid 11479] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11477] <... futex resumed>) = 0 [pid 11479] openat(AT_FDCWD, "cpuset.effective_mems", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 11477] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 11489 attached [pid 11479] <... openat resumed>) = 4 [pid 11477] <... futex resumed>) = 0 [pid 11489] set_robust_list(0x7fe45c3c99a0, 24 [pid 11479] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11477] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11490 attached [pid 11489] <... set_robust_list resumed>) = 0 [pid 11479] <... futex resumed>) = 0 [pid 11477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11489] rt_sigprocmask(SIG_SETMASK, [], [pid 11479] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11477] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11479] <... write resumed>) = 16 [pid 11477] <... futex resumed>) = 0 [pid 11489] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16 [pid 11479] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11477] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11489] <... write resumed>) = 16 [pid 11479] <... futex resumed>) = 0 [pid 11477] <... futex resumed>) = 0 [pid 11489] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11479] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 11489] <... futex resumed>) = 1 [pid 11477] <... mmap resumed>) = 0x7fe45c3a9000 [pid 11475] <... futex resumed>) = 0 [pid 11489] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11477] mprotect(0x7fe45c3aa000, 131072, PROT_READ|PROT_WRITE [pid 11475] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11477] <... mprotect resumed>) = 0 [pid 11476] <... futex resumed>) = 0 [pid 11475] <... futex resumed>) = 1 [pid 11477] rt_sigprocmask(SIG_BLOCK, ~[], [pid 11476] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11475] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11477] <... rt_sigprocmask resumed>[], 8) = 0 [pid 11476] <... mmap resumed>) = 0x20000000 [pid 11477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe45c3c9990, parent_tid=0x7fe45c3c9990, exit_signal=0, stack=0x7fe45c3a9000, stack_size=0x20240, tls=0x7fe45c3c96c0} [pid 11476] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 11475] <... futex resumed>) = 0 [pid 11477] <... clone3 resumed> => {parent_tid=[11491]}, 88) = 11491 [pid 11476] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11475] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11477] rt_sigprocmask(SIG_SETMASK, [], [pid 11476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11475] <... futex resumed>) = 0 [pid 11490] set_robust_list(0x7fe45c3c99a0, 24 [pid 11487] <... close resumed>) = 0 [pid 11477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 11475] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11477] futex(0x7fe45c4b66d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 11477] futex(0x7fe45c4b66dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 11491 attached [pid 11491] set_robust_list(0x7fe45c3c99a0, 24) = 0 [pid 11491] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 11491] write(4, "\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16) = 16 [pid 11491] futex(0x7fe45c4b66dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11477] <... futex resumed>) = 0 [pid 11477] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11479] <... futex resumed>) = 0 [pid 11477] <... futex resumed>) = 1 [pid 11479] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11477] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11479] <... mmap resumed>) = 0x20000000 [pid 11491] <... futex resumed>) = 1 [ 158.719908][ T333] R13: 0000000000000000 R14: 000000c410000000 R15: 0000000000000001 [ 158.730854][ T333] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 158.745183][ T333] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 158.752168][T11476] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [pid 11479] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 11491] futex(0x7fe45c4b66d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11479] <... futex resumed>) = 1 [pid 11477] <... futex resumed>) = 0 [pid 11479] futex(0x7fe45c4b66c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 11477] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11479] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 11477] <... futex resumed>) = 0 [pid 11490] <... set_robust_list resumed>) = 0 [pid 11487] mkdir("./file0", 0777 [pid 11477] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11474] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 11474] futex(0x7fe45c4b66c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 11478] <... futex resumed>) = 0 [pid 11474] <... futex resumed>) = 1 [pid 11478] mmap(0x20000000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED, 4, 0 [pid 11474] futex(0x7fe45c4b66cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 11478] <... mmap resumed>) = 0x20000000 [pid 11478] futex(0x7fe45c4b66cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 158.753926][ T333] CR2: 00007fe4540a8000 CR3: 000000011ea08000 CR4: 00000000003506b0 [ 158.780427][T11479] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 158.783772][ T333] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 158.800698][T11478] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor236: bg 0: block 234: padding at end of block bitmap is not set [ 158.806537][ T333] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 158.828203][ T333] Kernel panic - not syncing: Fatal exception [ 158.834263][ T333] Kernel Offset: disabled [ 158.838407][ T333] Rebooting in 86400 seconds..